FTX Hack Sparks Revolution at Serum DEX as Solana Devs Plot Alameda's Ouster

Developers are scrambling to create a new version of the on-chain liquidity hub that has no ties to Sam Bankman-Fried’s burning empire.

AccessTimeIconNov 12, 2022 at 11:51 p.m. UTC
Updated Apr 9, 2024 at 11:14 p.m. UTC

Sam Bankman-Fried once called Project Serum, an on-chain crypto exchange that he created, the “truly, fully trustless” backbone of decentralized finance (DeFi) on the Solana blockchain. But trust in the fallen FTX chief’s once-mighty crypto liquidity engine has suddenly run dry.

On Saturday, DeFi protocols across the Solana ecosystem began unplugging from Serum for fear that they didn’t know who wielded control – a concern fueled by the late-Friday hack at FTX. The developers once associated with Serum have gone silent. Meanwhile, the protocol’s dependence on Bankman-Fried and his bankrupt companies Alameda and FTX loomed large.

  • Copper-to-Gold Ratio Drops, What Does This Mean for Crypto?
    Copper-to-Gold Ratio Drops, What Does This Mean for Crypto?
  • U.S. Presidential Election Will Now Be a 'Very Competitive' Race: Kevin O'Leary
    U.S. Presidential Election Will Now Be a 'Very Competitive' Race: Kevin O'Leary
  • SEC's Gensler Was 'Consistent' Despite Being 'Fried Like a Chicken' Before the Senate: Kevin O'Leary
    SEC's Gensler Was 'Consistent' Despite Being 'Fried Like a Chicken' Before the Senate: Kevin O'Leary
  • Bitcion Mining Is 'Real Estate' Play: Kevin O'Leary
    Bitcion Mining Is 'Real Estate' Play: Kevin O'Leary
  • The true power over Serum rested with FTX Group, which continues to hold the program update authority keys, people familiar with the matter said.

    Spurred by this crisis, DeFi developers are now rushing to create a new version of Serum that they can govern without fear of interference – or influence – from FTX. Across Twitter, Telegram, Github and in private Discords, the Solana community is finding a way to salvage one of their blockchain’s key platforms for trading cryptocurrencies without a centralized exchange.

    “The ecosystem is coming together to solve this problem right now,” said Ben Chow of the decentralized exchange aggregator Jupiter.

    The FTX hack

    Serum is a pillar of Solana’s DeFi infrastructure: it's the trading ecosystem's primary central limit order book, a more efficient alternative to the "automated market maker" setup popular on DeFi exchanges. With help from big market makers such as Jump and Alameda, it has processed over $32 billion in volume this year, according to data site Nomics. But that activity has fallen off a cliff; it's seen just $3.5 million in trades in the last 24 hours, an 80% drop from the day before.

    Last night’s apparent hack of FTX has shattered projects’ confidence in the original Serum, three people familiar with the matter told CoinDesk. There’s of course Serum’s not-so-secret ties to Bankman-Fried. But only his employees have the keys that control the protocol, two developers said.

    “The hack shows that someone malevolent has access to private keys at FTX,” said the pseudonymous Rooter, a developer on the lending protocol Solend that gets token price data from Serum. He is one of three DeFi developers who said they fear Serum’s keys could be compromised, too.

    “That would allow the hacker to rug the entire protocol. At this point things have gotten so crazy that anything is on the table,” he said.

    Lending protocol Solend, Jupiter, automated market maker Raydium, stablecoin swap shop Mercurial Finance and other Solana-based DeFi traders, as well as centralized entities including Phantom wallet, limited their exposure to Serum Saturday morning. They disconnected price data oracles, shut down token trading pools or ceased trading on its central limit order book.

    Michael Morrell, an independent contributor to Serum who closely follows the protocol, said the likelihood that a malicious actor would compromise Serum’s codebase is low.

    And yet fear rages on in the entire ecosystem. With key Mango Markets developer known as “Mango Max” leading the charge, some of Serum’s earliest contributors are now attempting to fork Serum and start it anew, sources said.

    Not so decentralized exchange

    Their actions seek to restore trust in a not quite so decentralized exchange.

    Serum was nominally governed by the vote of a community of holders of the project’s SRM token. But apart from voting on token grants, Serum’s so-called decentralized autonomous organization (DAO) had little actual authority over the protocol, according to the pseudonymous Crypto Notte, a contributor to the Vyper protocol. Proposals to change how Serum operated would pass and go nowhere, he said.

    The FTX-backed contributors that once focused on Serum haven't been heard from in months and stand-ins from Bonfida, which inherited development duties, haven’t lived up to the task, developers said. But Serum worked pretty well – that’s all it needed to do. One source called it “feature-complete.”

    In the past few months, Serum DAO had become a money tree for other protocols to shake token grants from, multiple sources in Solana DeFi said. Projects wanting to integrate with Serum would first suss out their proposal’s viability with major SRM holders and then pitch the community forum. Proposals that made it to a vote would usually pass with the backing of a single whale: a wallet that started with “Cuie.” That wallet was controlled by Alameda, according to Morrell, the independent contributor.

    Alameda’s wallet swayed the vote here for a 6 million SRM token grant to Atrix.
    Alameda’s wallet swayed the vote here for a 6 million SRM token grant to Atrix.

    Another former developer, speaking on condition of anonymity, said a small cadre of Alameda employees collectively decided how the Serum wallet would vote. The Cuie wallet single-handedly approved proposals at least 13 times, a review of Serum's governance history shows.

    “It’s a sham that survives on backroom deals,” said a source whose project once secured a token grant from Serum DAO.

    The protocol’s rubber-stamp governance styles manifested in its press strategy. On Oct. 15, 2021, Project Serum's press team (also FTX's) pitched a CoinDesk reporter on the community’s approval of a $100 million budget allocation – before the vote had even begun.

    FTX was heavily invested in the success of Serum. According to the Financial Times, Bankman-Fried’s exchange held $2.2 billion in SRM tokens as of earlier this week.

    In digital asset markets, the SRM token slid 8.3% on Saturday. It's fallen 62% already just this month alone, leaving the price down 91% on the year.

    Critical infrastructure

    Despite its sluggish popularity and connections to Bankman-Fried, Serum isn’t the kind of project that Solana DeFi can walk away from and forget. Protocols that have been optimized for Serum still rely on it to function.

    James Moreau, a key contributor at Jet protocol, said the project is nearly finished building a DeFi product that integrates with Serum.

    “Trying to re-architect it for another platform makes no sense when it’s not even done,” he said. “I’d say we need to finish what we started and then assess the situation after.”

    A spokesperson for the Solana Foundation told CoinDesk the organization was following developers’ effort to “contain risks around Serum.”

    The lead figure in that effort, Mango Max, declined to comment.

    Their campaign is working to “fork” Serum – basically recreate its codebase and start it anew, according to Chow, the co-founder of Jupiter DEX. Major ecosystem developers will share program update authority, he said.

    The community's slapdash effort to wrest Serum from FTX Group skirts around a less heroic notion: few made much ado about the not so decentralized exchange's many entanglements before this week's dumpster fire began. Still, Saturday’s crisis could lead to a new Serum with a more credible claim to decentralization. That is a positive, according to Chow.

    “Probably better in the long run as Serum was languishing anyway,” he said.


    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Danny Nelson

    Danny is CoinDesk's Managing Editor for Data & Tokens. He owns BTC, ETH and SOL.