Step Finance Hack

In January 2026, Step Finance, a portfolio-management and analytics platform on Solana, lost about $28.9 million (put at roughly $30 million by Halborn) in the month’s largest protocol exploit. PeckShield and Halborn attributed the breach to compromised deployer and treasury keys rather than a smart-contract bug, with the attacker draining more than 261,000 SOL from protocol-controlled wallets. The infrastructure-level nature of the attack fit a broader 2026 trend in which private-key and access-control failures, rather than on-chain logic flaws, drove the largest losses. Step paused affected operations while tracing the funds. The incident reinforced calls for hardware-isolated deployer keys, multi-party computation or multisig control of treasury wallets, and strict separation between deployment credentials and live fund custody.