GAS: 0.0976 Gwei
DeFi, Governance, Security by James Chatfield // Senior News Editor

Step Finance Treasury Drained of 261,854 SOL; STEP Craters 93%

Step Finance lost 261,854 SOL (~$27M) in a treasury key compromise, causing the STEP token to crash 93% as operational security failures plague Solana DeFi.

Treasury Wallets Compromised in $27M Breach

Step Finance, the dashboard often described as the “front page of Solana,” lost control of approximately 261,854 SOL ($27.2 million) late Saturday after attackers compromised its treasury and fee wallets. The protocol confirmed the breach in a statement, acknowledging the loss of protocol-owned funds while assuring users that personal portfolio assets remain unaffected.

The market reaction was immediate and violent. The platform’s native governance token, STEP, collapsed 93% from $0.024 to a low of $0.0015 as liquidity evaporated. Investors dumped holdings fearing the project’s long-term runway has been incinerated.

The Attack Vector: “Well-Known” Vulnerability

On-chain data reveals a methodical extraction rather than a complex smart contract exploit. The attacker unstaked the massive SOL stash before transferring it out, a process that implies possession of administrative keys rather than a code bug. Step Finance noted the simplicity of the breach:

“Earlier today several of our treasury wallets were compromised by a sophisticated actor… This was an attack facilitated through a well known attack vector.”

Security firm CertiK tracked the funds moving to unknown addresses during APAC trading hours. Unlike recent DeFi exploits involving flash loan manipulation or oracle failures, this incident points to a failure in operational security (OpSec), likely a compromised private key or a phishing attack targeting the team’s multi-signature signers.

Institutional Context: Treasury Management Risks

This breach mirrors the November 2025 Upbit hack, where hot wallet controls failed. For Solana’s DeFi sector, the Step Finance incident highlights a critical fragility: while smart contracts are increasingly battle-tested, the human element managing the treasuries remains a single point of failure. With the project’s entire revenue backlog effectively wiped out, the path to recovery depends entirely on whether the attacker negotiates a bounty, a scenario looking increasingly unlikely as the funds begin to wash through mixers.

> ABOUT_THE_AUTHOR _

James Chatfield

// Senior News Editor

I lead the editorial team covering digital assets and blockchain regulation at CryptoWatchDaily. After earning a Journalism degree from The University of Sheffield, I spent a decade reporting on traditional finance before shifting focus to crypto. I value accuracy and clarity over hype. When I’m not tracking market movements, I enjoy distance running and collecting vintage sci-fi novels.

VIEW_PROFILE >>

RELATED INTELLIGENCE

NY Prosecutors Blast GENIUS Act: “Legal Cover” for Stablecoin Fraud

Ancient Bitcoin Whale Moves $84M in 909 BTC Transfer After 13-Year Slumber

Brazil’s B3 Extends Crypto Futures Hours to Capture Institutional Flow