Solana’s developers forked the widely used token liquidity hub Serum after being compromised by a hack on the bankruptcy exchange FTX on Nov. 11 that led to a series of unauthorized transactions. 

According to pseudonymous developer Mango Max on Twitter, a “verified build of the same version has been made and deployed” on Nov 12. Additionally, the upgrade authority and fee revenues “have been changed and are now managed by a multi-sig controlled by a team of trusted developers.” Serum (SRM) and MegaSerum (MSRM) tokens, as well as fee discounts, were not changed and were working as before.

The development took place on the weekend. Solana co-founder Anatoly Yakovenko tweeted that developers depending on serum were forking the code after the upgraded key was compromised, adding that many “protocols depend on serum markets for liquidity and liquidations.”

In a Twitter thread, Mango Max said that the Serum update key was not controlled by the Serum decentralized autonomous organization (DAO) but by a private key connected to FTX and no one could confirm who controlled the keys. The private key was necessary to update the original version of Serum, leading the developers to fork the code, as the private key is under FTX control. 

Mango Max also noted that:

“When I reached out to a couple of people previously involved with Serum, I got answers like: ‘I wish I had more info to help you, but I really don’t.’”

Liquidity providers such as Jupiter, the most popular aggregator on Solana, confirmed turning off Serum as a liquidity source “due to security concerns about upgrade authorities, and we also encouraged all our integrators to do the same.” Other projects such as Mango Markets and SolBlaze also announced integration with the new fork.

As reported by Cointelegraph, an attack led to $659 million in outflows from FTX and FTX US on Nov 11. FTX US general counsel Ryne Miller confirmed later that the transactions were unauthorized and that FTX US had moved all remaining crypto into cold storage as a precaution.

A blog post from blockchain forensics firm Elliptic suggests that the drain has seen various tokens on Ethereum, BNB Smart Chain and Avalanche removed. Of the $663 million drained, around $477 million is suspected of having been stolen, while the remainder is believed to have been moved into secure storage by FTX.