Solana's developers forked the widely used token liquidity hub Serum, after being compromised by a hack on the bankruptcy exchange FTX on Nov. 11 that led to a series of unauthorized transactions.
According to pseudonymous developer Mango Max on Twitter, a "verified build of the same version has been made and deployed" on Nov 12. Additionaly, the upgrade authority and fee revenues "have been changed and are now managed by a multi-sig controlled by a team of trusted developers." Serum (SRM) and megaserum (MSRM) tokens, as well as fee discounts were not changed and were working as before.
The development took place on the weekend. Solana co-founder Anatoly Yakovenko tweeted that developers depending on serum were forking the code after the upgraded key was compromised, adding that many "protocols depend on serum markets for liquidity and liquidations."
Afaik, the devs that depend on serum are forking the program because the upgrade key to the current one is compromised. This has nothing to do with SRM or even Jump. A ton of protocols depend on serum markets for liquidity and liquidations.
— toly (@aeyakovenko) November 12, 2022
In a Twitter thread, Mango Max said that the Serum update key was not controlled by the SRM DAO, but by a private key connected to FTX, and no one could confirm who controlled the keys. The private key was necessary to update the original version of Serum, leading the developers to fork the code, as the private key is under FTX control.
Mango Max also noted that:
"When I reached out to a couple of people previously involved with Serum, I got answers like: “I wish I had more info to help you, but I really don’t.”
Liquidity providers such as Jupiter, the most popular aggregator on Solana, confirmed turning off Serum as a liquidity source "due to security concerns about upgrade authorities, and we also encouraged all our integrators to do the same." Other projects such as Mango Markets and SolBlaze also announced integration with the new fork.
Confirming that we turned off @ProjectSerum as a liquidity source a few hours ago due to security concerns about upgrade authorities, and we also encouraged all our integrators to do the same.
The ecosystem is working on a fork right now, and we will supporting it asap
— Jupiter Aggregator (@JupiterExchange) November 12, 2022
As reported by Cointelegraph, an attack led to $659 million in outflows from FTX and FTX US on Nov 11. FTX US general counsel Ryne Miller confirmed later that the transactions were unauthorized and that FTX US had moved all remaining crypto into cold storage as a precaution.
A blog post from blockchain forensics firm Elliptic suggests that the drain has seen various tokens on Ethereum, BNB Smart Chain and Avalanche removed. Of the $663 million drained, around $477 million is suspected to have been stolen, while the remainder is believed to have been moved into secure storage by FTX.