Is Step Finance Safe?
Risk Grade: C+ (41/100)
Step Finance is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
High risk — a $30M treasury theft via device compromise, 90% token crash, and uncertain protocol viability make this one of the most damaged protocols in Solana DeFi
A Solana portfolio dashboard and swap tool that was hacked in January 2026. An executive's personal device was compromised, and attackers stole 261,854 SOL ($30M) from the treasury. The STEP token crashed 90%. Its C- grade reflects the devastating security breach and uncertain future without treasury funding.
TVL
—
Mechanisms
6
Interactions
5
Value Grade
F
Key Risks for Step Finance Users
Hackers stole $30M by compromising an executive's device, not by breaking the smart contracts. The treasury that funded development, operations, and growth is gone
The STEP token lost 90% of its value after the hack. If you staked STEP to earn fees via xSTEP, those fees are now nearly worthless
The full scope of the device compromise is unclear. If the attacker also got admin keys for the swap tool, they could potentially manipulate trade routing to steal from users swapping through Step
Top Risk Factors
- •Treasury wallets hacked in January 2026: 261,854 SOL ($30M) stolen via executive device compromise, STEP token crashed 90%
- •Operational security failure: the attack exploited device-level access to treasury keys, bypassing all smart contract security
- •Protocol viability in question: lost treasury funding for development, operations, and subsidiary projects
Risk Score Breakdown
Step Finance's highest risk area is Track Record (15/15). Here's how each dimension contributes to the overall 41/100 score:
Read the Full Step Finance Risk Report
This protocol has 2 collapse scenarios. 1 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Considering an investment?