How the Wallet Deal Killed the Solana Diffie Collector.

After studying fundraising and access options, the teams concluded that there was no sustainable recovery path following the breach.

Solana-based DeFi aggregator, Step Finance, along with two other affiliate projects, SolanaFloor and Remora Markets, has announced plans to shut down all operations immediately.

The decision was made after a major security incident at the beginning of this year.

Intercept, stop, close

In a statement shared on X, the teams said the decision came after exploring several avenues forward, including fundraising and acquisition discussions. However, after the hack that happened at the end of January, none of them came up with a good solution.

The incident is draining an estimated $30 million worth of assets from Step Financial's wallet in the Solana network. Subsequent disclosures indicated that the breach occurred on devices owned by members of the project's executive team.

Access to these tools exposes private keys or enables malware that interferes with internal transaction approval processes, allowing attackers to initiate and approve malicious transactions on-chain. Once access was gained, the attackers issued approximately 261,854 SOL shares and transferred the funds from wallets under project control. This triggered a quick market reaction which caused the STEP token to fall by more than 80%.

Following the discovery of the exploit, the team halted certain parts of the platform to limit further damage and reported the discovery of nearly $4.7 million worth of Remora-related assets and other assets. As part of the shutdown process, Step Finance said it is working on a refund program for STEP token holders, while Remora Markets is setting up a redemption process for rToken holders, according to a screenshot taken before the event.

More than 200 hack events in 2025

The hack associated with Step Finance ranked among the costliest DeFi incidents in January 2026 amid a spike in crypto-related losses. According to data from blockchain security firm PeckShield, fraud and hacking will cost users and platforms more than $4.04 billion in 2025, up 34 percent from 2024.

You may also like:

Of the total, $2.67 billion came from hacking and $1.37 billion came from fraud, with fraud-related losses rising 64 percent year-over-year.

PeckShield has pivoted from purely technical exploits to targeted social engineering, often targeting central entities and high-net-worth individuals, resulting in significant losses in each incident. More than 200 cases of hacking have been registered, excluding fraud.

February proved to be the most expensive month due to a $1.51 billion breach at Bybit.