{"id":889468,"date":"2026-02-01T23:11:38","date_gmt":"2026-02-02T05:11:38","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2026\/02\/01\/30m-stolen-as-step-finance-treasury-wallets-compromised\/"},"modified":"2026-02-01T23:11:38","modified_gmt":"2026-02-02T05:11:38","slug":"30m-stolen-as-step-finance-treasury-wallets-compromised","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2026\/02\/01\/30m-stolen-as-step-finance-treasury-wallets-compromised\/","title":{"rendered":"$30M Stolen as Step Finance Treasury Wallets Compromised"},"content":{"rendered":"
\n

\n $30M Stolen as Step Finance Treasury Wallets Compromised <\/h2>\n
\n
\n

\n <\/p>\n

Crypto Journalist<\/p>\n

\n

Anas Hassan<\/p>\n

\n
\n

\n <\/p>\n

\n
\n

Crypto Journalist<\/p>\n

Anas Hassan<\/span>\"Verified\"<\/span>\n <\/p>\n<\/p><\/div>\n

\n

Part of the Team Since<\/p>\n

Jun 2025<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

\n

About Author<\/p>\n

Anas is a crypto native journalist and SEO writer with over five years of writing experience covering blockchain, crypto, DeFi, and emerging tech.<\/p>\n<\/p><\/div>\n<\/div><\/div>\n<\/p><\/div>\n

\n

Last updated:\u00a0<\/p>\n

\"$30M<\/p>\n

Step Finance, a major Solana DeFi platform, confirmed<\/a> multiple treasury and fee wallets were compromised by a sophisticated attacker during Asian Pacific trading hours, resulting in the theft of approximately 261,854 SOL<\/strong><\/a> tokens worth roughly $30 million.<\/p>\n

The breach sent shockwaves through the Solana ecosystem as blockchain security firm CertiK flagged that the stolen SOL \u201chas been withdrawn after stake authorization had been transferred<\/em>\u201d to an unknown wallet address.<\/p>\n

The incident triggered immediate market panic, with the platform\u2019s native STEP token plummeting over 90% within 24 hours.<\/p>\n

\"Step
Source: CoinGecko<\/figcaption><\/figure>\n

While the team insists user funds remained unaffected, questions swirl over whether the breach represents a genuine security failure or a disguised exit scam, particularly given that the attacker appeared to have direct wallet access rather than exploiting smart contract vulnerabilities.<\/p>\n

\n
\n
\n
\n

Earlier today several of our treasury wallets were compromised by a sophisticated actor during APAC hours. This was an attack facilitated through a well known attack vector. <\/p>\n

Immediate remediation steps have been taken, and we are working closely with top security professionals.\u2026<\/p>\n<\/div>\n

\u2014 Step\u2600\ufe0f (@StepFinance_) January 31, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

Emergency Response and Damage Control<\/strong><\/h2>\n

Step Finance disclosed the security breach through a series of urgent social media posts, stating \u201cseveral of our treasury and fee wallets were compromised by a sophisticated actor<\/em>\u201d and confirming the attack leveraged \u201ca well known attack vector.<\/em>\u201c<\/p>\n

The platform immediately activated emergency protocols and reached out to cybersecurity firms for assistance.<\/p>\n

Solana media firm Solana Floor reported<\/a> that on-chain data showed the stolen 261,854 SOL was \u201cunstaked and moved during the incident<\/em>,\u201d suggesting the attacker had obtained authorization to control staking operations.<\/p>\n

The team emphasized it had \u201cnotified the relevant authorities<\/em>\u201d and implemented immediate remediation steps while working with top security professionals around the clock.<\/p>\n

<\/figure>\n

Ripple Effects Across Linked Protocols<\/strong><\/h2>\n

The breach extended beyond Step Finance\u2019s own operations, impacting connected platforms including Remora Markets.<\/p>\n

The protocol disclosed that as \u201cmajority LP, Step Finance experienced a hack of treasury wallets earlier today<\/em>\u201d with some affected assets including Remora rStocks.<\/p>\n

Remora assured<\/a> users that despite the incident, \u201cRemora assets remain held 1:1 in our brokerage account<\/em>\u201d while constructing a process for handling redemptions.<\/p>\n

The market\u2019s swift verdict on Step Finance came through brutal price action, with the STEP token losing most of its value as traders fled amid uncertainty about the platform\u2019s future viability and the legitimacy of the breach.<\/p>\n

