Solana liquidity hub Serum to be forked amid security concerns after FTX hack

    15 Nov 2022

    Solana developers are forking Serum, the FTX-developed liquidity hub widely used on Solana, after it may have been compromised in the FTX hack. Meantime, some Serum-related Solana apps have begun limiting their exposure, citing security concerns.

    On Nov. 11, an unknown attacker made unauthorized withdrawals of more than $400 million from FTX. The situation has worsened the exchange’s insolvency crisis even more, which led it to file for Chapter 11 bankruptcy protection.

    Some Solana developers suspect the hack may have also compromised Serum, a well-known protocol that was developed by FTX and used by many apps on the Solana blockchain.

    Anatoly Yakovenko, Solana founder, noted that developers are rushing to fork Serum’s code today and resume the protocol without the involvement of FTX. Developers need another version of Serum because the original can only be updated via a private key controlled by someone at FTX but not the Serum DAO. And that key may have been compromised after the FTX hack.

    “Afaik, the devs that depend on Serum are forking the program because the upgrade key to the current one is compromised,” Yakovenko tweeted.

    “The Serum program update key was not controlled by its own organization but by a private key connected to FTX. At this moment, no one can confirm who controls this key and hence has the power to update the serum program, possibly deploying malicious code,” pseudonymous developer Mango Max said, who is leading the Serum fork efforts.

    Meantime, several Serum-related Solana apps have begun limiting their exposure. For example, the largest DEX aggregator exchange on Solana, Jupiter, notified users that it was halting the use of Serum’s liquidity, citing security concerns.

    “Confirming that we turned off Project Serum as a liquidity source a few hours ago due to security concerns about upgrade authorities, we also encouraged all our integrators to do the same,” Jupiter tweeted.

    Similarly, Magic Eden, Mango Markets, and Phantom also said they would stop relying on Serum for liquidity and have paused its use amid security concerns.

    Leave a Reply

    Your email address will not be published. Required fields are marked *