Step Finance Blames Hacked Execs for $40M Crypto Theft
▼ Summary
– Step Finance, a DeFi platform on Solana, lost approximately $40 million in digital assets after hackers compromised its executives’ devices on January 31.
– The platform engaged cybersecurity professionals and recovered about $4.7 million of the stolen assets, while halting some operations to reinforce security.
– Despite the breach, the platform’s Remora Markets subsidiary is isolated, and all its rTokens remain fully backed.
– Users are advised to avoid the STEP token until the investigation concludes, with a solution for holders being processed based on a pre-exploit snapshot.
– This incident is part of a larger trend, as crypto-theft attacks resulted in $398 million in losses in January 2025 alone.
A significant security breach at a leading Solana-based analytics platform has resulted in the loss of millions in digital assets, highlighting persistent vulnerabilities in the decentralized finance space. The incident, which the company attributes to compromised executive devices, underscores the critical need for robust personal and corporate security protocols beyond smart contract audits.
The platform, which serves as a major dashboard for tracking and managing crypto assets on the Solana network, detected unauthorized access to several treasury wallets. The breach occurred during Asia-Pacific business hours, with the attacker exploiting what the team described as a well-known attack vector. Immediate action was taken, involving cybersecurity experts and law enforcement to initiate recovery and remediation efforts.
Initial estimates from external blockchain analysts placed the theft at roughly 261,854 SOL, valued at approximately $28.9 million at the time. However, the internal investigation later revealed the total loss was closer to $40 million. This discrepancy highlights the challenges in quickly assessing the full scope of such incidents in a volatile market.
Through coordinated efforts with partners and by leveraging specific token protections, the team has managed to recover a portion of the stolen funds. About $3.7 million in assets from one protocol and an additional $1 million from other positions have been secured. The company confirmed that one of its owned services remains operationally isolated from the breach, with all associated tokens fully backed.
In response to the hack, the platform has temporarily suspended certain operations to implement strengthened security measures. Users have been advised to avoid interacting with the platform’s native token until the investigation is fully complete. The team has committed to taking a snapshot of the network state prior to the exploit as it works on a solution for token holders.
The lack of detailed public information regarding the attack method or the perpetrators has fueled community speculation. Some observers have raised questions about the possibility of an inside job or a fraudulent scheme, concerns the company has not yet directly addressed in its communications.
While a $40 million loss is substantial, it represents only a fraction of the total value stolen from crypto projects in January alone. Recent industry reports indicate that nearly $400 million was lost to hacks and exploits in the first month of the year, with only a small percentage recovered. This event adds to a troubling multi-year trend, following a year with confirmed losses approaching $2.87 billion across numerous incidents. The record for annual crypto thefts remains 2022, with losses surpassing $3.7 billion.
(Source: Bleeping Computer)