Step Finance, once a well-known dashboard and data hub on the Solana network, has officially closed its doors after a major security breach left the company unable to recover financially. In a public statement shared on X on the 23rd of February, the team said it would shut down its core platform, along with SolanaFloor and Remora Markets, effective immediately.
The decision came less than a month after attackers drained a large portion of the company’s treasury. The losses, first estimated between $27 million and $30 million, were later placed closer to $40 million after a full review of the damage. For a platform that played a central role in tracking portfolios and activity across Solana, the impact was devastating.
“We explored every possible path forward,” the team wrote. “Unfortunately, we were unable to secure a sustainable outcome.” The tone was calm, but the message was final.
David Adubiina
How the January 2026 Crypto Hack Happened
The attack took place on Jan. 31, 2026, and it did not unfold in the way many crypto hacks usually do. There was no flaw in the smart contracts. There was no bug in the code running on the chain. Instead, the weakness was much simpler and much more human.
Hackers reportedly gained access to devices used by members of Step Finance’s executive team. Once those devices were compromised, the attackers were able to access the treasury and fee wallets. From there, they unstaked and moved about 261,854 SOL, along with other assets.
Because blockchain transactions cannot be reversed, the funds were quickly out of reach. The breach was described as operational rather than structural, meaning the core system worked as designed, but internal security practices failed.
STEP Token Collapse and Financial Fallout
After news of the hack spread, confidence dropped almost overnight. The platform’s native STEP token reportedly lost more than 97 percent of its value. For holders, the collapse erased much of their investment. For the company, it closed the door to raising fresh capital.
Step Finance tried to stabilize operations. The team explored funding options and even looked into possible acquisition talks. But with the treasury heavily damaged and token value nearly wiped out, there was little room to maneuver.
The team did manage to recover about $4.7 million by working with partners and using protections tied to Solana’s newer token standards. Still, that amount covered only a fraction of the total losses. The gap was simply too large to bridge.
The shutdown also affected SolanaFloor, a media and data platform covering the Solana ecosystem, and Remora Markets, which offered tokenized equity-style products. These services were part of a broader push to expand beyond simple portfolio tracking.
What Happens to Users and Remora rTokens
As part of the wind-down process, Step Finance said it plans to carry out a buyback program for STEP holders. The buyback will be based on a snapshot taken before the January breach, though full details have not yet been shared.
Remora Markets released its own statement to calm concerns. The company said all rTokens remain fully backed on a one-to-one basis and that a redemption process is being prepared. This would allow holders to exchange their tokens for USD Coin. In a short but firm message, the team said, “All Remora rTokens remain fully backed 1:1,” promising more updates in the coming weeks.
The fall of Step Finance stands out not just because of the dollar amount involved, but because of how it happened. The Solana network itself was not breached. The smart contracts were not exploited. Instead, weak internal controls opened the door.
For Solana, which has worked to rebuild trust after past outages and ecosystem challenges, the incident is another reminder that the strength of a network also depends on the teams building on top of it.
Jemi Motesho
