Solana-based decentralized exchange (DEX) Stabble issued an emergency notice on Tuesday, urging liquidity providers to withdraw their funds immediately. The move followed revelations from on-chain investigator ZachXBT, who identified Keisuke Watanabe—hired by Stabble as CTO last year—as a suspected North Korean hacker.
According to data from DeFiLlama, the platform’s total value locked (TVL) plunged from approximately $1.75 million to under $663,000 in a single day, marking a 62% decline.
Stabble's new team posted an alert on X (formerly Twitter): "Emergency! Please withdraw your liquidity immediately! Better safe than sorry."
The team emphasized that while there have been no signs of a breach, they are conducting a comprehensive security audit. "We received the news and took action; our primary focus is the safety of our liquidity providers," the Stabble team stated. "We aren't PR experts; we are quant traders and early DeFi participants. We hear you, and your feedback matters."
This incident follows a major hack on the prominent Solana DeFi protocol Drift Protocol, which resulted in losses of $285 million. Reports suggest that the attack was linked to North Korean hackers, who spent six months meticulously building trust through fake professional identities and in-person meetings before deploying malicious developer tools to execute the exploit.
The Persistent Threat of North Korean Hackers to the DeFi Ecosystem
State-sponsored hacking groups from North Korea have long been active in the cryptocurrency space. Reports indicate that last year, the crypto exchange Bybit suffered one of the largest hacks in history, losing $1.4 billion. The Chief Security Officer at Binance has also noted that suspected North Korean operatives attempt to infiltrate and gain employment at the exchange on a daily basis.
In response to the increasingly hostile security environment in DeFi, the Solana Foundation launched several security enhancement initiatives on Monday. The foundation plans to provide security support for DeFi protocols with over $10 million in TVL, aiming to bolster the defensive capabilities of the entire ecosystem.
Addressing user concerns, the Stabble team stated that the decision to force a liquidity withdrawal was made to minimize potential risks while the security audit is underway.
