• Home
  • cyber
  • Step Finance: Step Finance loses $40 million in executive device hack
cyber Breach

Step Finance: Step Finance loses $40 million in executive device hack

Feb 4, 2026 2 min read
Step Finance: Step Finance loses $40 million in executive device hack

Step Finance Suffers $40 Million DeFi Breach on Solana Blockchain

Step Finance, a decentralized finance (DeFi) platform operating on the Solana blockchain, disclosed a major security breach on January 31, resulting in the theft of approximately $40 million in digital assets. The attack stemmed from the compromise of devices belonging to the company’s executive team, granting unauthorized access to multiple treasury wallets.

The exploit leveraged a "well-known attack vector," though Step Finance has not released specific details about the method or the perpetrators. Initial estimates from blockchain analytics firm CertiK suggested losses of $28.9 million (261,854 SOL), but the company’s internal investigation later confirmed the total at around $40 million. Through coordination with partners and Token22 protections, Step Finance recovered roughly $3.7 million in Remora assets and $1 million in other positions. Some platform operations were temporarily suspended to bolster security.

The incident underscores ongoing security vulnerabilities in the DeFi sector, where high-value breaches remain frequent. In January alone, crypto-theft attacks accounted for over $398 million in losses industry-wide.

Source: https://www.scworld.com/brief/step-finance-loses-40-million-in-executive-device-hack

Step Finance cybersecurity rating report: https://www.rankiteo.com/company/step-finance

"id": "STE1770252177",
"linkid": "step-finance",
"type": "Breach",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Cryptocurrency/Blockchain',
                        'name': 'Step Finance',
                        'type': 'DeFi Platform'}],
 'attack_vector': 'Compromised executive devices',
 'data_breach': {'data_exfiltration': 'Yes (theft of $40 million)',
                 'sensitivity_of_data': 'High (financial assets)',
                 'type_of_data_compromised': 'Digital assets (cryptocurrency)'},
 'date_detected': '2024-01-31',
 'date_publicly_disclosed': '2024-01-31',
 'description': 'Step Finance, a decentralized finance (DeFi) platform '
                'operating on the Solana blockchain, disclosed a major '
                'security breach on January 31, resulting in the theft of '
                'approximately $40 million in digital assets. The attack '
                'stemmed from the compromise of devices belonging to the '
                'company’s executive team, granting unauthorized access to '
                'multiple treasury wallets. The exploit leveraged a '
                "'well-known attack vector,' though specific details about the "
                'method or the perpetrators were not released. Initial '
                'estimates suggested losses of $28.9 million, but the '
                'company’s internal investigation later confirmed the total at '
                'around $40 million. Some platform operations were temporarily '
                'suspended to bolster security.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'Digital assets',
            'downtime': 'Temporary suspension of some operations',
            'financial_loss': '$40 million',
            'operational_impact': 'Partial platform suspension',
            'systems_affected': 'Treasury wallets, platform operations'},
 'initial_access_broker': {'entry_point': 'Compromised executive devices',
                           'high_value_targets': 'Treasury wallets'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Ongoing security vulnerabilities in the DeFi sector, need '
                    'for enhanced executive device security and treasury '
                    'wallet protections.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': 'Recovery of assets, '
                                                  'temporary platform '
                                                  'suspension, coordination '
                                                  'with partners',
                            'root_causes': 'Compromised executive devices, '
                                           'exploitation of a well-known '
                                           'attack vector'},
 'references': [{'source': 'CertiK'}],
 'response': {'containment_measures': 'Temporary suspension of some '
                                      'operations, coordination with partners',
              'remediation_measures': 'Recovery of $3.7 million in Remora '
                                      'assets and $1 million in other '
                                      'positions, Token22 protections',
              'third_party_assistance': 'CertiK (blockchain analytics)'},
 'title': 'Step Finance Suffers $40 Million DeFi Breach on Solana Blockchain',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Well-known attack vector (unspecified)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.