Step Finance lost roughly 261,854 to 261,932 SOL after compromised executive devices enabled an attacker to transfer stake authorization and withdraw treasury funds. The article frames the incident as likely social engineering or phishing-driven key compromise rather than a smart-contract exploit, noting that audits, bug bounties, and public security reviews did not protect the wallets holding operational authority. CertiK-linked on-chain analysis identified the attacker-controlled wallet LEP1uHXcWbFEPwQgkeFzdhW2ykgZY6e9Dz8Yro6SdNu, a key withdrawal transaction, and a secondary wallet used in the attack. Step Finance reportedly recovered about $4.7 million through Token22 protections, but the STEP token collapsed and the case underscores how private-key and executive-device compromise can defeat otherwise sound protocol code.