Stabble, a decentralized exchange built on Solana, has urged its users to immediately withdraw their liquidity after the platform’s new management team learned that its former chief technology officer had been identified as an alleged North Korean hacker. The warning triggered a sharp 62% decline in the protocol’s total value locked on Tuesday. According to data from DeFiLlama, Stabble began the day with approximately $1.75 million in TVL, which fell to under $663,000 following the public alert.
The new team posted an urgent message on X, calling on users to pull their funds without delay. “EMERGENCY! Guys, please temporarily withdraw your liquidity instantly! Better safe than sorry,” the team wrote. The post appeared around 9:34 a.m. ET on Tuesday, roughly seven hours after pseudonymous on-chain investigator ZachXBT had publicly named an individual called Keisuke Watanabe as an alleged North Korean operative who reportedly served as Stabble’s CTO the previous year.
Despite the urgency of the announcement, the team confirmed that no exploit on the platform had been disclosed. The firm stated it was actively conducting audits to verify that all systems remained secure. “We received a message and are acting on it, our primary focus is the safety of our LPs,” the new Stabble team said in a follow-up post, adding that the team consists of quantitative traders and early decentralized finance participants rather than communications professionals.
The incident comes less than a week after leading Solana DeFi protocol Drift was exploited for more than $285 million by hackers with alleged ties to North Korea. That attack was described as a sophisticated, multi-stage scheme carried out over six months. According to reports, the perpetrators constructed fabricated professional identities and attended in-person industry conferences before deploying malicious developer tools to execute the theft.
North Korea’s involvement in cryptocurrency exploits has been a persistent concern across the industry. Last year, hackers linked to the country targeted crypto exchange Bybit, stealing $1.4 billion in what is considered the largest crypto hack on record. Separately, the chief security officer of exchange Binance has stated that individuals believed to be from North Korea attempt to gain employment at the firm on a daily basis.
In response to the broader threat environment, the Solana Foundation announced several new security initiatives on Monday aimed at strengthening protections across the ecosystem. The foundation said it would direct resources toward securing DeFi protocols that maintain a total value locked of at least $10 million, signaling a more proactive stance against state-linked threats targeting the network.
Originally reported by Decrypt.
