Private Key Compromise attacks on Solana

Step Finance lost 261,854 SOL ($27M) from treasury and fee wallets to a 'sophisticated' actor. STEP fell 96%; Step, SolanaFloor and Remora all shut down.

SwissBorg's SOL Earn lost $41.5M (193,000 SOL) via a compromised API at staking vendor Kiln. SwissBorg itself wasn't breached; the third-party infra was.

Attackers drained $44M from CoinDCX's internal liquidity account for partner-exchange reserves; the exchange absorbed the loss from treasury.

~$73M drained from Phemex hot wallets across 16 blockchains in a coordinated sweep — the first major exchange hack of 2025, with TTPs consistent with Lazarus.

$13.7M drained from UAE-based M2 Exchange hot wallets across BTC, ETH and Solana; identified, contained and customer funds restored in just 16 minutes.

Lazarus drained $54M from CoinEx hot wallets across Ethereum, Tron, BSC and seven other chains, reusing infrastructure from the prior week's Stake.com hit.

$4.4M drained from Raydium's Solana liquidity pools after malware stole the pool-admin private key, then used admin functions to withdraw fees.

~9,231 Solana wallets lost $4.1M after Slope Wallet's app logged users' seed phrases in plain text to a Sentry server, traced back via on-chain forensics.