\n
\n
\n
\n

Remora Markets majority LP, Step Finance experienced a hack of treasury wallets earlier today. Some of the assets involved in the incident are Remora rStocks. <\/p>\n

An investigation is currently underway. Remora assets remain held 1:1 in our brokerage account. A process for handling\u2026<\/p>\n<\/div>\n

\u2014 Remora Markets (@RemoraMarkets) January 31, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

January\u2019s Relentless Wave of DeFi Exploits<\/strong><\/h2>\n

The Step Finance hack marks the latest in what security firms describe as a devastating month for cryptocurrency security.<\/p>\n

According to CertiK\u2019s comprehensive January 2026 security report<\/a>, \u201ccombining all the incidents in January, we\u2019ve confirmed ~$370.3M lost to exploits<\/em>\u201d across multiple attack vectors.<\/p>\n

Major January incidents included Truebit\u2019s $26.6 million smart contract exploit<\/a>, SwapNet\u2019s $13.3 million breach<\/a> affecting Matcha Meta users, Saga\u2019s $6.2 million exploit<\/a> that forced the Layer-1 protocol to pause its SagaEVM chain, and Makina Finance\u2019s $4.2 million loss<\/a> through flash loan manipulation. <\/p>\n

CertiK\u2019s analysis revealed that phishing incidents accounted for $311.3 million of January\u2019s losses, while code vulnerability attacks totaled $51.5 million.<\/p>\n

\n
\n
\n
\n

#CertiKStatsAlert<\/a> \ud83d\udea8<\/p>\n

Combining all the incidents in January we\u2019ve confirmed ~$370.3M lost to exploits.<\/p>\n

~$311.3M of the total is attributed to phishing with one victim losing ~$284M due to a social engineering scam.<\/p>\n

More details below \ud83d\udc47 pic.twitter.com\/uXhi0P6dl5<\/a><\/p>\n<\/div>\n

\u2014 CertiK Alert (@CertiKAlert) January 31, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

Notably, the Step Finance breach continues a troubling pattern affecting Solana-based protocols.<\/p>\n

Swiss crypto platform SwissBorg lost $41.5 million worth of SOL tokens<\/a> in September 2025 after hackers compromised partner API provider Kiln, while South Korea\u2019s Upbit exchange suffered a $36 million Solana exploit<\/a> in November 2025, exactly six years after its 2019 hack attributed to North Korean actors.<\/p>\n

Beyond individual protocol failures, January also witnessed the largest single crypto theft of 2026, when a victim lost over $282 million in Bitcoin and Litecoin<\/a> through a hardware wallet social engineering scam, as blockchain investigator ZachXBT described it, surpassing the previous record of $243 million set in August 2024.<\/p>\n

The attacker \u201cimmediately began converting the stolen assets into Monero through multiple instant exchanges,<\/em>\u201d obscuring the trail across multiple blockchain networks.<\/p>\n

CertiK\u2019s data shows that despite these massive losses, less than 2-5% has been recovered so far<\/em><\/strong>,<\/em> as investigations into many cases have only recently begun.<\/p>\n

Even government-held crypto assets came under scrutiny, as the US Marshals Service confirmed<\/a> it is investigating a possible hack of federal digital-asset accounts.<\/p>\n

Patrick Witt, executive director of the President\u2019s Council of Advisors for Digital Assets, acknowledged that the government seizure addresses were among the wallets from which hackers stole more than $60 million in late 2025.<\/p>\n

\n <\/p>\n

\n \n \n \n \n <\/svg>
\n Follow us on Google News <\/a>\n <\/p>\n<\/p><\/div>\n

Read More<\/a>
\n Margarett Pekar<\/p>\n","protected":false},"excerpt":{"rendered":"

$30M Stolen as Step Finance Treasury Wallets Compromised Crypto Journalist Anas Hassan Crypto Journalist Anas Hassan Part of the Team Since Jun 2025 About Author Anas is a crypto native journalist and SEO writer with over five years of writing experience covering blockchain, crypto, DeFi, and emerging tech. Last updated:\u00a0 February 1, 2026 Step Finance<\/p>\n","protected":false},"author":1,"featured_media":889469,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26943,23760],"tags":[],"class_list":{"0":"post-889468","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-finance","8":"category-stolen"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/889468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=889468"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/889468\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/889469"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=889468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=889468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=889468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}