Step Finance, a decentralized financial portfolio tracker on Solana, has disclosed a security breach that led to the compromise of several treasury wallets, leading to a sharp sell-off of its native token.
“Earlier today, several of our treasury portfolios were compromised by a sophisticated actor during APAC hours. This was an attack facilitated via a known attack vector,” the platform said. wrote in a post on X, adding that they have taken “remedial measures.”
Onchain data reviewed by blockchain security company CertiK shows that approximately 261,854 Solana (SOL) (worth approximately $27.2 million) were unstaked and transferred from wallets controlled by Step Finance.
Step Finance has not yet confirmed the total size of the losses. The team also did not disclose how the attacker gained access, nor whether the incident resulted from a smart contract error, compromised keys, or an internal access issue. It also remains unclear whether any user funds have been affected, aside from the assets owned by the protocol.
Related: The SwapNet exploit is costing Matcha Meta users up to $13.3 million
STEP token crashes over 90% after treasury breach
The market response was swift. The project’s governance token, STEP, has fallen by more than 90%, according to to data from CoinGecko. At the time of writing, the token is trading at $0.001578, down 93.3% in the past day.
Founded in 2021, Step Finance bills itself as a “front page of Solana,” offering users a unified dashboard to track yield farms, LP tokens, and DeFi holdings across most Solana-based protocols. In addition to its core product, the company operates SolanaFloor, a Solana-focused media outlet, and hosts the annual Solana Crossroads conference.
In late 2024, it acquired Moose Capital, now rebranded as Remora Markets, with plans to introduce tokenized stock trading on Solana. STEP plays a central role in the protocol’s governance and incentive structure.
Related: CertiK links $63 million in Tornado Cash deposits to a $282 million wallet compromise
Most crypto projects never recover after a major hack
Nearly 80% of crypto projects affected by a major hack do not fully recover, not because of the initial financial loss, but because of poor crisis response and a collapse in trust, according to Web3 security executives.
Immunefi CEO Mitchell Amador said most teams are unprepared for security incidents, leading to hesitation, slow decision-making and weak communication in the critical hours after a breach. This paralysis often causes losses to increase and user confidence to further erode.
Even if technical problems are resolved, reputational damage is often permanent. Kerberus CEO Alex Katz notes that major exploits typically lead to user abandonment, liquidity drain, and long-term loss of credibility.
Magazine: How crypto laws changed in 2025 – and how they will change in 2026
#Step #Finance #Treasury #Funding #Breach #Leads #Million #SOL #Loss #STEP #Plummets