After evaluating fundraising and recovery options, the teams concluded that no sustainable recovery mechanism exists after a breach.
Solana-based DeFi aggregator, Step Finance, and two other affiliated projects, SolanaFloor and Remora Markets, have announced plans to close all operations immediately.
This decision follows a major security incident earlier this year.
Hack, Stop, Shut Down
In a statement shared with X, the parties said the decision came after evaluating several options going forward, including fundraising and acquisition discussions. However, nothing has led to an effective solution after the hack that took place in late January.
This incident involves approximately R30 million of assets being withdrawn from the Step Finance fund in the Solana network. Subsequent disclosures revealed that the breach was caused by sabotage tools belonging to members of the executive committee.
Access to these devices may have exposed private keys or enabled malware that compromised internal transaction authorization processes, allowing attackers to initiate and authorize malicious online transactions. Once access was gained, the attackers withdrew an estimated 261,854 SOL and withdrew money from wallets controlled by the project. This caused a quick market reaction that saw the STEP token drop by more than 80%.
After the exploit was discovered, the team shut down parts of the field to limit further damage and later reported that approximately $4.7 million in Remora-related assets and other hostages had been recovered. As part of the shutdown process, Step Finance said it is working on a buyback plan for STEP token holders based on a snapshot taken before the incident, while Remora Markets is preparing a redemption process for rToken holders.
More than 200 incidents of hacking by 2025
Hacks involving Step Finance ranked among the costliest DeFi incidents in January 2026, amid a broader surge in crypto-related losses over the past year. According to data from blockchain security company PeckShield, scams and hacking cost users and platforms more than $4.04 billion in 2025, an increase of nearly 34% compared to 2024.
You may also like:
Of that amount, $2.67 billion was attributed to hacks, while $1.37 billion came from fraud, as fraud-related losses rose nearly 64% year-over-year.
PeckShield has received a pivot from technical activities aimed at targeted social engineering, usually targeting medium-sized businesses and high-net-worth individuals, resulting in high losses per incident. More than 200 cases of hacking were recorded during the year, excluding scams.
February stood out as the most expensive month, driven by the breach of $ 1.51 billion in Bybit.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and get an exclusive $600 welcome offer on Binance (full details).
SPECIAL OFFER for CryptoPotato readers at Bybit: Use this link to register and open a free $500 position on any coin!
