Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*zx2ZmpyUomnigXGFwTd-Tw.png"><figcaption></figcaption></figure>Not only is it randomly placed on the bottom right of things, but it never showed a Wallet Balance or an Unsettled Balance.Similarly, Serum has a bug or something that isn’t showing trade history, as you can see in the bottom left. If there’s something I’m missing here, please let me know. I checked a half dozen times to make sure my wallet was connected. In my almost decade long of using janky crypto trading platforms, I’ve never seen trade history’s not show up. Long story short, Serum has bugs, or at a minimum a UI that can use an upgrade.Next, it turns out the Telegram group I went to was actually a well-produced fake that was spun up specifically to scam people. A con artist spun up a fake Serum group, bought 49k fake followers, and made Telegram think it was the official Serum in search results somehow — coming up on top of search. I’m guessing this is because the real Serum only has 11k followers.<figure id="ac1f"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*7nl-_NOEtyRK7UPdSbYX0Q.png"><figcaption></figcaption></figure>Once I clicked into the fake Telegram, the person who presented themselves as the admin was actually the scam artist. And even though it seemed like every other Telegram group you’ve ever seen, it was a big hoax. A few clicks later and I was wiped clean of $30k. It’s not the most money in the world, but it’s enough to make it hurt.<h1 id="45c4">Lessons Learned and what Serum (and others) can do to protect users</h1>Again, let me start by saying this is my fault. You shouldn’t click on links you don’t know\dots that said I checked twice to make sure it was the admin I was talking to and that this was the right Serum group. Well, at least it was the group that showed up when I typed in Serum on Telegram which I’ve never seen not be the real group before. That said, double checking the letter for letter telegram name is the move if hackers are getting this sophisticated. Then I would have noticed the extra “en”Also, Serum has a link to their Discord on their page and I could have clicked that link. Call me old school, I still like to use Telegram though\dotsNow for what Serum can do, and I’m guessing this extends to a lot of other DeFi projects as well, especially on the Solana ecosystem, which feel less user friendly than Ethereum projects.1. Fix UI Problems and clearly communicate them until they are fixedI’m sure I’m not the first person to face this settlement issue. In fact, I would bet this is an ongoing problem they are facing every day now as people start trying out Solana and wanting to get into hot coins like$ SBR or $RAT. Now I do believe there is a settlement warning sign somewhere on Serum, but it’s the same color and size as all the other text on the page and seems unimportant. It would benefit users to see a bright or bold notification to let people know of things, or a way to breadcrumb users to wherever the settlement button is.2. F

