Step Group Recovers $4.7M Following January 31st Treasury Hack
OG Solana protocol on the mend after $40M hack?
- Published:
- Edited:
Disclaimer: SolanaFloor is owned and operated by Step Group
Step Group, a conglomerate operating several Solana-native businesses, is bouncing back after a devastating hack drained over $40M from the company treasury.
Through token22 security protections and cooperation with partners, Step Group has successfully recovered over $4.7M, providing a solid base for the firm’s recovery.
The hack comes after a difficult year for Solana teams, who are increasingly becoming targets of organized cybercrime as the network gains prominence.
Step Group Issues Post-Mortem
Following a January 31st hack that resulted in the siphoning of $40M from its treasury, Step Group has issued a formal post-mortem. According to the statement, the hack occurred during APAC hours after the executive team’s devices were compromised by a sophisticated malicious actor.
Step Group is reportedly in close contact with industry-leading cybersecurity experts and is working in close collaboration with relevant authorities to contain the issue. In the interest of protecting users, Step Group has suspended several operational activities while the firm reinforces its security measures.
Leveraging the built-in security capabilities of token22 extensions and through rapid action with other ecosystem contributors, Step Group has been able to recover ~$4.7M from its exploiters. This reclaimed TVL is largely dominated by Remora Markets assets, an RWA issuer for whom Step Group is a majority LP.
Remora Markets, a separate entity from Step Group, has assured asset holders that all rStocks and rMetals remain backed 1:1 by corresponding assets in its brokerage account. After a temporary pause pending the completion of a precautionary security review, Remora Markets has begun incrementally repricing its onchain assets.
Step Group has advised market participants not to engage with the native $STEP token, which fell by over 90% following the hack. The firm has indicated that a snapshot of pre-hack holders will be taken, and is actively working on solutions.
Solana-Based Hack Frequency Grows
In recent years, Solana’s ascension to become a leading venue for onchain finance has brought tremendous volume and TVL to the network. Unfortunately, this has also made the network an increasingly large target for malicious actors.
According to DefiLlama data, over $198.3M was lost in Solana-based hacks and exploits throughout 2025. While this figure pales in comparison to rival Layer 1s like Ethereum, it’s still 261% higher than the $54.9M lost on Solana in 2024.
Besides Solana’s smaller TVL, security researchers argue that the chain’s architecture makes the network’s apps and smart contracts more resistant to exploits. Speaking exclusively with SolanaFloor, Certora CEO Seth Hallem posited that Solana’s Rust-based logic was typically more resilient and battle-tested than the Solidity found on EVM networks.
Disclaimer: SolanaFloor is owned and operated by Step Group
Read More on SolanaFloor
Solana welcomes another privacy protocol
Zenrock Launches Hush Protocol as Solana Privacy Sector Gains Momentum
What’s Driving $USD1’s Growth?
