After exploring fundraising and acquisition options, the teams concluded that no sustainable recovery path existed following the breach.
Solana-based DeFi aggregator, Step Finance, along with two other affiliate projects, SolanaFloor and Remora Markets, announced plans to shut down all operations with immediate effect.
The decision follows the aftermath of a major security incident earlier this year.
Hack, Halt, Shutdown
In a statement shared on X, the teams said the decision came after exploring multiple paths forward, including fundraising and acquisition discussions. However, none resulted in a viable solution after the hack that occurred in late January.
The incident involved an estimated $30 million in assets being drained from Step Finance’s wallets on the Solana network. Subsequent disclosures indicated that the breach stemmed from compromised devices belonging to members of the project’s executive team.
Access to these devices likely exposed private keys or enabled malware that interfered with internal transaction approval processes, which allowed attackers to initiate and approve malicious on-chain transactions. Once access was obtained, the attackers unstaked roughly 261,854 SOL and transferred the funds out of project-controlled wallets. This triggered an immediate market reaction that saw the STEP token fall by more than 80%.
Following detection of the exploit, the team halted certain components of the platform to limit further damage and later reported that approximately $4.7 million in Remora-related assets and other holdings were recovered. As part of the shutdown process, Step Finance said it is working on a buyback program for STEP token holders based on a snapshot taken prior to the incident, while Remora Markets is preparing a redemption process for rToken holders.
Over 200 Hack Incidents in 2025
The hack involving Step Finance ranked among the most expensive DeFi incidents in January 2026, amidst a broader rise in crypto-related losses over the past year. According to data from blockchain security firm PeckShield, scams and hacks drained more than $4.04 billion from users and platforms in 2025, which is an increase of almost 34% compared to 2024.
You may also like:
Of that total, $2.67 billion was attributed to hacks, while $1.37 billion originated from scams, as scam-related losses rose about 64% year-on-year.
PeckShield found a pivot from purely technical exploits toward targeted social engineering, often aimed at centralized entities and high-value individuals, thereby resulting in higher losses per incident. More than 200 hack cases were recorded during the year, excluding scams.
February stood out as the costliest month, driven by a $1.51 billion breach at Bybit.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
Be the first to comment