FTX stored private keys without encryption, the exchange's new chief said

FTX previously stored private keys to crypto wallets without encryption during Sam Bankman Fried's reign, leaving "hundreds of millions of dollars" vulnerable to theft or other malicious activity. 

The revelation was part of the prepared testimony to the U.S. House Financial Services Committee from from new Chief Executive John Ray III, who said he took steps to secure more than $1 billion worth of digital assets. 

Private keys are used to access and authorized funds held in crypto wallets, and they must be carefully stored on systems that simultaneously leverage encryption technology. When private keys are stored in an unencrypted fashion, they may have exposed the now-collapsed cryptocurrency exchange to unauthorized transfers, security experts say. 

“FTX storing private keys unencrypted would allow any employee with internal systems access, or any external actor who is able to obtain systems access, to move, and/or steal, customer funds relatively trivially,” Nick Neuman, CEO at non-custodial wallet provider Casa, told The Block.

Since keys were previously stored unencrypted on FTX, there are a variety of ways in which someone can acquire private keys, such as by hacking into a system or phishing attempts.

In November, exchange wallets belonging to FTX were seemingly hacked to the tune of an estimated $300-$400 million, per estimates from security firms: Halborn and PeckShield. While the identity of the hacker has still remained unknown, Bankman-Fried spoke of a “disgruntled employee” or a bad actor who may have stolen private keys to its crypto wallets.

A month after the crypto exchange he founded filed for bankruptcy protection, U.S. authorities have charged the former Bankman-Fried with fraud.