Step Finance Suffers $40 Million DeFi Breach After Executive Devices Compromised

A major Solana-based DeFi platform confirms a large treasury loss, reigniting concerns over executive-level cyber risk.

Step Finance confirmed that attackers stole $40 million in digital assets after compromising devices used by company executives. The platform detected the breach on January 31 and immediately launched an investigation.

Step Finance engaged cybersecurity researchers and notified authorities within hours. These actions helped recover a portion of the stolen funds. However, the incident still ranks among the largest DeFi breaches of the year.

Impact on the Platform

Step Finance operates one of the most active Solana-based DeFi dashboards. Users rely on it to track portfolios, analyze positions, execute swaps, and manage staking activities. The platform also supports treasury operations and issues its native $STEP token.

During the attack, threat actors breached several treasury wallets. The company stated that the attacker used a “well-known attack vector”, although it did not disclose technical specifics. The breach occurred during APAC hours.

Losses and Partial Recovery

Blockchain analytics firm CertiK initially estimated losses at 261,854 SOL, valued near $28.9 million at the time. Further investigation by Step Finance later confirmed the total loss reached approximately $40 million.

Recovery efforts delivered early results. Partners helped recover:

• $3.7 million in Remora-related assets
• $1 million in other exposed positions

Token22 protections played a key role in limiting further damage.

Operational Response and User Advisory

Step Finance temporarily halted parts of its operations to strengthen security controls. The company clarified that Remora Markets remains isolated from the incident. All rTokens remain fully backed on a 1:1 basis.

The platform advised users not to interact with the STEP token until the investigation concludes. Step Finance plans to take a snapshot of the pre-exploit state and is preparing a remediation approach for token holders.

Transparency Concerns and Industry Context

Step Finance has not shared details about the attacker or the exact exploit path. This silence has triggered speculation across the crypto community, including claims of insider involvement or a rug pull. So far, no evidence supports these allegations.

While severe, this breach represents only a fraction of January’s total crypto-theft losses. Industry data shows attackers stole $398 million in January, with minimal recovery. In 2025, confirmed hacks have already caused $2.87 billion in losses, reinforcing how frequently attackers target privileged access and weak endpoints.

The incident highlights a persistent reality for DeFi platforms: secure smart contracts alone cannot offset compromised executive devices.