Solana-based dashboard confirms ‘security breach’ after 261,000 SOL vanish from treasury wallets.
Step Finance, a portfolio visualization platform on Solana, confirmed a significant security breach early Saturday after on-chain sleuths detected the unauthorized removal of approximately 261,854 SOL ($30 million) from its treasury. The protocol’s native token, STEP, collapsed over 70% immediately following the disclosure.
The breach appears to target the project’s treasury and fee accrual wallets rather than the broader protocol smart contracts. In a statement on X, the team acknowledged the compromise:
“There has been a breach of security for some of our treasury wallets hours ago and we are currently investigating. More information will be posted at a later stage.”
The On-Chain Receipt
Community alerts first surfaced on Reddit, where users tracked a massive unstaking event followed by a swift transfer of funds. The attacker systematically unstaked 261,854 SOL before sweeping the assets to an unknown wallet. At current market rates, the haul is valued at roughly $30 million.
Unlike a smart contract exploit, which typically involves manipulating protocol logic to drain user funds, this incident bears the hallmarks of a private key compromise or access control failure. The specific vector remains under investigation, with Step Finance noting they have engaged third-party cybersecurity firms to conduct forensic analysis.
Market Reaction
Liquidity for the native token evaporated as news of the treasury drain spread. STEP plummeted from its pre-news trading range, losing nearly 74% of its value to trade around $0.006. The sudden sell-off reflects acute uncertainty regarding the project’s runway and the potential liquidation of the stolen assets.
Step Finance has not yet released a recovery plan or confirmed if user funds outside the treasury are at risk, though the team stated the investigation is “active and ongoing.”
