Step Finance recently confirmed that an attacker compromised its treasury and fee wallets during Asian Pacific trading hours, resulting in the theft of approximately 261,854 SOL valued at roughly $30 million. Although the team maintains that user funds were not directly impacted, the native STEP token lost over 90% of its value as the community questioned whether the incident was a security failure or a potential exit scam.

Step Finance disclosed the security breach through a series of urgent social media updates, explaining that a sophisticated actor managed to compromise several of its treasury and fee wallets. The platform noted that the perpetrator utilized a well-known attack vector to gain access. In response, the team activated emergency protocols and began collaborating with cybersecurity firms to manage the fallout. Despite these efforts, the market responded with immediate panic as investors processed the scale of the loss.

On-chain data provided by security firms indicated that the stolen SOL was unstaked and moved after authorization had been transferred to an unknown wallet. This specific method of withdrawal suggests that the attacker had direct control over staking operations rather than simply exploiting a bug in the smart contract code. This revelation fueled intense speculation regarding how such high-level access was obtained. The team has since notified the relevant authorities and claims to be working around the clock with security professionals to remediate the situation.

The impact of the breach extended to connected protocols, specifically affecting Remora Markets where Step Finance acted as a majority liquidity provider. Remora reported that the hack impacted certain assets, including rStocks, but assured its users that the underlying assets remained held at a one-to-one ratio in their brokerage accounts. They are currently working on a formal process to handle user redemptions while the ecosystem stabilizes.

Market reaction was swift and devastating for Step Finance’s native token, which saw its price collapse within 24 hours of the news. Traders and liquidity providers fled the platform as uncertainty grew regarding the project’s long-term viability and the circumstances surrounding the wallet compromises. The sharp decline reflected a broader loss of confidence in the protocol’s ability to secure its own internal treasury.

While the investigation continues, the incident serves as a stark reminder of the vulnerabilities inherent in centralized treasury management within the decentralized finance space. The Step Finance team continues to insist that only internal wallets were hit, but the loss of $30 million in assets has left the project in a precarious position. The community remains watchful as the team attempts to provide more clarity on the breach and the steps being taken to recover the lost funds.

Source: Cl0p Cyber Extortion Group Targets Australian IT Providers And Their Clients