Step Finance lose $30 million in SOL to hackers - Coinfea

Coinfea · 2026-02-01T14:33:25+00:00

Step Finance, a Solana-based DeFi platform, was hacked, resulting in the loss of approximately $30 million in SOL from its treasury wallets. The breach sparked concerns about security practices in the DeFi sector, leading to a significant drop in the platform's token value. The ongoing investigation aims to hold the attackers accountable and mitigate future risks.

Coinfea

2026-02-01 14:33:25

Abstract generation in progress

Solana-based DeFi platform Step Finance has suffered a massive hack. According to reports, the platform, which handles portfolio management, analytics, and dashboards for the ecosystem, suffered a breach where the attackers got away with millions in SOL.

It is not uncommon for treasuries in the DeFi sector to get attacked on Solana or other chains; however, the scale on which this one happened has once again reignited debates about security practices for project-held funds. According to the Step Finance team on X, several of its treasury and fee wallets were compromised in the attack, which saw the attackers unstake and transfer about 261,854 SOL to unknown addresses.

Step Finance suffers a heavy loss

At the time of the incident, the price of all that Solana amounted to roughly $30 million in value. The team claimed in their X post that an investigation is underway, and some hours later, they reached out to cybersecurity firms for assistance, encouraging affected users or anyone with means to help to contact them. The phrasing from the post makes it seem the incident was a targeted compromise of the protocol’s treasury wallets rather than a smart contract exploit that affected user funds directly.

Since the attack, Defillama shows Step Finance’s TVL at zero. While the situation is still developing, the market has already reacted to the news. According to data from Coingecko, the native $STEP token has dropped by about 84% at the time of this writing, with prices hovering around $0.4241. Attacks on DeFi protocols on Solana are nothing new, but the recent attacks all seem to have common vectors like treasury wallet compromise, private key leaks, access control flaws, and smart contract exploits.

The Step Finance exploit follows the pattern of operational compromise as its treasury was the target rather than user funds. Some other notable and recent DeFi-related hacks with similar vectors include the CrediX protocol exploit, the Loopscale exploit, and the Upbit Solana-related hack. The CrediX incident saw the protocol lose $4.5 million in a breach where attackers gained control of an administrator’s wallet.

The case mirrors Step Finance’s current predicament closely, as it also did not involve direct user funds. However, many hope things will end differently than they did with CrediX because it was a disaster. The team had promised refunds within a day or two of the exploit, claiming it had entered a parley with the hacker. However, rather than follow through on that, the team went off the grid, deleting their X and taking down the website, which triggered allegations of a rugpull.

IN9,87%

SOL-0,96%

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.