New Delhi: Decentralised finance (DeFi) platform Step Finance has confirmed a massive cyber breach after hackers gained access to devices used by members of its executive team, leading to the theft of cryptocurrency valued at nearly ₹330 crore.
The company said the attack occurred on January 31, when threat actors exploited compromised executive endpoints to drain funds from Step Finance’s treasury wallets. Blockchain security firm CertiK reported that at least 261,854 SOL tokens were illicitly transferred during the incident. Initial estimates placed the loss at around ₹240 crore, but Step Finance later revised the figure, saying total exposure was closer to ₹330 crore.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
“In the early afternoon hours of January 31, approximately ₹330 crore was drained from the Step Finance treasury due to our executive team’s devices being compromised,” the company said in a statement, adding that emergency response measures helped recover part of the stolen assets.
According to Step Finance, rapid coordination with ecosystem partners and built-in safeguards enabled the recovery of roughly ₹31 crore worth of Remora assets, along with about ₹8 crore from other positions.
The breach is being described as the largest single-platform crypto loss reported so far in 2026. CertiK has also flagged wider industry damage this year, noting that across 42 reported incidents, digital assets worth more than ₹3,300 crore have already been stolen, with just over 10 per cent recovered. While these figures remain below last year’s record levels, analysts warn that the trend underlines persistent security gaps across decentralised finance ecosystems.
Investigators said the attackers did not exploit smart contract vulnerabilities. Instead, they used what Step Finance termed a “well-known attack vector”, typically associated with gaining access to private keys, seed phrases or active wallet sessions stored on compromised devices. Once executive credentials are exposed, such methods allow hackers to drain treasury wallets directly.
Following the breach, Step Finance temporarily suspended parts of its operations to secure internal systems. The company confirmed that its Remora Markets trading platform was affected, but said all related assets had since been recovered. It also reassured users that Remora assets remain fully backed on a 1:1 basis in the firm’s brokerage accounts.
However, the platform has advised customers not to use STEP tokens until the investigation is complete and services are fully restored.
Cybersecurity experts said the incident highlights the growing risks tied to executive-level device security, particularly in crypto firms where access to treasury wallets is often concentrated among a small number of key personnel.
“The attack appears to have been facilitated through compromised endpoints rather than blockchain vulnerabilities,” investigators said, adding that forensic teams are analysing affected devices to determine how attackers gained initial access.
Step Finance has launched a full internal review and is working closely with blockchain security partners to trace the stolen funds and identify possible recovery routes. Law enforcement agencies have also been notified, though no arrests have been announced so far.
The breach comes amid a sharp rise in social-engineering and credential-theft attacks targeting crypto platforms globally, with hackers increasingly focusing on human and device-level weaknesses rather than purely technical flaws.
Industry observers said tighter operational security, hardware-based authentication and stricter access controls for senior executives are becoming critical as cybercriminal tactics continue to evolve.
Step Finance said further updates will be issued as the investigation progresses and recovery efforts continue.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
