CEFI

Accounting and cybersecurity chaos lead to FTX bankruptcy, FTX bankruptcy team report: SBF first resolved problematic individuals

share
Accounting and cybersecurity chaos lead to FTX bankruptcy, FTX bankruptcy team report: SBF first resolved problematic individuals

FTX reorganized its team and released its first official report, mainly explaining the shortcomings committed by former executives such as SBF, including governance, finance, digital asset management, and cybersecurity. The report was completed by experts in the fields of law, accounting, cybersecurity, cryptography, blockchain, etc., reviewing over 1 million documents and conducting interviews with 19 former FTX employees.

Reasons for FTX Bankruptcy Part One: Failures in Management and Governance

1. Centralization: Nishad Singh and Gary Wang Holding Too Much Power

Many responsibilities were not shared with other executives. When discussing FTX's technical architecture, former executives described it in this way:

If Engineering Director Nishad Singh were hit by a bus one day, the whole company would be finished, and the same goes for CTO Gary Wang.

2. Addressing Troublesome Individuals

FTX.US CEO Brett Harrison lacked authority. After voicing concerns about management structure and personnel issues to SBF, Harrison's bonus was significantly reduced.

A former FTX legal advisor also demanded that Harrison apologize to SBF but was rejected. Another former lawyer was immediately dismissed for not following company law at Alameda.

Reasons for FTX Bankruptcy Part Two: Failures in Finance and Accounting

1. FTX Lacks a CFO

Reports indicate that FTX employs accounting staff with low professional capabilities, primarily outsourcing to a small accounting firm without experience in cryptocurrency and international finance. Key executives are missing, including:

  • CFO

  • Chief Risk Officer

  • Chief Audit Executive

  • Global Chief Financial Officer

2. Assets Stuck in Other Exchanges, Unclear Accounts

FTX has over a thousand accounts on major exchanges, but lacks the information to access these accounts. Most account names and emails are unrelated to FTX, making investigations difficult.

The restructuring team emphasized efforts to locate these accounts, but access often requires extensive document reviews and interviews with current and former employees.

3. SBF: Alameda's Accounts Can Only Be Approximated

Reports indicate that Alameda is unclear about its positions, let alone hedging or accounting.

In a meeting, SBF humorously mentioned that Alameda cannot be audited:

Alameda cannot be audited, and I'm not saying "large accounting firms will be cautious about auditing Alameda." We really can only understand approximate balances, forget about complete transaction history. Sometimes we suddenly discover forgotten $50 million, just like life.

More details: Review of FTX's Demise, SBF's Self-disclosure: Alameda's Finances Are So Chaotic They Can't Be Audited

4. Invoicing and Approval Through Slack, Emojis for Approval

Reports claim that Slack, Signal, and other software are frequently used by FTX for formal approvals, including administrative expenses, invoice payments, and internal personnel loans. The use of automatic deletion functions makes tracking cash flows difficult.

5. Sole Use of QuickBooks for Accounting

FTX's 56 entities lack financial statements, with 35 companies using QuickBooks, a system used by small and medium-sized businesses and freelancers, for accounting.

FTX also relies on a mix of Google Docs, Slack, and Excel to manage assets and liabilities. For FTX, which handles billions of dollars, QuickBooks is inadequate.

6. Alameda Exempt from Liquidation Mechanism

FTX tampered with Alameda's code on the platform, granting it unrestricted trading and withdrawal abilities and exempting it from the liquidation process for contract users.

Points 4, 5, and 6 were previously mentioned in legal documents: 30-page legal documents, Anlong case lawyer John Ray with 40 years of experience: Unprecedentedly bad

Reasons for FTX Bankruptcy Part Three: Low Awareness of Cybersecurity

1. Cryptocurrencies Stored in Hot Wallets

FTX, FTX.US, and Alameda failed to systematically monitor idle assets for more than two days and did not transfer them to cold wallets. However, SBF claimed on Twitter that FTX met standard wallet settings.

Previous Slack conversations also revealed that FTX staff mentioned internally: "About 70% in cold wallets, 30% in hot wallets." Another employee suggested that if non-regulatory agencies asked, the response should be, "90% in cold wallets, 10% in hot wallets."

2. Lack of Multi-signature Management, All Private Keys Centralized

FTX stores all three private keys required for transferring authorized encrypted assets in the same location.

Other instances include:

  • The restructuring team found wallets with over $100 million in assets, with private keys stored in plain text, unencrypted on FTX servers.

  • Private keys for assets worth billions are stored using the AWS Secrets Manager through Amazon certificate management.

  • Private keys for millions in encrypted assets are only labeled as "use this" or "do not use," with no further annotations.

FTX Bankruptcy Restructuring Team: Controls Over $30 Billion in Assets

The report concluded that FTX placed cryptocurrencies and funds at risk from the start, complicating the work of the restructuring team after bankruptcy. However, the team has made substantial progress, recovering over $14 billion in encrypted assets stored in cold wallets.

Additionally, another $17 billion in cryptocurrencies is being traced and will provide creditors with the latest investigation updates in the future.