Solana liquidity hub Serum to be forked after possible compromise in FTX hack
Quick Take
- Serum, the widely used liquidity hub on Solana, may have been compromised.
- Solana developers are forking its code to create a new Serum for ecosystem apps.
Solana developers are forking FTX-developed token liquidity hub Serum after it may have been compromised in a hack on FTX.
On Friday, a hacker made unauthorized withdrawals of more than $400 million from FTX. The situation further exacerbated the exchange’s insolvency crisis, which led it to file for Chapter 11 bankruptcy protection.
Many Solana developers suspect the hack may have also compromised Serum, a well-known protocol that was developed by FTX and used by many apps on the Solana blockchain.
Solana founder Anatoly Yakovenko noted that developers are rushing to fork Serum’s code today and resume the protocol without the involvement of FTX. Developers need another version of Serum because the original can only be updated via a private key that was controlled by someone at FTX and not the Serum DAO. As a result of the FTX hack, that key may have been compromised.
“Afaik, the devs that depend on serum are forking the program because the upgrade key to the current one is compromised,” Yakovenko said.
“The serum program update key was not controlled by its own organization, but by a private key connected to FTX. At this moment no one can confirm who controls this key and hence has the power to update the serum program, possibly deploying malicious code,” a pseudonymous developer called Mango Max said, adding that he is leading the Serum fork efforts.
Meanwhile, several Solana apps known to rely on Serum have begun limiting their exposure. Jupiter, the largest DEX aggregator exchange on Solana, notified users that it was halting use of Serum's liquidity amid security concerns.
“Confirming that we turned off Project Serum as a liquidity source a few hours ago due to security concerns about upgrade authorities, we also encouraged all our integrators to do the same,” Jupiter said.
Other projects, Magic Eden, Mango Markets and Phantom also said they would stop relying on Serum for liquidity and have paused its use, given the security concerns.
© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.