{"id":1123,"date":"2026-03-01T20:24:42","date_gmt":"2026-03-01T20:24:42","guid":{"rendered":"https:\/\/blog.coinsignals.net\/?p=1123"},"modified":"2026-03-01T20:24:42","modified_gmt":"2026-03-01T20:24:42","slug":"the-collapse-of-step-finance-a-wallet-breach-that-ended-a-solana-defi-platform","status":"publish","type":"post","link":"https:\/\/blog.coinsignals.net\/index.php\/2026\/03\/01\/the-collapse-of-step-finance-a-wallet-breach-that-ended-a-solana-defi-platform\/","title":{"rendered":"The Collapse of Step Finance: A Wallet Breach That Ended a Solana DeFi Platform"},"content":{"rendered":"\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"576\" height=\"300\" data-id=\"1124\" src=\"https:\/\/blog.coinsignals.net\/wp-content\/uploads\/2026\/03\/IMG_1672.jpeg\" alt=\"\" class=\"wp-image-1124\" srcset=\"https:\/\/blog.coinsignals.net\/wp-content\/uploads\/2026\/03\/IMG_1672.jpeg 576w, https:\/\/blog.coinsignals.net\/wp-content\/uploads\/2026\/03\/IMG_1672-300x156.jpeg 300w\" sizes=\"auto, (max-width: 576px) 100vw, 576px\" \/><\/figure>\n<\/figure>\n\n\n\n<p>After reviewing options such as fundraising and potential acquisitions, the teams determined that there was no realistic path to recovery after the security breach.<\/p>\n\n\n\n<p>Solana based DeFi aggregator Step Finance, together with affiliated projects SolanaFloor and Remora Markets, has announced the immediate shutdown of all operations. The decision comes in the wake of a major security incident earlier this year.<\/p>\n\n\n\n<p><strong>From Hack to Closure<\/strong><\/p>\n\n\n\n<p>In a statement posted on X, the teams explained that they had examined several possible paths forward, including raising new capital and engaging in acquisition talks. Ultimately, none of these efforts produced a sustainable solution following the hack in late January.<\/p>\n\n\n\n<p>Roughly 30 million dollars in assets were drained from Step Finance wallets on the Solana network. Later disclosures revealed that the breach was linked to compromised devices belonging to members of the executive team.<\/p>\n\n\n\n<p>Unauthorized access to those devices likely exposed private keys or enabled malware that disrupted internal transaction approval procedures. This allowed attackers to create and authorize fraudulent on chain transactions. After gaining control, they unstaked about 261,854 SOL and moved the funds out of wallets controlled by the project. The market reacted swiftly, with the STEP token losing more than 80 percent of its value.<\/p>\n\n\n\n<p>Once the exploit was detected, the team suspended certain platform functions to prevent additional losses. They later confirmed that around 4.7 million dollars in Remora related assets and other holdings had been recovered. As part of the wind down process, Step Finance is developing a buyback plan for STEP token holders based on a snapshot taken before the incident. Meanwhile, Remora Markets is preparing a redemption process for rToken holders.<\/p>\n\n\n\n<p><strong>A Surge in Crypto Hacks<\/strong><\/p>\n\n\n\n<p>The Step Finance breach ranks among the most costly DeFi incidents of January 2026, reflecting a broader increase in crypto related losses over the past year. Data from blockchain security firm PeckShield shows that scams and hacks accounted for more than 4.04 billion dollars in losses during 2025, marking an increase of nearly 34 percent compared with 2024.<\/p>\n\n\n\n<p>Of that amount, 2.67 billion dollars resulted from hacks, while 1.37 billion dollars stemmed from scams. Scam related losses alone climbed roughly 64 percent year over year.<\/p>\n\n\n\n<p>PeckShield also observed a shift away from purely technical exploits toward more targeted social engineering attacks, frequently aimed at centralized organizations and high value individuals. This trend contributed to larger losses per incident. More than 200 hacking cases were recorded throughout the year, not including scams.<\/p>\n\n\n\n<p>February proved to be the most expensive month, largely due to a 1.51 billion dollar breach at Bybit.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After reviewing options such as fundraising and potential acquisitions, the teams determined that there was no realistic path to recovery after the security breach. Solana based&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1123","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts\/1123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/comments?post=1123"}],"version-history":[{"count":1,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts\/1123\/revisions"}],"predecessor-version":[{"id":1125,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/posts\/1123\/revisions\/1125"}],"wp:attachment":[{"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/media?parent=1123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/categories?post=1123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.coinsignals.net\/index.php\/wp-json\/wp\/v2\/tags?post=1123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}