Solana DEX Stabble Urges LPs to Withdraw After Ex-CTO Named in Alleged North Korean Hacker Probe A sudden safety alert from Solana decentralized exchange Stabble prompted liquidity providers to pull funds Tuesday, sending the protocol’s total value locked (TVL) down roughly 62% in hours. Stabble — which was recently handed off to a new team — began the day with about $1.75 million in TVL, according to DeFiLlama. After the team posted an “EMERGENCY!” warning on X (formerly Twitter) at about 9:34 a.m. ET on April 7, 2026, that figure fell to under $663,000 as users withdrew liquidity. The terse alert read: “EMERGENCY! guys please temporally withdraw your liquidity instantly! Better safe than sorry.” The message came after pseudonymous on-chain investigator ZachXBT identified an individual he alleges is a North Korean hacker — named Keisuke Watanabe — who reportedly served as Stabble’s chief technology officer last year. Stabble’s new operators said no exploit had been disclosed, but they were taking the tip seriously and moving to secure users’ funds. “We received a message and are acting on it, our primary focus is the safety of our LPs,” the team wrote. “We're not PR people, we're quants and early DeFi degens. We hear you, and your feedback matters.” The firm also said it was commissioning audits to verify the protocol’s integrity. The incident lands amid heightened concern across DeFi about ties between high-profile hacks and North Korean threat actors. Last week’s attack on Solana-based protocol Drift, blamed on actors linked to North Korea, resulted in more than $285 million in losses and was reportedly executed via a sophisticated, months-long campaign that included fabricated professional identities and in-person meetings before deploying malicious developer tools. North Korean-linked crypto thefts have a long track record: last year, attackers believed to be from North Korea were tied to the $1.4 billion Bybit breach — the largest crypto hack on record — and industry officials have warned of ongoing attempts by such actors to infiltrate teams and gain access to sensitive dev roles. The timing also coincides with recent moves by the Solana Foundation to shore up ecosystem security. On Monday the Foundation announced new initiatives aimed at protecting DeFi projects, pledging to assist in securing protocols that hold at least $10 million in TVL. For now, Stabble’s emergency alert and the ensuing liquidity flight highlight how quickly reputational or personnel-related concerns can ripple through small DeFi protocols — and underline the market’s low tolerance for uncertainty when it comes to custody and code access. Read more AI-generated news on: undefined/news