Security

Executive Devices Compromised in $40M Crypto Theft

Published

1 day ago

February 3, 2026

Security Breach Leads to $40 Million Crypto Theft at Step Finance

Step Finance, a decentralized finance (DeFi) platform built on the Solana blockchain, recently announced a significant loss of $40 million in digital assets. The breach occurred when hackers compromised devices belonging to the company’s executive team.

The breach was detected on January 31, prompting Step Finance to engage cybersecurity researchers to assist in recovering some of the stolen assets.

Step Finance offers users the ability to visualize, track, analyze, and manage their crypto assets and positions. The platform, known for being one of the most active Solana dashboards, also supports various DeFi actions such as transactions, swaps, and staking.

Following the breach, Step Finance reported that its treasury wallets were compromised, with the threat actor exploiting a well-known attack vector. The platform quickly notified authorities and collaborated with cybersecurity experts to implement remediation measures.

Blockchain analytics firm CertiK initially reported the stolen amount as 261,854 SOL, equivalent to around $28.9 million. However, Step Finance later determined that the actual losses amounted to approximately $40 million. To date, the platform has managed to recover about $3.7 million in Remora assets and $1 million in other positions through Token22 protections and partner coordination.

As a precautionary measure, certain operations have been temporarily halted to strengthen security. Step Finance assured users that Remora Markets, which it owns, remains unaffected by the breach, with all rTokens fully backed 1:1.

Users have been advised to refrain from engaging with the STEP token until the investigation is concluded. The platform is working on a solution for STEP holders, and a snapshot of the pre-exploit state will be taken as part of the process.

Step Finance has refrained from disclosing specific details about the attack or the perpetrators, leading to speculations of a potential “rug pull” or “insider job.” These claims have yet to be addressed adequately by the company.

Although the $40 million loss is substantial, it represents only a fraction of the total funds lost to crypto-theft attacks in January. CertiK’s statistics indicate losses of $398 million in the first month of 2026, with approximately $4.366 million recovered.

In 2025, there were 147 confirmed hacks resulting in losses of nearly $2.87 billion. However, the record year for crypto theft remains 2022, with $3.71 billion lost in 179 successful attacks.

tines

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.