FTX Hack Spooks Solana DeFi, Igniting Revolution at Alameda-Controlled Serum DEX

Sam Bankman-Fried once called Project Serum, an on-chain crypto exchange that he created, the “truly, fully trustless” backbone of decentralized finance (DeFi) on the Solana blockchain. But trust in the fallen FTX chief’s once-mighty crypto liquidity engine has suddenly run dry.

On Saturday, DeFi protocols across the Solana ecosystem began unplugging from Serum for fear that they didn’t know who wielded control – a concern fueled by the late-Friday hack at FTX. The developers once associated with Serum have gone silent. Meanwhile, the protocol’s dependence on Bankman-Fried and his bankrupt companies Alameda and FTX loomed large.

Spurred by this crisis, DeFi developers are now rushing to create a new version of Serum that they can govern without fear of interference – or influence – from FTX. Across Twitter, Telegram, Github and in private Discords, the Solana community is finding a way to salvage one of their blockchain’s key platforms for trading cryptocurrencies without a centralized exchange.

“The ecosystem is coming together to solve this problem right now,” said Ben Chow of the decentralized exchange aggregator Jupiter.

The FTX hack

Serum is a pillar of Solana’s DeFi infrastructure: it's the trading ecosystem's primary central limit order book, a more efficient alternative to the "automated market maker" setup popular on DeFi exchanges. With help from big market makers such as Jump and Alameda, it has processed over $32 billion in volume this year, according to data site Nomics. But that activity has fallen off a cliff; it's seen just $3.5 million in trades in the last 24 hours, an 80% drop from the day before.

Last night’s apparent hack of FTX has shattered projects’ confidence in the original Serum, three people familiar with the matter told CoinDesk. There’s of course Serum’s not-so-secret ties to Bankman-Fried. But only his employees have the keys that control the protocol, two developers said.

“The hack shows that someone malevolent has access to private keys at FTX,” said the pseudonymous Rooter, a developer on the lending protocol Solend that gets token price data from Serum. He is one of three DeFi developers who said they fear Serum’s keys could be compromised, too.

“That would allow the hacker to rug the entire protocol. At this point things have gotten so crazy that anything is on the table,” he said.

Lending protocol Solend, Jupiter, automated market maker Raydium, stablecoin swap shop Mercurial Finance and other Solana-based DeFi traders, as well as centralized entities including Phantom wallet, limited their exposure to Serum Saturday morning. They disconnected price data oracles, shut down token trading pools or ceased trading on its central limit order book.

Michael Morrell, an independent contributor to Serum who closely follows the protocol, said the likelihood that a malicious actor would compromise Serum’s codebase is low.

And yet fear rages on in the entire ecosystem. With key Mango Markets developer known as “Mango Max” leading the charge, some of Serum’s earliest contributors are now attempting to fork Serum and start it anew, sources said.

Not so decentralized exchange

Their actions seek to restore trust in a not quite so decentralized exchange.

Serum was nominally governed by the vote of a community of holders of the project’s SRM token. But apart from voting on token grants, Serum’s so-called decentralized autonomous organization (DAO) had little actual authority over the protocol, according to the pseudonymous Crypto Notte, a contributor to the Vyper protocol. Proposals to change how Serum operated would pass and go nowhere, he said.

The true power rested with FTX Group, which continues to hold the program update authority keys, people familiar with the matter said.

The FTX-backed contributors that once focused on Serum haven't been heard from in months and stand-ins from Bonfida, which inherited development duties, haven’t lived up to the task, developers said. But Serum worked pretty well – that’s all it needed to do. One source called it “feature-complete.”

In the past few months, Serum DAO had become a money tree for other protocols to shake token grants from, multiple sources in Solana DeFi said. Projects wanting to integrate with Serum would first suss out their proposal’s viability with major SRM holders and then pitch the community forum. Proposals that made it to a vote would usually pass with the backing of a single whale: a wallet that started with “Cuie.” That wallet was controlled by Alameda, according to Morrell, the independent contributor.

Alameda’s wallet swayed the vote here for a 6 million SRM token grant to Atrix.

Another former developer, speaking on condition of anonymity, said a small cadre of Alameda employees collectively decided how the Serum wallet would vote. The Cuie wallet single-handedly approved proposals at least 13 times, a review of Serum's governance history shows.

“It’s a sham that survives on backroom deals,” said a source whose project once secured a token grant from Serum DAO.

One sign of the protocol’s rubber-stamp governance manifested in its press strategy. On Oct. 15, 2021, the press team that represented Project Serum (and also represented FTX) pitched a CoinDesk reporter on the community’s approval of the $100 million liquidity mining program, which funded all future governance proposals – before the vote had even begun.

FTX was heavily invested in the success of Serum. According to the Financial Times, Bankman-Fried’s exchange held $2.2 billion in SRM tokens as of earlier this week.

Critical infrastructure

Despite its sluggish popularity and connections to Bankman-Fried, Serum isn’t the kind of project that Solana DeFi can walk away from and forget. Protocols that have been optimized for Serum still rely on it to function.

James Moreau, a key contributor at Jet protocol, said the project is nearly finished building a DeFi product that integrates with Serum.

“Trying to re-architect it for another platform makes no sense when it’s not even done,” he said. “I’d say we need to finish what we started and then assess the situation after.”

A spokesperson for the Solana Foundation told CoinDesk the organization was following developers’ effort to “contain risks around Serum.”

The lead figure in that effort, Mango Max, declined to comment.

Their campaign is working to “fork” Serum – basically recreate its codebase and start it anew, according to Chow, the co-founder of Jupiter DEX. Major ecosystem developers will share program update authority, he said.

The result of Saturday’s crisis could lead to a new Serum with a more credible claim to decentralization than SBF’s ever had. That is a positive, according to Chow.

“Probably better in the long run as Serum was languishing anyway,” he said.