Solana Exchange Stabble Warns Users to Pull Liquidity After North Korean Hacker Scare
A decentralized exchange on Solana urged its users to exit after a former executive was alleged to be a North Korean hacker.
By Logan HitchcockEdited by Andrew HaywardApr 7, 2026Apr 7, 20262 min read
In brief
- Solana exchange Stabble urged users to pull liquidity after its former CTO was alleged to be a North Korean hacker.
- The firm's total value locked dropped 62% in the wake of the request, dropping from $1.75 million to less than $663,000.
- North Korean hackers allegedly completed a sophisticated scheme to exploit Drift Protocol last week for $285 million.
Solana decentralized exchange Stabble has urged users to pull liquidity from the platform, leading to a 62% drop in its total value locked (TVL) Tuesday after the firm learned its former chief technology officer was flagged as an alleged North Korean hacker.
The protocol, which was recently taken over by a new team, began the day with around $1.75 million in TVL, according to data from DeFiLlama. After publicly sounding the alarm to a potential emergency, that value is down to less than $663,000.
“EMERGENCY!” the new protocol team posted on X. “Guys, please temporarily withdraw your liquidity instantly! Better safe than sorry.”
The alert hit social media around 9:34 a.m. ET on Tuesday, about seven hours after pseudonymous on-chain sleuth ZachXBT had identified an alleged North Korean hacker, Keisuke Watanabe, who reportedly worked as the CTO at Stabble last year.
EMERGENCY ! guys please temporally withdraw your liquidity instantly !
Better safe than sorry.
The new stabble team.
— stabble (@stabbleorg) April 7, 2026
Despite there being no disclosed exploit on the platform, the firm said it was working on audits to ensure everything is fully secure.
“We received a message and are acting on it, our primary focus is the safety of our LPs,” the new Stabble team posted. “We're not PR people, we're quants and early DeFi degens. We hear you, and your feedback matters.”
The platform’s hasty move to alert the public comes less than a week after leading Solana DeFi protocol Drift was exploited for more than $285 million by hackers linked to North Korea.
In a complex, sophisticated scheme played out over six months, it is alleged that the attackers used fabricated professional identities and in-person conference meetings before deploying malicious developer tools to execute the drain.
North Korea’s connection to DeFi and on-chain exploits is a long-standing issue. Last year, hackers from North Korea exploited crypto exchange Bybit for $1.4 billion, the largest crypto hack of all-time, and individuals believed to be from North Korea are trying to get hired at Binance every day, according to its chief security officer.
On Monday, the Solana Foundation launched multiple new security efforts for the ecosystem, saying that it would help secure DeFi protocols with a total value locked of at least $10 million.
