Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the company’s team of executives.
The platform detected the breach on January 31 and engaged cybersecurity researchers who helped it recover some of the stolen assets.
Step Finance is a decentralized finance (DeFi) platform and analytics tool built on the Solana blockchain that allows users to visualize, track, analyze, and manage their crypto assets and positions.
The platform, considered one of the most active and widely used Solana dashboards, also supports executing transactions, swaps, staking, and other DeFi actions through its interface. It also has a native token, $STEP, with relatively modest trading volume.
On January 31, Step announced that several of its treasury wallets were breached and that the threat actor leveraged “a well-known attack vector.”
“Earlier today, several of our treasury wallets were compromised by a sophisticated actor during APAC hours,” Step said in its initial statement.
The platform also notified the authorities and worked closely with cybersecurity professionals to quickly establish remediation measures.
Blockchain analytics firm CertiK reported at the time that the stolen amount equated to 261,854 SOL, which was around $28.9 million, but Step Finance determined during the investigation that the losses were approximately $40 million.
About $3.7 million in Remora assets and $1 million in other positions have been recovered so far, thanks to Token22 protections and partner coordination.
As a result of the incident, some operations have been halted to allow security reinforcement. The platform noted that Remora Markets, which it owns, is isolated from the incident and that all rTokens remain fully backed 1:1.
Users are advised not to engage with the STEP token until the investigation concludes. A snapshot of the pre-exploit state will be taken, as a solution for STEP holders is currently being processed.
Step Finance did not share the details of the attack or the perpetrators, which generated suspicions of a potential “rug pull” or “insider job,” claims that have not been appropriately addressed yet.
The company’s $40 million loss is significant but represents only about a tenth of the funds lost to crypto-theft attacks in January. Statistics from CertiK earlier this week show losses of $398 million in the first month of the year, of which around $4.366 million were recovered.
In 2025, 147 confirmed hacks amounted to losses of nearly $2.87 billion, while the record year remains 2022, with $3.71 billion lost in 179 successful attacks.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.