On January 31, 2026, Solana-based DeFi platform Step Finance reported that attackers had compromised several treasury and fee wallets, moving roughly 261,854 SOL valued at about $30 million. Following the incident, the team began an investigation, contacted cybersecurity firms, and Defillama data showed the project's TVL had fallen to zero while the STEP token price dropped sharply.

A single wallet lost 4,556 ETH, worth about $12.25 million, in an address poisoning incident. Attackers crafted lookalike vanity addresses that appeared in the user’s transaction history, leading to a misdirected transfer. The case adds to a recent spate of large crypto thefts, including an almost $50 million loss in December 2025.

From January 31, 2026, the US SEC will operate with a sharply reduced staff as a partial government shutdown triggered by a funding lapse takes effect. Routine work in key divisions is paused, and only emergency matters tied to market integrity and investor protection will be handled. The disruption is expected to delay crypto rulemaking, product approvals and stablecoin-related guidance until full funding is restored.

According to the Flow Foundation, the network has permanently burned 87.4 billion counterfeit FLOW, marking the final step of its recovery from the December 27 security incident. The exploit in December 2025 let an attacker realize about $3.9M via bridges, while validators patched the issue within 24 hours and exchanges restored FLOW deposits and withdrawals.

In the first 30 days of 2026, Solana’s on-chain activity surged, with Nansen reporting active addresses more than doubling to over 5 million and daily transactions rising from 52 million to 87 million. Daily fee revenue also reached about $1.1 million, driven primarily by DEX and DeFi usage, while sectors such as gaming, NFTs and infrastructure showed additional growth. Other L1 networks, including Ethereum, BNB, Tron and Base, recorded their own gains in users and transactions over the same period.

Optimism governance approved proposal OP-0017, allocating 50% of Superchain sequencer net profits to monthly OP buybacks in a 12-month pilot starting February 2026. Conversions from ETH to OP will be executed via OTC desks and pause below $200,000 monthly revenue. A 31.34 million OP unlock is set for January 31.

Between October 2025 and January 2026, security researchers reported that around 175,000 private AI servers running Ollama were exposed to the public internet, with about 23,000 of them remaining persistently online. These unprotected systems span 130 countries and are being hijacked by criminals to steal computing resources, bypass security safeguards, and potentially access internal data using techniques like SSRF, scanning, and prompt injection. Around 48% of the exposed hosts allow tool-calling, and most use a common model file format that could let attackers crash thousands of servers with a single exploit.

On January 28, 2026, Coinbase said it will match the US Treasury’s $1,000 Trump Accounts deposit for eligible employees’ children, and CEO Brian Armstrong suggested paying the company’s match in Bitcoin. The announcement followed a White House post about major employer participation and came alongside commitments from JPMorgan Chase and Bank of America to match the federal contribution.

As of January 28 2026, Solana's active validator count has reportedly fallen below 800, down sharply from around 2,500 in early 2023. Over the same period, daily vote transactions, a proxy for validator participation, have declined by about 40%. The Solana Foundation's pruning policy and reduced subsidies have pushed out many smaller or underperforming validators, raising debate over decentralization versus network performance.