Solana liquidity hub Serum to be forked after possible compromise in FTX hack 

Quick Take

  • Serum, the widely used liquidity hub on Solana, may have been compromised.
  • Solana developers are forking its code to create a new Serum for ecosystem apps.

Solana developers are forking FTX-developed token liquidity hub Serum after it may have been compromised in a hack on FTX. 

On Friday, a hacker made unauthorized withdrawals of more than $400 million from FTX. The situation further exacerbated the exchange’s insolvency crisis, which led it to file for Chapter 11 bankruptcy protection.

Many Solana developers suspect the hack may have also compromised Serum, a well-known protocol that was developed by FTX and used by many apps on the Solana blockchain. 

Solana founder Anatoly Yakovenko noted that developers are rushing to fork Serum’s code today and resume the protocol without the involvement of FTX. Developers need another version of Serum because the original can only be updated via a private key that was controlled by someone at FTX and not the Serum DAO. As a result of the FTX hack, that key may have been compromised. 

“Afaik, the devs that depend on serum are forking the program because the upgrade key to the current one is compromised,” Yakovenko said.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

“The serum program update key was not controlled by its own organization, but by a private key connected to FTX. At this moment no one can confirm who controls this key and hence has the power to update the serum program, possibly deploying malicious code,” a pseudonymous developer called Mango Max said, adding that he is leading the Serum fork efforts.

Meanwhile, several Solana apps known to rely on Serum have begun limiting their exposure. Jupiter, the largest DEX aggregator exchange on Solana, notified users that it was halting use of Serum's liquidity amid security concerns.

“Confirming that we turned off Project Serum as a liquidity source a few hours ago due to security concerns about upgrade authorities, we also encouraged all our integrators to do the same,” Jupiter said.

Other projects, Magic Eden, Mango Markets and Phantom also said they would stop relying on Serum for liquidity and have paused its use, given the security concerns.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Mike Millard at
[email protected]