Step Finance AI Trading Agents Transferred 261,854 SOL (~$27-30M) Without Human Approval After Executive Device Compromise

Attackers compromised executive devices at Solana DeFi platform Step Finance. AI trading agents with excessive permissions and no human-approval gates executed transfer of 261,854 SOL (~$27-30M) without human intervention. STEP token crashed 96%; platform shut down Feb 24.

Step Finance AI Trading AgentsProduction deletionCredential compromise + overpermissioned AI agent financial lossSolana DeFi platform / AI trading agent wallets

What happened

After compromising executive devices at Step Finance, attackers used the resulting access to trigger AI trading agents to execute the transfer of 261,854 SOL without human approval. The agents' excessive permissions and absent human-approval gates made this possible.

Why it matters

261,854 SOL transferred — approximately $27-30 million at the time. STEP token lost 96% of its value. Step Finance permanently shut down on February 24, 2026. Platform users lost access to funds and the DeFi service.

Missing authorization check

AI trading agents executing transfers above defined thresholds must require explicit human authorization. No AI agent should hold standing permission to transfer large amounts of cryptocurrency without a human approval checkpoint binding the specific transfer amount, destination, and authorization.

Would PP block it?

If all SOL transfers above a threshold required a PP-signed receipt, the compromised credentials could not authorize the transfer autonomously. The human approval gate would have required a signed receipt for the 261,854 SOL transfer, breaking the attack chain even after device compromise.

Incident analysis

Timeline and technical read

Timeline

2026-01-31
Attackers compromise executive devices at Step Finance. AI trading agents with excessive permissions transfer 261,854 SOL (~$27-30M) without human approval.
2026-01-31
STEP token crashes 96% following disclosure of the transfer. Platform operations disrupted.
2026-02-24
Step Finance permanently shuts down the platform following inability to recover from the loss.

Technical breakdown

AI trading agents at Step Finance held broad transfer permissions — sufficient to execute large SOL transfers without per-transaction human approval.
No threshold-based human approval gate existed: transfers of any size could be authorized at the agent level alone.
Compromising executive devices provided the access needed to trigger the AI agents' standing transfer authority.
The combination of overpermissioned agents + no human approval gate meant that device compromise directly translated to fund loss at scale.

Authorization boundary

Where the authorization boundary should have been

This incident is categorized as Production deletion. The relevant Permission Protocol gate is Data Mutation Gate. The read is conditional: the block only applies where the real action boundary is routed through a gate.

If enforced at: Blockchain transfer authorization, large transaction human approval gate
Still needs: No human-approval gate for large AI agent transfers; no transaction threshold enforcement
Receipt required for: SOL transfers above threshold, AI agent financial operations, trading agent authorization

PP's Data Mutation Gate requires a signed receipt before consequential financial operations. A large SOL transfer would require human authorization — no valid receipt, no transfer.

Related incidents and controls

Critical2026-04-27

AI Coding Agent Deletes PocketOS Production Database and Backups in 9 Seconds

Critical2026-02-26

Claude Code Agent Reportedly Deleted DataTalks.Club Production Infrastructure, Database, and Snapshots via Terraform

Data Mutation Gate

Start small

Put the relevant gate at this action boundary.

This incident maps to Data Mutation Gate. Start with the boundary that controls the actual action, then require a signed receipt before execution.

Replay this incident with a signer in the loop