Security firms flagged a breach of Step Finance, a Solana portfolio‑tracking platform, that drained roughly $28–30M from treasury wallets on Jan. 31. The incident was one of several January protocol exploits that, combined with phishing losses, pushed monthly crypto theft into the high hundreds of millions.

On January 31 security researchers and coverage aggregated by CertiK and other crypto outlets reported that Step Finance, a prominent Solana‑ecosystem portfolio‑tracking platform, suffered a treasury compromise that removed roughly $28–30 million from its wallets. Investigators described the incident as part of a wave of protocol and treasury exploits in January, amplifying an already severe month for crypto theft driven by high‑value phishing and social‑engineering attacks. Observers noted rapid on‑chain laundering and conversion strategies used by attackers to move funds through decentralized exchanges, cross‑chain bridges, and privacy channels, renewing concerns about treasury key management, multisig governance safeguards, and timeliness of incident response. The Step Finance breach prompted calls for stronger custodial practices across Solana projects, accelerated audits, and broader discussions within the ecosystem about design tradeoffs for user convenience versus secure treasury operations. The event also fed into regulatory and industry debates on disclosure and shared standards for treasury security in DeFi communities.