Who Struck Step Finance? Treasury Breach Nets $27 Million

bitcoinistPublished on 2026-02-02Last updated on 2026-02-02

Abstract

Step Finance, a Solana analytics platform, suffered a major treasury breach on January 31, 2026, resulting in the loss of 261,854 SOL (worth approximately $27–30 million). The stolen funds were unstaked and moved off-platform, triggering an 80% crash in the platform’s governance token. Security teams and external firms are investigating the attack, which may have involved stolen private keys or a staking exploit. Step Finance has taken emergency measures to secure remaining funds, restricted treasury access, and is cooperating with authorities. The incident caused significant market panic, and recovery efforts are underway, though the full technical details remain unclear.

Step Finance, a well-known Solana analytics hub, said its treasury was hit in a major breach that emptied 261,854 SOL from wallets tied to the platform.

The loss forced a sharp market reaction, and users and investors watched prices tumble as the team moved quickly to contain the damage.

Based on reports, roughly 261,854 SOL were unstaked and shifted off the platform on January 31, 2026, an amount worth around $27 million to $30 million at the time.

Breach Hits Step Finance Treasury

Investigators were called in right away. According to the platform’s public posts, security specialists and outside firms are helping to trace the funds. Some transfers were obvious on public ledgers; they could be followed from the compromised wallets to a set of addresses that began converting SOL.

Questions remain about how access was gained. It is not yet clear whether private keys were taken, a staking routine was exploited, or an internal process failed. The exact technical route is still being pieced together.

Image: CMIT Solutions

On-Chain Clues And Market Fallout

Markets reacted violently. The platform’s governance token fell hard, with prices dropping by more than 80% in minutes as panic spread. Traders sold quickly. Price books thinned.

Based on reports from on-chain trackers, multiple large unstake transactions and swaps were executed in a short time window.

Some of the moved SOL was routed to exchanges, while other amounts were split across several wallets, a pattern observers often tie to attempts at cashing out without drawing attention.

Community Anxiety And Operational Response

Step Finance announced emergency steps to shield remaining funds. Access to certain treasury functions was restricted and multisig controls were reviewed.

Accounts under direct protocol control were frozen where possible. The company said it was cooperating with authorities and sharing findings with the wider Solana community.

At the same time, public-facing channels were used to give updates as they became available, though many technical details were deliberately withheld to avoid tipping off the attacker.

SOLUSD is now trading at $105. Chart: TradingView

Recovery Steps And Unknowns

A handful of security firms are conducting forensic work on the transactions. On-chain evidence will be crucial to any effort to recover assets.

Reports note that tracing is a step; recovering funds is another. Legal and regulatory routes may be explored if identifiable intermediaries or exchanges are used to move the stolen value.

Whether user funds outside the treasury were touched has been a key concern, and the company is said to be clarifying that matter.

Featured image from Unsplash, chart from TradingView

Related Questions

QWhat was the total amount of SOL stolen in the Step Finance treasury breach?

A261,854 SOL, worth approximately $27 million to $30 million at the time.

QHow did the market react to the news of the Step Finance breach?

AThe platform's governance token price dropped by more than 80% in minutes as panic spread, leading to rapid selling and thinning order books.

QWhat immediate steps did Step Finance take to contain the damage from the breach?

AThey restricted access to certain treasury functions, reviewed multisig controls, froze accounts under direct protocol control where possible, and cooperated with authorities and the Solana community.

QAccording to the article, what is one possible method the attacker might have used to gain access to the treasury?

APossible methods mentioned include stolen private keys, exploitation of a staking routine, or a failure in an internal process, though the exact technical route is still being investigated.

QWhat is the role of on-chain evidence in the aftermath of the attack?

AOn-chain evidence is crucial for forensic work to trace the stolen funds and is a necessary step for any potential effort to recover the assets, possibly through legal and regulatory routes involving intermediaries or exchanges.

Related Reads

Monero slips 12% in a day – Is $266 now in play for XMR?