Options

ix bugs and notify users until they are fixedThere’s absolutely no excuse for a DEX to not show your order history. It’s a clear sign that there are problems with the platform and makes users worry about their funds being SAFU. If customers panic, bad things happen in DeFi. Additionally, the Wallet Balance and Unsettled wallet balances never showed anything. I was using Phantom Wallet to login. I can’t confirm this yet, but my theory is either Phantom isn’t fully integrated with Serum yet or the top modules of the page don’t connect with the bottom modules, which show settlement and trade history.<figure id="ce43"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*W4vSA12qBvJu9_U4VMiVbQ.png"><figcaption></figcaption></figure>3. Actively watch Telegram and Discord for scam groups popping upI’m sorry, but you’re a Unicorn DEX on the fastest growing Ecosystem. You, or Solana, can afford to have someone watching out for scam groups to report them. Somehow Telegram thought that a fake Serum was real and your account wasn’t worth showing in search results. Whatever is causing that to happen shouldn’t. You have the time and the resources to solve for this, because if I’m getting scammed, I’m sure when non native crypto people join they’ll be scammed too.4. Consider a support channel outside DiscordYou have a 24/7 customer support link that leads to Discord, but not everyone is comfortable there. I was actually hoping for a call in number, which would have been ideal. I haven’t seen this done much yet, but I imagine DeFi Customer Service is going to be a pretty important thing to nail down if we want to expand to the masses. And that’s not going to happen on Discord.Live to Fight Another DaySolana’s ecosystem is fun and I’m down to explore more on it. But fuck, that wasn’t fun. As they continue to develop I hope they find better ways to make sure their top DeFi platforms are doing everything they can to keep customers safe and communicate things effectively. FTX — Solana — Serum are the three horsemen of Alameda and I never expected the main DEX on the platform to be so un-user friendly. Like they say, DYOR. I hope this story helps others.If you want to try and find the scammer who drained me, check out their wallet <a href="https://explorer.solana.com/address/7UQA9JpXykdznFog4o4HDahcb1RqkZi38cm2ac5WjNQ8">https://explorer.solana.com/address/7UQA9JpXykdznFog4o4HDahcb1RqkZi38cm2ac5WjNQ8</a>I think they have around $40M SOL and$ 10M USD <a href="https://explorer.solana.com/tx/2t1xwxAkshh9enLZdTsBd8RaPbxf783GaWQp7NqumJ1sUixr7F2UY1EqA3BTDz2VnWED4x6aVz4t6Tn1zRYT1Sza">in their wallet</a>… been a big week for them..<figure id="86fa"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*DD6-eiya5bsfMA6S0l0zLQ.png"><figcaption></figcaption></figure>People say SBF is pretty amazing. Maybe he can figure out a way to find the $50M Solana hacker. One nice thing about POS is it’s easy for the right person to trace the IP address back to the user.</article></body>

I GOT SCAMMED ON SOLANA! AND YOU CAN TOO.

Be careful using Solana DeFi. It’s fun and fast, but still new and full of bugs. Which makes it a breeding ground for scammers waiting for you when you come looking for help.

First let me start by saying this is kind of my fault. But at the same time it’s kinda Serum’s too. Here’s the story of how an experienced crypto trader, who’s never come close to getting hacked before allowed himself to be duped by a scammer.

How it went down

Like everyone in crypto right now, I wanted to start playing in the Solana ecosystem. So I bought a bag and transferred it to my wallet to start exploring. Through Phantom you can make trades which was cool to start, but I wasn’t sure I was getting the best rates.

My problems started when I used Serum, the core infrastructure of Solana DeFi to make a trade. I put in a limit order to sell something and left my computer. When I came back the open order was gone (executed), but the $USDC didn’t show in my wallet. I was freaked out! I went into my trading history and the trade didn’t show. But the asset was gone from my wallet, so the trade had to have gone through. I searched around for 10 minutes but there was nothing to show me what happened.

Next, I went on to Solana’s block explorer and found the trade in my transactions. I could see the asset sold ($SBR) and that the $USDC was likely being held in a large Serum USDC wallet.

Confused and lost on what to do next, I figured I would contact Serum support to get assistance. In 8 years of trading I’ve never seen funds not delivered to my wallet after a trade. I figured I would drop in their Telegram and ask an admin. Easy enough, I went to telegram, typed in Serum and this came up:

I clicked the Serum with 49,000 members and asked if there was an admin who could help me. I quickly explained what happened and he said to DM him and send screen shots.

Soon after, he sent me a link to a Wallet Connect site that would fix the problem they were having (seemed reasonable enough).

And then my Phantom wallet got drained.

$30k. Gone in a Flash. Brutal.

So what happened

Well fuck.

It turns out that Serum has this feature — unlike any other DEX I’ve seen where you have to manually settle trades after an order executes. Meaning they hold the funds until you click some obscure “settlement” button.

Not only is it randomly placed on the bottom right of things, but it never showed a Wallet Balance or an Unsettled Balance.

Similarly, Serum has a bug or something that isn’t showing trade history, as you can see in the bottom left. If there’s something I’m missing here, please let me know. I checked a half dozen times to make sure my wallet was connected. In my almost decade long of using janky crypto trading platforms, I’ve never seen trade history’s not show up. Long story short, Serum has bugs, or at a minimum a UI that can use an upgrade.

