Solana DeFi Platform Step Finance Abruptly Shuts Down After $40 Million Hack

Step Finance, a Solana-based decentralized finance (DeFi) platform, has announced its decision to shut down all operations. This move comes after a significant cyberattack on January 31, 2026, which drained up to $40 million from the company's treasury and fee wallets.

The attack targeted devices used by members of the executive team, allowing attackers to gain access to sensitive areas and transfer large amounts of digital assets. Approximately 261,854 SOL was moved during the incident, valued between $27 million and $30 million at the time. Later assessments placed total losses across assets at nearly $40 million.

The platform's smart contract infrastructure was not breached, but rather the vulnerability stemmed from compromised devices and insufficient endpoint security. Despite efforts to recover some funds using Solana's Token22 protections, only about $4.7 million was recovered, which was not enough to offset the scale of the losses.

The cyberattack had a significant impact on the platform's native STEP token, causing its price to fall by more than 97% within days. This made it difficult for the company to pursue external funding or strategic alternatives, including fundraising and acquisition talks.

As part of the wind-down process, Step Finance will prepare a buyback programme for STEP holders based on a snapshot taken before the January hack. Remora Markets has also issued an update confirming that all rTokens remain fully backed and a redemption process is being developed to allow holders to exchange rTokens for USD Coin (USDC).