FTX’s Shocking ‘Control Failures’ Unveiled: Unauditable Alameda, Cybersecurity Lapses, and Lost Customer Funds

The crypto world is still reeling from the collapse of FTX, once a giant in the industry. Now, under the new leadership of CEO John Ray III, tasked with cleaning up the mess left behind by Sam Bankman-Fried (SBF), the first interim report on FTX’s operational failures is out. And it’s a bombshell.

What Does the FTX Interim Report Reveal?

Released on Sunday afternoon, this comprehensive 45-page report by FTX Trading Ltd. and its affiliated debtors paints a picture of chaos and mismanagement that’s frankly hard to believe for a company handling billions of dollars. The report doesn’t mince words, detailing a litany of critical failures:

• Sloppy Record-Keeping: Imagine a multi-billion dollar company that can’t keep track of its own finances. The report highlights a shocking lack of proper record-keeping, making it nearly impossible to understand the true financial state of FTX and Alameda Research.
• Non-existent Cybersecurity Defenses: In the digital age, especially in crypto, cybersecurity is paramount. However, FTX’s defenses were described as practically non-existent, leaving the exchange and its vast customer funds incredibly vulnerable.
• Lack of Expertise: Critical areas like finance and cybersecurity were managed by individuals lacking the necessary expertise, leading to predictable and catastrophic outcomes.

These aren’t minor oversights; these are fundamental control failures that should never occur at any financial institution, let alone a leading crypto exchange.

Alameda Research: ‘Unauditable’ and Out of Control?

One of the most alarming revelations in the report centers around Alameda Research, the trading firm closely linked to FTX. Allegedly, Alameda had access to billions of dollars of FTX customer funds. But here’s the kicker: Alameda itself seemed to have no idea what it was doing.

According to the report, Alameda “frequently had difficulty understanding its positions, let alone hedging or accounting for them.” This isn’t just bad management; it’s financial recklessness on a staggering scale.

Former CEO Sam Bankman-Fried, in internal communications, described Alameda as “hilariously beyond any threshold of any auditor being able to even partially complete an audit.” Let that sink in.

SBF reportedly stated:

“Alameda is unauditable… I don’t mean ‘a major accounting firm will have reservations about auditing it,’ but rather ‘we can only guess at what its balances are, let alone something like a comprehensive transaction history.’ We occasionally discover $50 million in assets that we have lost track of; such is life.”

This quote, directly from the report, is jaw-dropping. It suggests a level of financial disorganization that is almost unbelievable, especially considering the sheer volume of money involved.

Centralized Power and Lack of Oversight: The SBF, Wang, and Singh Trio

The report points to a highly centralized and dangerously unchecked power structure at FTX. Most major decisions were tightly controlled by a small group of individuals:

• Sam Bankman-Fried (SBF): The former CEO, now facing criminal charges, appears to have been the ultimate decision-maker, with little to no oversight.
• Gary Wang (CTO): Co-founder and CTO, Wang, who has pleaded guilty and is cooperating with authorities, held immense sway over FTX’s technical architecture.
• Nishad Singh (Engineering Director): Another key figure in FTX’s engineering, Singh, also cooperating with authorities after pleading guilty, shared similar levels of control.

The report highlights just how critical Wang and Singh were to FTX’s operations. One former executive even stated, “If Nishad [Singh] got hit by a bus, the whole company would be done.” The same sentiment applied to Gary Wang. This level of dependency on just two individuals for the entire technical infrastructure of a major exchange is a massive red flag.

Cybersecurity? An Afterthought at FTX

In today’s digital landscape, cybersecurity should be a top priority for any financial institution, especially one dealing with digital assets. However, at FTX, it seems to have been an afterthought.

The report states that FTX had “no dedicated personnel” in cybersecurity. Instead, these crucial responsibilities were left to Singh and Wang, neither of whom possessed the necessary expertise and training to handle the complex cybersecurity needs of a global crypto exchange. This lack of dedicated cybersecurity focus is a critical failure that left FTX wide open to vulnerabilities.

Private Key Management: A ‘Shambolic’ Mess

Private keys and seed phrases are the keys to the kingdom in the crypto world, controlling access to digital assets. The report reveals that FTX’s management of these critical elements was, in a word, “shambolic.” Here are some of the alarming examples detailed in the report:

• Plain Text Storage: Private keys for over $100 million in Ethereum assets were stored in plain text, unencrypted, on an FTX Group server. This is akin to leaving the keys to a bank vault lying on the street.
• Shared Access to Keys: Single-signature-based keys controlling billions of dollars were stored in AWS Secrets Manager or password vaults accessible by numerous employees. This drastically increases the risk of unauthorized access or internal breaches.
• Lack of Backups: Many private keys were stored without any backup procedures. This means if a key was lost or compromised, the associated funds would be permanently lost.

These examples are just the tip of the iceberg. The report suggests a systemic failure to implement even basic security protocols when it came to managing private keys, the very foundation of crypto asset security.

John Ray III’s Verdict: A Failure of Control

John Ray III, the new CEO brought in to navigate FTX through bankruptcy and its aftermath, doesn’t hold back in his assessment. In a statement accompanying the report, he states:

“In this report, we provide details on our findings that FTX Group failed to implement appropriate controls in areas that were critical for safeguarding cash and crypto assets… FTX Group was tightly controlled by a small group of individuals who falsely claimed to be responsible FTX Group managers but had little interest in instituting oversight or implementing an appropriate control framework.”

Ray’s statement is a damning indictment of the previous leadership at FTX. It highlights not just incompetence but a fundamental lack of interest in establishing the basic controls necessary to protect customer funds and operate a responsible financial institution.

What Does This Mean for the Future of Crypto?

The FTX collapse and the revelations in this interim report are a stark reminder of the risks within the cryptocurrency industry. While crypto offers innovation and potential, it also comes with significant challenges, particularly in terms of regulation, security, and oversight.

This report serves as a wake-up call for the entire crypto space. It underscores the critical need for:

• Stronger Regulatory Frameworks: Clearer and more robust regulations are needed to protect consumers and ensure the stability of the crypto market.
• Enhanced Cybersecurity Practices: Crypto exchanges and related businesses must prioritize cybersecurity and implement robust security measures to safeguard assets.
• Independent Audits and Oversight: Regular, independent audits and stronger internal controls are essential for building trust and preventing future collapses.
• Experienced Management: Crypto companies need leadership with experience in traditional finance and risk management, not just tech enthusiasts.

The FTX saga is far from over, but this interim report provides crucial insights into what went wrong. It’s a lesson learned, albeit a painful one, for the crypto industry and a call to action for greater responsibility and accountability moving forward. The future of crypto depends on it.