Next, it turns out the Telegram group I went to was actually a well-produced fake that was spun up specifically to scam people. A con artist spun up a fake Serum group, bought 49k fake followers, and made Telegram think it was the official Serum in search results somehow — coming up on top of search. I’m guessing this is because the real Serum only has 11k followers.

Once I clicked into the fake Telegram, the person who presented themselves as the admin was actually the scam artist. And even though it seemed like every other Telegram group you’ve ever seen, it was a big hoax. A few clicks later and I was wiped clean of $30k. It’s not the most money in the world, but it’s enough to make it hurt.

Lessons Learned and what Serum (and others) can do to protect users

Again, let me start by saying this is my fault. You shouldn’t click on links you don’t know… that said I checked twice to make sure it was the admin I was talking to and that this was the right Serum group. Well, at least it was the group that showed up when I typed in Serum on Telegram which I’ve never seen not be the real group before. That said, double checking the letter for letter telegram name is the move if hackers are getting this sophisticated. Then I would have noticed the extra “en”

Also, Serum has a link to their Discord on their page and I could have clicked that link. Call me old school, I still like to use Telegram though…

Now for what Serum can do, and I’m guessing this extends to a lot of other DeFi projects as well, especially on the Solana ecosystem, which feel less user friendly than Ethereum projects.

1. Fix UI Problems and clearly communicate them until they are fixed

I’m sure I’m not the first person to face this settlement issue. In fact, I would bet this is an ongoing problem they are facing every day now as people start trying out Solana and wanting to get into hot coins like $SBR or $RAT. Now I do believe there is a settlement warning sign somewhere on Serum, but it’s the same color and size as all the other text on the page and seems unimportant. It would benefit users to see a bright or bold notification to let people know of things, or a way to breadcrumb users to wherever the settlement button is.

2. Fix bugs and notify users until they are fixed

There’s absolutely no excuse for a DEX to not show your order history. It’s a clear sign that there are problems with the platform and makes users worry about their funds being SAFU. If customers panic, bad things happen in DeFi. Additionally, the Wallet Balance and Unsettled wallet balances never showed anything. I was using Phantom Wallet to login. I can’t confirm this yet, but my theory is either Phantom isn’t fully integrated with Serum yet or the top modules of the page don’t connect with the bottom modules, which show settlement and trade history.

3. Actively watch Telegram and Discord for scam groups popping up

I’m sorry, but you’re a Unicorn DEX on the fastest growing Ecosystem. You, or Solana, can afford to have someone watching out for scam groups to report them. Somehow Telegram thought that a fake Serum was real and your account wasn’t worth showing in search results. Whatever is causing that to happen shouldn’t. You have the time and the resources to solve for this, because if I’m getting scammed, I’m sure when non native crypto people join they’ll be scammed too.

4. Consider a support channel outside Discord

You have a 24/7 customer support link that leads to Discord, but not everyone is comfortable there. I was actually hoping for a call in number, which would have been ideal. I haven’t seen this done much yet, but I imagine DeFi Customer Service is going to be a pretty important thing to nail down if we want to expand to the masses. And that’s not going to happen on Discord.

Live to Fight Another Day

Solana’s ecosystem is fun and I’m down to explore more on it. But fuck, that wasn’t fun. As they continue to develop I hope they find better ways to make sure their top DeFi platforms are doing everything they can to keep customers safe and communicate things effectively. FTX — Solana — Serum are the three horsemen of Alameda and I never expected the main DEX on the platform to be so un-user friendly. Like they say, DYOR. I hope this story helps others.

If you want to try and find the scammer who drained me, check out their wallet https://explorer.solana.com/address/7UQA9JpXykdznFog4o4HDahcb1RqkZi38cm2ac5WjNQ8

I think they have around $40M SOL and $10M USD in their wallet… been a big week for them..

People say SBF is pretty amazing. Maybe he can figure out a way to find the $50M Solana hacker. One nice thing about POS is it’s easy for the right person to trace the IP address back to the user.