Is Serum Safe?
Risk Grade: C (45/100)
Serum is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Limited Data Available
This protocol has limited public documentation. Our analysis may not fully capture all risk dimensions.
Elevated risk — abandoned protocol with realized centralization failure; serves as a cautionary example of upgrade authority and token concentration risks in DeFi.
Serum was a pioneering on-chain central limit order book (CLOB) on Solana that served as the shared liquidity layer for much of Solana's DeFi ecosystem. After the FTX collapse in November 2022, the protocol was effectively abandoned because FTX controlled the program upgrade key and held 97% of the SRM token supply. The community forked the protocol to OpenBook, and Serum's TVL collapsed from $121.7M to under $500K. It received a C+ risk grade primarily due to its catastrophic track record and abandoned state, despite the original technical design being relatively straightforward.
TVL
$15M
Mechanisms
6
Interactions
5
Value Grade
F
Key Risks for Serum Users
Abandoned protocol: Serum has no active development team, security monitoring, or maintenance since the FTX collapse in November 2022. Any remaining funds in the contracts face unpatched vulnerability risk with no one available to fix issues.
Centralization failure realized: FTX controlled the program upgrade key for Serum, meaning one entity could unilaterally modify the protocol. This exact centralization risk materialized catastrophically during the FTX collapse, demonstrating why upgrade authority decentralization matters.
Token concentration: FTX and Alameda Research held approximately 97% of all SRM tokens, making it one of the most concentrated token distributions in major DeFi history. SRM has lost over 99% of its value and has minimal utility.
Top Risk Factors
- •Protocol is effectively abandoned after FTX collapse — the upgrade authority key was controlled by FTX, and the community forked to OpenBook rather than continuing Serum development
- •FTX/Alameda held approximately 97% of SRM token supply, creating extreme centralization that was fully realized when the exchange collapsed
- •No active development, maintenance, or security monitoring — any remaining TVL faces smart contract risk with no team available to patch vulnerabilities
How Serum Compares to Peers
Serum ranks #97 of 111 DEX protocols (bottom quartile — among the riskiest). At a risk score of 45/100, it's 11 points riskier than the sector average of 34/100.
Adjacent peers: Saphyre V3 (C, 44/100) is ranked just safer, and Fjord Foundry (C, 45/100) is ranked just riskier.
See the full DEX sector leaderboard or the Serum vs Fjord Foundry comparison.
Common Questions about Serum
Plain-English answers based on Serum's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Track Record (15/15).
Has Serum ever been hacked or exploited?
Serum has a documented incident history that materially raised its risk grade — the track record dimension scored 15/15, near the high end of the scale. Past exploits, governance failures, or contract issues are baked into this rating. Anyone considering deposits should review the incident details before allocating capital.
How much money is at stake in Serum?
Serum currently holds roughly $15M in user deposits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Serum?
Hindenrank has identified specific collapse scenarios for Serum. The most prominent: "Centralized Upgrade Authority Exploit (Realized)". The trigger condition is Entity controlling the program upgrade key uses it maliciously or loses control of it — this scenario actually materialized during the FTX collapse. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Serum regulated or insured?
Serum has low regulatory exposure on Hindenrank's framework (3/10). The protocol is structured in a way that minimizes counterparty and jurisdiction concentration, though regulatory risk in crypto can change rapidly. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Serum?
Hindenrank's retail-focused risk audit flagged: Abandoned protocol: Serum has no active development team, security monitoring, or maintenance since the FTX collapse in November 2022. Any remaining funds in the contracts face unpatched vulnerability risk with no one available to fix issues. Centralization failure realized: FTX controlled the program upgrade key for Serum, meaning one entity could unilaterally modify the protocol. This exact centralization risk materialized catastrophically during the FTX collapse, demonstrating why upgrade authority decentralization matters. Token concentration: FTX and Alameda Research held approximately 97% of all SRM tokens, making it one of the most concentrated token distributions in major DeFi history. SRM has lost over 99% of its value and has minimal utility. On the technical side, 1 critical-severity interaction risk has been identified.
Should beginners deposit into Serum?
Serum's C grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Serum compare to safer DEX alternatives?
Serum is one protocol in Hindenrank's DEX coverage. The safest DEX protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Serum against the full DEX ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Serum risk report.
Read the Full Serum Risk Report
This protocol has 2 collapse scenarios. 1 critical and 1 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.