DeFi Aggregation Platform on Solana – Step Finance – has officially ceased all operations following a hack that resulted in approximately $30 million worth of assets being withdrawn from the project’s wallet in late January. However, the story is not just about a protocol shutting down but reflects a new emerging risk trend in the DeFi space.
Internal Attack Instead of Contract Error
Unlike many previous DeFi incidents caused by smart contract vulnerabilities, the Step Finance incident is believed to have originated from a compromise of an executive team member’s device. Gaining control of these devices could have exposed private keys or allowed malicious code to interfere with internal transaction approval processes.
After gaining access, the attacker canceled about 261,854 SOL stakes and transferred assets out of the project-controlled wallet, causing the STEP token to plummet over 80% in a short period.
This reveals a concerning reality: even with thoroughly audited on-chain infrastructure, off-chain risks—stemming from human factors and operational procedures—can still become the system’s Achilles’ heel.
Solana Ecosystem Loses a Piece
Step Finance once served as a “dashboard” for DeFi portfolios on Solana. The project’s withdrawal creates a noticeable gap in the ecosystem, especially for users familiar with aggregation and asset tracking tools.
Nevertheless, reactions to SOL remain relatively stable, indicating that the market differentiates between the risk of a specific protocol and the long-term prospects of the underlying blockchain network.
The Bigger Picture: Over $4 Billion in Losses in One Year
The Step Finance incident occurs amid a sharp increase in crypto-related losses. According to PeckShield data, total damages from hacks and scams in 2025 exceeded $4.04 billion, nearly a 34% increase compared to the previous year.
Among these:
Over 200 hacks were recorded this year, excluding scams. Notably, February was the most damaging month, primarily due to a $1.51 billion attack on the Bybit exchange.
PeckShield also notes a shift from purely technical exploits to targeted social engineering tactics aimed at centralized organizations and large asset holders, significantly increasing the average loss per incident.
DeFi Enters a Risk Revaluation Phase
The closure of Step Finance shows that DeFi no longer faces only the challenge of “secure code,” but must also expand security standards to include internal governance, private key management, transaction approval processes, and device control.
As institutional capital becomes more interested in digital assets, incidents like this raise a critical question: Is DeFi infrastructure mature enough to handle operational risks at scale?
Step Finance may be just one project within the ecosystem, but this event underscores a core reality: DeFi risks are not only on the blockchain but also in how people manage and operate the systems behind it.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
