**$40 Million Worth of Crypto Stolen from Step Finance — Hackers Compromise Executives' Devices to Gain Illicit Access**

Decentralized finance (DeFi) platform Step Finance has been hit with a massive security breach, with hackers compromising the devices used by members of its executive team to gain illicit access and steal a staggering $40 million worth of cryptocurrency.

The incident occurred over the weekend, with the company detecting the breach in the early afternoon hours of January 31 (APAC). In a statement posted on social media platform X (via BleepingComputer), Step Finance revealed that approximately $40M was drained from its treasury as a result of the executive team's devices being compromised.

The breach is believed to have been facilitated through a well-known attack vector, with hackers likely gaining access to the executives' devices and stealing private keys, seed phrases, or active sessions stored in cache. This method allows hackers to drain treasury wallets without exploiting smart contracts, making it a particularly effective way to steal large sums of cryptocurrency.

Blockchain security company CertiK reported that 261,854 SOL was illicitly withdrawn, estimated to be worth around $28.9 million. However, Step Finance later announced that the total amount lost is closer to $40 million.

In a statement on X, Step Finance assured its users that despite the breach, all Remora assets are held 1:1 in the company's brokerage account, reassuring users that nothing is missing. The company also revealed that it was able to recover approximately $3.7M in Remora assets and $1M in other positions at the time of writing.

However, users have been advised not to use their STEP tokens until the investigation has concluded and operations return to normal. It's unclear how the devices of the executive team were compromised, as the investigation is still ongoing.

This incident marks one of the biggest reported losses from a single platform in 2026 so far, with a total of almost $400 million lost in 42 reported incidents. Despite this, more than 10% ($4.366 million) has already been recovered, although this is a modest sum compared to previous records.

Step Finance has halted some operations to help secure its systems and prevent further breaches. Its Remora Markets trading platform was affected, but the company was able to recover all stock involved. The incident serves as a stark reminder of the importance of security in the world of cryptocurrency and DeFi platforms.

**Related Stories**

* [Tom's Hardware's Guide to Cryptocurrency Security](https://www.tomshardware.com/news/cryptocurrency-security-guide) * [The Risks of Using Public Wi-Fi for Crypto Transactions](https://www.tomshardware.com/news/public-wifi-crypto-risks)

Stay up-to-date with the latest news and in-depth reviews from Tom's Hardware by following us on Google News or adding us as a preferred source.