Stabble Urges Users To Withdraw Liquidity Following Discovery Of Former North Korean Developer

In Brief

Stabble, a Solana-based DEX, urges liquidity withdrawal after ties to a North Korean developer emerge, while Elemental faces scrutiny amid Drift Protocol’s $286M exploit linked to North Korean hacking groups.

Decentralized exchange (DEX) operating within the Solana ecosystem Stabble issued a public notice advising users to withdraw their liquidity funds as a precautionary measure. The announcement follows the discovery that an individual previously associated with the project had alleged ties to North Korea. In response, the protocol is set to undergo a comprehensive new audit.

According to the company, the individual in question had been involved with the organization approximately one year ago. Management emphasized that a completely new team assumed control of the project four weeks ago, introducing a revised strategy, new partnerships, and updated leadership. Since the transition, the platform has reportedly shown strong performance, including a doubling of total value locked, a three- to fourfold increase in revenue, and a significant rise in token price.

The organization stated that no vulnerabilities have been identified in the protocol to date. However, it confirmed plans to engage leading auditors within the ecosystem to conduct further reviews. The decision to recommend temporary withdrawal of liquidity was described as a precaution aligned with the project’s stated principle of prioritizing security and risk mitigation over uncertainty.

North Korean Developer Ties To Solana’s Elemental Protocol Exposed Amid Criticism Of Drift’s Security Failures

A recent warning was issued following revelations from blockchain investigator ZachXBT, who disclosed that a North Korean developer had been involved with Solana’s decentralized finance (DeFi) project, Elemental, for several years.

The founder of Elemental protocol took the opportunity to criticize Drift Protocol’s handling of security, noting that, despite having implemented stringent security protocols within their own platform, Drift’s basic security measures—including a vulnerable multisig setup—ultimately led to a major breach. This failure, compounded by what the founder described as a lack of leadership and accountability from Drift’s team, resulted in substantial financial losses and prompted many users to exit the DeFi space entirely, undermining trust across the sector. Drift protocol was exploited for $286 million on April 1st in a suspected DPRK attack

A recent exchange of comments has brought attention to the involvement of North Korean IT workers in the cryptocurrency sector. Blockchain investigator ZachXBT criticized the founder for allegedly neglecting to mention that Elemental had employed a North Korean IT worker for several years, adding fuel to ongoing debates regarding the extent of North Korean infiltration in crypto and DeFi projects.

This debate comes amid recent reports from MetaMask developer Taylor Monahan, who claimed that North Korean IT workers have been active in the crypto industry for at least seven years. She noted that many of the well-known DeFi protocols had been built by individuals with ties to North Korea, with resumes listing “seven years of blockchain development experience” not being inaccurate.

Monahan also pointed out several projects believed to have been impacted by North Korean involvement, including SushiSwap, Thorchain, Fantom, Shib, Yearn, and Floki, among others. ZachXBT further described the Lazarus Group as a collective of hackers backed by North Korea

ZachXBT contributed to the narrative, describing the Lazarus Group as a collective term for all hackers backed by North Korea. “LinkedIn, email, Zoom, or interviews are basic and in no way sophisticated. The only thing about it is they’re relentless. I always see companies write about how they stopped the most elaborate attempt by Lazarus Group and it ends up being a basic attempt by a low iq subgroup”