Solana-based decentralized exchange Stabble issued an emergency warning on April 7, 2026 urging liquidity providers to withdraw their funds immediately after online sleuth ZachXBT revealed that a North Korean IT worker had been employed at Elemental, a Solana DeFi infrastructure project, and that the same individual had previously worked at Stabble approximately one year ago.
Stabble emphasized that no exploit had occurred and that the warning was a precautionary measure, as the new team that took over four weeks ago works to conduct fresh audits.
ZachXBT Disclosure Triggers Stabble Emergency Response
ZachXBT posted information about a North Korean developer having worked for years at Elemental, a Solana-based DeFi infrastructure project, naming the individual as Keisuke Watanabe, also known as “kasky53,” and posting GitHub aliases and an email address. The disclosure came during an exchange with Elemental founder “Moo” about trust and security practices.
Hours after ZachXBT’s post, Stabble’s team reposted the investigator’s comments, which included a resume and photos of the alleged North Korean developer. Stabble then issued emergency warnings urging liquidity providers to withdraw their funds. In a series of posts on X, Stabble stated: “EMERGENCY! Guys, please temporarily withdraw your liquidity instantly! Better safe than sorry.” The DEX added that there had been no exploit, and the messages were simply a precaution.
When asked whether the North Korean employee had worked for Stabble, the DEX replied: “It seems we had one year ago. We have a new team at Stabble that took over 4 weeks ago.” Stabble emphasized that its primary focus is the safety of its liquidity providers, and that it will conduct new audits before continuing operations.
North Korean IT Workers Infiltrating Crypto Projects Raises Security Concerns
U.S. authorities have issued warnings about North Korean technology professionals using fake identities to infiltrate crypto companies. Over the weekend, Drift Protocol stated that its $280 million exploit was likely run by the same North Korea-aligned actors behind the Radiant Capital hack of October 2024. That attack was notable not for a smart contract bug but for a prolonged social engineering campaign, with attackers spending months building trust and infiltrating contributor circles before exploiting governance mechanisms.
Previous investigations have shown millions of dollars flowing to suspected DPRK-linked developers operating under fake identities, raising concerns about insider access and long-term infiltration risks. Footage circulating on X appears to show suspected DPRK IT workers abruptly leaving a Zoom call after being prompted to criticize North Korean leader Kim Jong Un, further fueling speculation about covert operatives inside crypto teams.
The developments follow the recent Drift Protocol hack, one of the largest DeFi exploits of 2026, in which more than $200 million—and potentially up to $285 million—was drained. Analysts and blockchain researchers have linked the attack to North Korean hacking groups, citing patterns consistent with past operations tied to the Lazarus Group.
Stabble’s Response and Next Steps
After criticism from X users about its handling of the situation, Stabble posted that there has been no exploit and the warning messages were simply a precaution. The DEX stated: “We’re not PR people, we’re quants and early DeFi degens. We hear you, and your feedback matters.” Stabble indicated that the new team aims to repair the project and will conduct fresh audits to ensure the safety of liquidity providers before continuing operations.
The incident highlights ongoing risks in the DeFi sector related to insider threats and the infiltration of crypto projects by North Korean operatives, both as developers and as malicious actors targeting protocol governance.
FAQ
Why did Stabble urge liquidity providers to withdraw funds?
Stabble issued an emergency warning after online sleuth ZachXBT revealed that a North Korean IT worker had been employed at Elemental, a Solana DeFi project, and that the same individual had worked at Stabble approximately one year ago. Stabble stated there was no exploit and the warning was a precautionary measure.
What is the significance of North Korean IT workers in crypto projects?
U.S. authorities have warned about North Korean technology professionals using fake identities to infiltrate crypto companies. Recent high-profile exploits, including the Drift Protocol hack, have been linked to North Korean actors. Investigators have found that DPRK-linked developers have been embedded on crypto project payrolls for years, raising concerns about insider access and long-term infiltration risks.
What steps is Stabble taking following the disclosure?
Stabble, now under a new team that took over four weeks ago, stated it will conduct fresh audits to ensure the safety of liquidity providers before continuing operations. The DEX emphasized that no exploit occurred and that the warning was a precautionary measure.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Singapore Gulf Bank Launches Zero-Fee Stablecoin Service on Solana for Institutional Clients
Singapore Gulf Bank has introduced a stablecoin conversion service for corporate and high-net-worth clients, enabling zero-fee fiat-to-stablecoin transactions on the Solana network. It supports multiple blockchains and enhances liquidity management.
GateNews11h ago
XRP Goes Live on Solana as Official Wrapped Token
Ripple's XRP launched on Solana as a wrapped cross-chain asset on April 17, partnering with Hex Trust and others. This move, aimed at boosting liquidity and expanding access to Solana's DEX ecosystem, highlights Solana's growing role in cross-chain tokenization.
GateNews12h ago
Singapore Gulf Bank Launches Stablecoin Minting Service, Offering Zero Fees on Solana
Singapore Gulf Bank launched a stablecoin minting and redemption service for corporate clients, allowing conversions between fiat and USD stablecoins with no fees on Solana for transactions over $100,000. This aims to enhance cash flow and boost USDC adoption.
GateNews15h ago
Bitcoin ETFs See Daily Outflow While Ethereum and Solana ETFs Post Gains on April 17
Gate News message, according to the April 17 update, Bitcoin ETFs recorded a 1-day net outflow of 142 BTC ($10.98M) and a 7-day net inflow of 7,093 BTC ($550.09M). Ethereum ETFs showed a 1-day net inflow of 22,357 ETH ($54.55M) and a 7-day net inflow of 89,684 ETH ($218.83M). Solana ETFs posted a 1-
GateNews16h ago
Solana Targets $120 if Bulls Hold $87 Support; Technical Setup Shows Cup-and-Handle Pattern
Solana (SOL) is trading at $88.87, with a daily gain of 3.84%. Analysts indicate that maintaining support above $87 is crucial to potentially reach $120. Liquidation clusters influence price action, and a breakout above $107 could confirm upward momentum.
GateNews17h ago
DoubleZero Edge Boosts Solana Data Speed With Fiber Optic Network
DoubleZero has introduced DoubleZero Edge, a high-performance data transmission platform designed to deliver real-time blockchain information for the Solana ecosystem, with beta access announced on April 16, 2026. The service moves data delivery away from the public internet onto a dedicated fiber o
CryptoFrontier04-17 06:53
