Step Finance, a decentralized financial portfolio tracker on the Solana platform, revealed a security breach that compromised several treasury wallets, causing a acute sell-off of its native token.
“Earlier today during business hours in the APAC region, several of our treasury wallets were compromised by a sophisticated actor. This was an attack carried out using a well-known attack vector” – platform he wrote in a post on X, adding that they have taken “remedial” steps.
Onchain data verified by blockchain security company CertiK can be seen that approximately 261,854 Solana (SOL) (worth approximately $27.2 million) were unstakeable and transferred from wallets controlled by Step Finance.
Step Finance has not yet confirmed the total scale of losses. The team also did not reveal how the attacker gained access or whether the incident resulted from a astute contract flaw, captured keys, or an internal access issue. It is also unclear whether any user funds, beyond assets owned by the protocol, were affected.
Related: SwapNet exploit claims up to $13.3 million from Matcha Meta users
STEP token fails more than 90% after vault compromise
The market reaction was quick. The STEP project management token dropped by over 90%, According to to data from CoinGecko. At the time of writing, the token is trading at $0.001578, down 93.3% from the last day.
Founded in 2021, Step Finance bills itself as the “home of Solana,” offering users a unified dashboard to track yield farms, LP tokens, and DeFi positions across most Solana-based protocols. In addition to its core product, the company operates SolanaFloor, a media hub dedicated to Solana, and hosts the annual Solana Crossroads conference.
In slow 2024, it acquired Moose Capital, now renamed Remora Markets, with plans to introduce tokenized stock trading on the Solana platform. STEP plays a key role in protocol governance and incentive structure.
Related: CertiK combines $63 million in Tornado Cash deposits with a $282 million portfolio compromise
Most crypto projects never recover from a major hack
According to Web3’s chief security officers, nearly 80% of crypto projects that suffer a major breach fail to fully recover, not because of initial financial losses, but because of a impoverished response to the crisis and a breakdown in trust.
Immunefi CEO Mitchell Amador said most teams are unprepared for security incidents, leading to hesitation, leisurely decision-making and impoverished communication in the critical hours after a breach. This paralysis often results in worsening losses and further reduction in user confidence.
Even after technical issues are resolved, reputational damage is often constant. Kerberus CEO Alex Katz notes that major exploits typically result in user churn, a liquidity drain, and long-term loss of credibility.
Warehouse: How cryptocurrency regulations have changed in 2025 – and how they will change in 2026
