ElementalDeFi
Summary
ElementalDeFi is a Solana-based DeFi fund and lending platform founded in September 2022 that offers yield products including Elemental Lend, the Geyser Fund, and the Geodium Fund. On April 7, 2026, blockchain investigator ZachXBT publicly disclosed that an individual identified as Keisuke Watanabe — an alleged North Korean IT operative — had been employed at the project for multiple years, and that the same individual served as CTO at the related Solana DEX Stabble. As of May 22, 2026, ElementalDeFi has issued no public response, audit findings, or remediation plan, leaving unresolved the risk that the operative may have introduced backdoors or malicious code into the protocol's production smart contracts.
Timeline(5 events)
2022-09-01
ElementalDeFi founded on Solana, initially launching with a $1,000 pool from early adopters.
Elemental DeFi Documentation2025-10-01
Elemental Lend opens to public beta following closed alpha testing.
Elemental DeFi Documentation2026-04-01
Drift Protocol, the largest decentralized perpetual futures exchange on Solana, is exploited for approximately $285 million in user assets in roughly 12 minutes, following a six-month DPRK social engineering campaign. TRM Labs attributes the attack to UNC4736 with medium confidence.
TRM Labs — North Korean Hackers Attack Drift Protocol2026-04-07
ZachXBT publicly discloses via X that ElementalDeFi employed an alleged DPRK IT operative, Keisuke Watanabe, for multiple years. The disclosure targets ElementalDeFi founder 'Moo' and includes Watanabe's alleged aliases (kasky53, keisukew53, kdevdivvy, 0xWoo), wallet addresses, and email. Stabble, where Watanabe allegedly served as CTO, issues an emergency withdrawal notice to liquidity providers. Stabble's TVL drops approximately 62 percent. ElementalDeFi makes no public statement.
BanklessTimes — ZachXBT: Solana DeFi App ElementalDeFi Hired DPRK IT Worker for Years2026-05-22
No public statement, security audit, or remediation plan has been published by ElementalDeFi regarding the DPRK employment disclosure. The risk of planted backdoor code in production contracts remains unaddressed in public communications.
AVOID.NET research — no public sources found confirming a responseDecision Log
- hash: AF3hxryYFTWUfUsYS5vmQxZwM8hXehQKUbaMmQ7fTP1Q
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-code-investigator
generated: 5/22/2026, 4:07:06 PM
last updated: 5/22/2026, 4:07:43 PM
avoid.net — verified advice for a post-truth world