Monero (XMR) declined by approximately 12% in 24 hours, breaking a key ascending support trendline that previously fueled its rally toward $800. The breakdown suggests a potential deeper correction toward $266, a 32% drop from recent levels. Broader market weakness and capital outflows, reflected in a low Money Flow Index, reinforced bearish momentum. However, XMR traded near the lower Bollinger Band, a historically reactive zone that could prompt a short-term rebound toward $519 or higher. Despite the sell-off, derivatives data showed a decline in Open Interest largely due to voluntary position closures rather than liquidations, indicating panic selling may be easing and a temporary bottom could be near.

ambcrypto56m ago

Monero slips 12% in a day – Is $266 now in play for XMR?

ambcrypto56m ago

Crypto ETFs Continue to Decline with Major New Outflows

Crypto ETFs, particularly U.S. spot bitcoin ETFs, are experiencing significant and sustained outflows, with a notable peak of approximately $818 million in net withdrawals on January 29th. This trend reflects a broader tactical pullback by investors amid renewed market volatility and a shift towards risk reduction, coinciding with turbulence in other risk-sensitive assets. While ETFs remain a crucial gateway for institutional crypto access due to their convenience and compliance benefits, their flows have become procyclical—amplifying bullish trends and exacerbating downturns. Meanwhile, the memecoin sector continues to develop actively, with new projects like MAXI Doge emerging. In January, U.S. spot bitcoin ETFs saw an estimated $1.6 billion in net outflows, indicating a more defensive start to the year than anticipated.

bitcoinist1h ago

Crypto ETFs Continue to Decline with Major New Outflows

bitcoinist1h ago

Polygon burn accelerates, but POL price remains range-bound

Polygon's token burn accelerated sharply in January, with 25.7 million POL (0.24% of total supply) removed from circulation, driven by increased on-chain activity. Despite this, POL’s price remains range-bound between $0.11–$0.113, up 9–10% on the day but still showing weak technical structure. The burn mechanism, tied to network usage, is gradually reducing supply but remains too small relative to daily trading volume to significantly impact price in the short term. While the deflationary trend strengthens long-term supply dynamics, POL’s price continues to be influenced by broader market sentiment.

ambcrypto1h ago

Polygon burn accelerates, but POL price remains range-bound

ambcrypto1h ago

Shadow of the Past: How Newly Leaked Epstein Emails Are Rocking the Bitcoin vs. Ripple Rivalry

Newly leaked emails connecting Jeffrey Epstein to early crypto academia and MIT Media Lab, a key Bitcoin development funder, have intensified the rivalry between Bitcoin and Ripple ($XRP). The debate has shifted from technical arguments to reputational risk, creating a compliance concern for institutional investors. As legacy assets face scrutiny, capital is moving toward new infrastructure like Bitcoin Hyper ($HYPER), which offers a compliance-ready Layer 2 solution built with the Solana Virtual Machine (SVM) on Bitcoin. It promises sub-second finality, minimal fees, and regulatory alignment. The project has raised over $31.1M in its presale, with significant whale activity, signaling a market shift toward protocols free from historical baggage.

bitcoinist2h ago

Shadow of the Past: How Newly Leaked Epstein Emails Are Rocking the Bitcoin vs. Ripple Rivalry

bitcoinist2h ago

BTC Market Pulse: Week 6

Bitcoin has declined to $74K, failing to hold previous support levels, with the RSI indicating deeply oversold conditions. Spot and derivatives markets show sustained selling pressure, weak demand, and defensive positioning, with ETF outflows continuing and leverage reducing. On-chain metrics reflect subdued activity, low capital inflows, and deteriorating profitability. Overall, the market is in a risk-off regime, with near-term stability dependent on exhaustion of sell pressure and renewed demand around the $74K level.

insights.glassnode2h ago

BTC Market Pulse: Week 6

insights.glassnode2h ago

Trading

Spot
Futures

Hot Articles

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of SOL (SOL) are presented below.

活动图片

Top Questions

Hot Categoriesright-arrow

Hot Tagsright-arrow