Step Finance Hit by Unauthorized SOL Heist: $29M Vanished, Investors Panicked!

by

In the dim glow of the exchange’s ledger, a provincial tragedy unfolds: a $29M SOL treasury slipped away, leaving the STEP price to stumble like a tipsy czar in a narrow alley.

Step Finance, that bustling bureau where numbers march in neat files and keys jangle like keys to a haunted cabinet, has confirmed unauthorized SOL transfers following a security breach that crept into several internal wallets. The treasury, once a stern fortress, now resembles a pantry where a thief with a good excuse rummages for supper. Investigators are turning over every dusty account as if curating a family archive of misadventures. Market activity shows a torrent of SOL unstaked and moved in a breath, as if the coins themselves suddenly remembered they forgot their hats.

On-Chain Data Flags Major SOL Outflows From DeFi Treasury

On-chain records, as reported by CertiK, reveal that roughly 261,854 SOL were unstaked and whisked away during the incident. With SOL trading near $110 at the time, these transfers carried a value of about $29 million. Step Finance later acknowledged the breach in a post on X, confirming that multiple treasury wallets were accessed without authorization and remain under review.

🚨

We have seen a security breach of treasury wallets.

261,854 SOL (~$28.9M) has been withdrawn after stake authorization had been transferred to

Stay Vigilant!

– CertiK Alert (@CertiKAlert)

Thus far, the project has not pieced together how the wallets were compromised. The suspects range from leaked private keys to brittle permissions to some internal weakness with a taste for mischief. Step Finance has summoned cybersecurity firms to poke around the cupboards of their own institution.

On-chain data and public disclosures have also laid out a handful of facts, like a merchant counting coins in the wind:

  • About 261,854 SOL left treasury-linked wallets after being unstaked.
  • Transfers occurred within a short span, suggesting a coordinated waltz of access.
  • Step Finance brought in external security teams soon after detecting the issue.
  • User fund exposure and recovery status remain unsettled and as mysterious as a lost confession.

The Solana ecosystem has endured a string of calamities over the past year. In April, the lending protocol Loopscale lost $5.8 million to an audacious exploit. A few months later, decentralized CrediX suffered a $4.5 million breach after an attacker seized admin wallet control. That same year, the Solana network felt the sting of a $37 million hack on the South Korean exchange Upbit. Chainalysis later tallied more than $3.41 billion in crypto theft in 2025. While total value locked across DeFi rebounded somewhat, the losses from hacks remained stubbornly persistent, like a summer cicada that refuses to go to sleep.

STEP Slides Hard as Investors React to Treasury Wallet Compromise

STEP, the platform’s native token, tumbled in a dramatic swoop after the breach news spread. The asset sank more than 60%, settling near $0.023. Traders cited the twin anxieties of treasury losses and the specter of long‑term funding as the engines driving the sell-off.

Step Finance operates its validator and channels a portion of rewards to STEP buybacks, which are then shared with users staking xSTEP. If SOL remains missing from treasury wallets, those buybacks could be muted, casting a damp shadow over the token’s future as if a raincloud forgot to bring itself in from the sea.

Meanwhile, the wider crypto market endured heavy losses last month. CertiK reports about $370.3 million stolen during the period, with phishing schemes accounting for roughly $311.3 million and code flaws contributing another $51.5 million. Recovery efforts remain slow, with only a small fraction of funds returned to their rightful owners so far.

Read More

2026-02-01 17:32