Overview of the Incident
On January 31, Step Finance announced that hackers had breached several of its treasury wallets, resulting in the loss of approximately $40 million worth of digital assets.
How the Attack Occurred
The threat actor exploited a “well‑known attack vector” by compromising devices belonging to members of the company’s executive team. This allowed unauthorized access to the company’s treasury wallets on the Solana blockchain.
Impact on the Platform and $STEP Token
Step Finance is a widely used analytics and transaction platform on Solana, supporting swaps, staking, and other DeFi actions. The breach has led the team to advise users not to trade or interact with the native $STEP token until the investigation is complete and a snapshot of the pre‑exploit state is taken.
Response and Remediation Efforts
The company promptly notified law‑enforcement authorities and engaged cybersecurity professionals to contain the breach and develop remediation measures.
Recommendations for Users and Investors
- Avoid buying, selling, or staking $STEP until official guidance is released.
- Monitor official Step Finance communications for updates on the snapshot and potential token recovery.
- Ensure personal devices use up‑to‑date security software and avoid reusing passwords across services.
- Consider using hardware wallets for storing significant crypto holdings.
Broader Security Lessons for DeFi Projects
The incident underscores the importance of securing executive devices, implementing multi‑factor authentication, and regularly auditing smart contract and wallet permissions. Automated response tools, like those offered by Tines, can help reduce manual delays and improve incident response reliability.