Step Finance Treasury Wallets Compromised, ~260,000 SOL Unstaked and Transferred

Solana ecosystemwallet securitycrypto asset riskon-chain monitoringblockchain securityTrustformer KYT

On January 31, Solana ecosystem data platform Step Finance disclosed that several of its treasury and fee-related wallets had been compromised. On-chain data shows that approximately 261,854 SOL were unstaked and rapidly transferred, with the total value estimated at around USD 30 million at the time of the incident.

Attackers Moved Funds Through Unstaking Operations

Based on on-chain activity, the attackers first unstaked SOL held in the compromised wallets before transferring the assets in batches to external addresses. This sequence suggests a solid understanding of Solana’s staking and unlocking mechanisms, indicating that the attack was deliberate and well planned.

Official Response: Investigation Ongoing

Step Finance stated that its team immediately initiated an investigation into the security incident. Details such as the attack vector, the exact number of affected wallets, and whether private key compromise or permission abuse was involved have not yet been disclosed. Further findings will be released as the investigation progresses.

Security Challenges Facing the Solana Ecosystem

The incident once again highlights the risks associated with treasury and operational wallets in DeFi projects, particularly in areas such as permission management, key security, and abnormal activity detection. Once high-privilege wallets are compromised, attackers can unstake and transfer large amounts of assets within a very short time window, leaving limited room for response.

Importance of On-Chain Risk Monitoring

In such attack scenarios, the real-time detection of abnormal unstaking behavior, non-typical fund flows, and interactions with high-risk addresses is critical. By adopting on-chain risk monitoring and transaction behavior analysis tools such as Trustformer KYT, projects can receive early warnings during the initial stages of suspicious fund movements, helping to reduce potential losses and strengthen overall security defenses.

Market Impact Remains Unclear

As of now, Step Finance has not confirmed whether the incident has had a direct impact on users or ecosystem partners. Analysts note that as capital volumes within the Solana ecosystem continue to grow, sustained investment in security architecture and compliance-oriented risk controls is becoming a key factor in the long-term viability of projects.

About Trustformer

Trustformer is a leading blockchain security and compliance technology company specializing in providing professional risk management and compliance solutions for the global cryptocurrency ecosystem. We have developed the cutting-edge Trustformer KYT (Know Your Transaction) platform, which integrates artificial intelligence, blockchain analytics, and regulatory technology to deliver comprehensive, accurate real-time transaction monitoring, risk assessment, and suspicious activity reporting services.

With deep industry expertise and technological innovation, Trustformer is dedicated to helping Virtual Asset Service Providers (VASPs), crypto financial institutions, and investors build a safer and more transparent crypto financial environment. We believe that driving compliance and trust through technology can contribute to the thriving growth of the global digital economy.