In these days of witness hearings in the FTX case, gruesome details are coming out about how the company was run. Adding to these are some revelations externalized by some former employees, including one involving multimillion-dollar losses by Alameda Research due to crypto scams.
So in addition to the company’s economic and financial mismanagement, there would be an overdose of naiveté and ignorance.
Crypto scams: the lack of security in FTX and Alameda
The revelation regarding the crypto scam suffered by Alameda Research was published in X by former employee Aditya Baradwaj.
Baradwaj, who is a software engineer, reports that Alameda Research’s security practices were poor, and resulted in the loss of hundreds of millions of dollars.
According to Baradwaj, FTX had poor risk management facilities, so much so that the former employee recalls the comment of bankruptcy trustee John Ray who spoke of a complete failure of corporate controls.
The problem allegedly stemmed from Sam Bankman-Fried‘s (SBF) own approach that the most important thing for a startup like Alameda or FTX was not safety, the ability to move very fast.
That is why it would ignore good engineering and accounting practices that are instead considered standards in technology and financial services companies.
All this involved virtually no verification of computer codes, and incomplete accounting. Security checks on trading would be done only when necessary.
Even the private keys of crypto wallets were stored in plain text in a file that could be accessed by several employees.
In this way, according to Baradwaj, FTX was moving at a speed that would make any Silicon Valley software engineer weep with joy, but creating serious security incidents every few months.
The crypto scams against Alameda
One such incident was a real crypto scam suffered by Alameda.
In fact, Baradwaj reports that an Alameda trader was a victim of phishing while attempting to complete a DeFi transaction. He accidentally clicked on a malicious link promoted at the top of Google’s search results, and ended up sending more than $100 million to the scammers’ address.
At this point they implemented additional controls on the software that managed the internal wallets, but the problems continued.
In fact, at one point Alameda began yield farming on a new dubious blockchain, so much so that its creator ended up holding the company’s funds hostage. This produced a further loss of $40 million.
In reaction to this other problem they decided to pay more attention to blockchain and the DeFi protocols to be used.
The former employee also reports a third incident.
In fact he claims that an old version of the file in which the private keys were stored in plain text leaked to the outside world, probably because of another former employee. Because of this alleged theft they lost another $50 million.
Only then did they move the private keys to a more secure storage system.
The incidents did not stop there, however, and what should give more pause is that the millions of dollars lost were most likely funds held on behalf of the exchange’s clients.
Baradwaj reports that according to FTX’s founder, SBF, it was worth taking these risks, and bearing these losses, since the main purpose was to grow fast.
Besides, they were not their own funds, so they probably did not care much about those losses.
The former employee points out that after all those incidents, however, no serious attempt was made to change the modus operandi.
He comments by saying:
“It’s the kind of risk-taking that seems to work… until it doesn’t.”
Now it is not surprising that SBF is accused of committing crimes, because such an attitude is really far beyond what the law would allow.
The financial standards
None of this would practically be possible in the traditional financial system, where there are (or should be) quite different security standards.
First, there is separation between corporate-owned funds and those held on behalf of clients. The latter should never be used by the company to finance its own expenses.
In addition, IT security standards are much higher, as evidenced by the very rare cases of hacking of IT systems of, for example, traditional banks.
Finally, security is always put first, and not relegated to an inconvenient frill that people try to give up as much as possible.
In light of all the details that are coming out regarding the management of FTX and Alameda Research, it is possible to imagine that defendant Sam Bankman-Fried bears considerable responsibility for what happened, and that he is unlikely to avoid conviction.
It is also possible to imagine that the collapse of such a system was only a matter of time.