TLDR
- Step Finance will end all operations after a January breach drained $40M in assets.
-
The hack stemmed from compromised executive devices, not smart contracts.
-
STEP buybacks and Remora redemptions will use balances from a pre-hack snapshot.
-
STEP lost over 97% of its value after the breach, limiting recovery options.
Step Finance, a platform within the Solana ecosystem, has announced that it will end all operations. The decision follows a January 31 breach in which attackers gained access to treasury and fee wallets, resulting in losses estimated at up to $40 million. The company confirmed the shutdown through an official statement published on X.
The move also affects its related services, including SolanaFloor and Remora Markets. Step Finance said it explored several options, which included financing discussions and acquisition talks. However, these efforts did not produce a viable path forward.
“We explored every possible path forward,” the team said. It added that the current financial position made continued operation unlawful for the organization.
Details of the Breach and How Attackers Accessed Key Wallets
The incident did not involve a breach of Step Finance smart contracts. Investigators found that the attack targeted devices used by members of the executive team. Those compromised endpoints provided access to wallets holding platform funds. The attackers then moved assets through multiple transactions during the event.
The team noted that about 261,854 SOL was unstaked and transferred during the attack. The value of that amount ranged between $27 million and $30 million at the time. When other assets were included, total losses approached $40 million. The incident raised questions about operational security practices, including device management and private key storage.
Step Finance said that some assets were recovered. Using the Token22 framework on Solana, partners were able to help retrieve about $4.7 million. This helped reduce losses but did not restore the financial strength needed for long-term planning.
Buybacks and Redemption Processes for Users
As part of the closure process, Step Finance confirmed that it is preparing a buyback for STEP holders. This will use a snapshot taken before the breach. The company has not yet released specific details on timing or eligibility.
The team said the snapshot method ensures that users affected by the downturn will receive a structured return.
Remora Markets, a related platform acquired in 2024, issued a separate statement. It confirmed that all rTokens remain fully backed at a one-to-one ratio. A redemption process is being prepared to allow users to exchange rTokens for USDC. Remora said it was not directly touched by the security incident that affected Step Finance.
Market Response and Impact on the Solana Ecosystem
The breach and subsequent shutdown had an immediate effect on the STEP token. The asset fell sharply after the announcement and has dropped more than 97% since the January event. Liquidity also dried up, which made it difficult for the team to secure financing and reduced options for a full recovery.
Step Finance operated as a portfolio platform for Solana users. It aggregated yield positions, liquidity pool exposure, and holdings across a large share of the ecosystem. The company also offered a market data product and a tokenized equity service through Remora. The shutdown removes one of Solana’s older DeFi tools, which many users relied on for daily activity.
Leaders at Step Finance thanked users for their support. They said that ending operations was the most responsible option. SolanaFloor said it will maintain its historical archive but will not produce new content.
The event marks one of the largest failures of a Solana-based platform in early 2026. The breach also shows how operational risks, even outside blockchain systems, can create large disruptions when core devices are compromised.
