On Friday, a hacker made unauthorized withdrawals of more than $400 million from FTX. The situation further exacerbated the exchange’s insolvency crisis, which led it to file for Chapter 11 bankruptcy protection.
Many Solana developers suspect the hack may have also compromised Serum, a well-known protocol that was developed by FTX and used by many apps on the Solana blockchain.
Solana founder Anatoly Yakovenko noted that developers are rushing to fork Serum’s code today and resume the protocol without the involvement of FTX. Developers need another version of Serum because the original can only be updated via a private key that was controlled by someone at FTX and not the Serum DAO. As a result of the FTX hack, that key may have been compromised.
“Afaik, the devs that depend on serum are forking the program because the upgrade key to the current one is compromised,” Yakovenko said.
“The serum program update key was not controlled by its own organization, but by a private key connected to FTX. At this moment no one can confirm who controls this key and hence has the power to update the serum program, possibly deploying malicious code,” a pseudonymous developer called Mango Max said, adding that he is leading the Serum fork efforts.
Meanwhile, several Solana apps known to rely on Serum have begun limiting their exposure. Jupiter, the largest DEX aggregator exchange on Solana, notified users that it was halting use of Serum’s liquidity amid security concerns.
“Confirming that we turned off Project Serum as a liquidity source a few hours ago due to security concerns about upgrade authorities, we also encouraged all our integrators to do the same,” Jupiter said.
Other projects, Magic Eden, Mango Markets and Phantom also said they would stop relying on Serum for liquidity and have paused its use, given the security concerns.