Step Finance has disclosed that several treasury and fee wallets were targeted by a highly sophisticated cyber-attack, leading to the theft of funds equivalent to approximately USD 30 million.

The incident sent ripples through the Solana ecosystem as blockchain security experts like CertiK pointed out that after stake authorisation was transferred to an unknown wallet, some stolen SOL were withdrawn.

Following the disclosure of the breach, the platform experienced significant market turmoil, with its native STEP token experiencing a decline of more than 90% within a day.

Emergency Measures and Response

In response to the security incident, Step Finance publicly acknowledged that user funds were not compromised. However, doubts lingered regarding whether the breach was an actual security failure or a strategic exit strategy.

Step Finance informed users through urgent social media posts about the compromise of multiple treasury and fee wallets by a skilled attacker who used a well-known attack method. The platform swiftly activated its emergency response plan, sought assistance from cybersecurity firms, and notified law enforcement authorities.

On-chain data indicated that 261,854 SOL was moved during the incident when it was not staked, hinting that the attacker had unauthorized control over staking operations. The platform stated its commitment to addressing the situation by implementing necessary remedial actions.

The security breach also affected related services such as Remora Markets, which assured users that assets were securely held and established a procedure for handling redemptions.

The market reaction to Step Finance was swift and severe, with the STEP token suffering significant losses due to traders’ concerns over the platform’s stability and the authenticity of the breach.