After exploring fundraising and acquisition options, the teams concluded that there was no sustainable recovery path following the breach.
Solana-based DeFi aggregator Step Finance, along with two other affiliated projects, SolanaFloor and Remora Markets, have announced plans to cease all operations with immediate effect.
The decision follows the aftermath of a major security incident earlier this year.
Hack, stop, shut down
In a statement shared on X, the teams said the decision came after exploring multiple paths forward, including fundraising and acquisition discussions. However, none of these solutions led to a viable solution after the hack that occurred in late January.
The incident involved the withdrawal of an estimated $30 million in assets from Step Finance’s portfolios on the Solana network. Later revelations revealed that the breach stemmed from compromised devices belonging to members of the project’s executive team.
Accessing these devices likely exposed private keys or enabled malware that disrupted internal transaction approval processes, allowing attackers to initiate and approve malicious on-chain transactions. Once access was gained, the attackers released approximately 261,854 SOL and transferred the funds from project-controlled wallets. This activated an immediate market reaction that saw the STEP token drop by over 80%.
After detecting the exploit, the team shut down certain components of the platform to limit further damage and later reported that approximately $4.7 million in Remora-related assets and other holdings had been recovered. As part of the shutdown process, Step Finance said it is working on a buyback program for STEP token holders based on a snapshot taken before the incident, while Remora Markets is preparing a redemption process for rToken holders.
More than 200 hacking incidents in 2025
The hack involving Step Finance was among the costliest DeFi incidents in January 2026, amid a broader rise in crypto-related losses over the past year. According to data from blockchain security firm PeckShield, scams and hacks took more than $4.04 billion from users and platforms in 2025, an increase of almost 34% compared to 2024.
You might also like:
Of that total, $2.67 billion was attributed to hacks, while $1.37 billion came from scams, as losses associated with scams rose approximately 64% year-over-year.
PeckShield found a shift from purely technical exploits to targeted social engineering, often targeting centralized entities and high-value individuals, resulting in higher losses per incident. More than 200 hacking cases were recorded during the year, not including scams.
February stood out as the most expensive month, driven by a $1.51 billion breach at Bybit.
Binance Free $600 (excluding CryptoPotato): Use this link to register a new account and get an exclusive $600 welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a FREE $500 position on any coin!
#Step #Finance #Wallet #Compromise #Killed #Solana #DeFi #Aggregator