‘Hubris’, hot wallets and missing millions: FTX’s new bankruptcy report

Quick Take

  • A new interim report in the ongoing FTX bankruptcy saga paints a stark picture over how insecure assets of the exchange were and provides more detail on corporate incompetence and possible malfeasance. 

A new report related to the bankruptcy of FTX and its affiliated companies provided fresh detail as to how dysfunctional Sam Bankman-Fried’s global crypto empire was.

The report, prepared by the company’s caretaker CEO John Ray III and an outside legal team, adds more detail to the chaos of Bankman-Fried’s business practices, which it ascribes to "hubris, incompetence, and greed."

Here are highlights from the 43 page document

‘Hot’ wallets were a hot mess 

Had Bankman-Fried not been accused of fraudulent activity, it’s possible FTX and its affiliates would’ve failed due to massive security concerns outlined in the fresh report. Keys to hot wallets holding tens of millions of dollars-worth of assets weren’t securely stored, and the reliance on hot wallets themselves goes against standard industry practice, the report says. 

“[T]he FTX Group kept virtually all crypto assets in hot wallets, which are far more susceptible to hacking, theft, misappropriation, and inadvertent loss than cold wallets because hot wallets are internet-connected,” the report said. “Prudently-operated crypto exchanges keep the vast majority of crypto assets in cold wallets, which are not connected to the internet, and maintain in hot wallets only the limited amount necessary for daily operation, trading, and anticipated customer withdrawals.”

In the report, Ray alleges that Bankman-Fried and others “lied” when asked about their security practices by customers and counterparties. 

Those wallets did not require multisignature capabilities to transfer assets, meaning any one employee could remove millions of dollars-worth of assets, and keys to wallets weren’t well-protected. 

FTX’s current management identified private keys for different wallets, including one with over $100 million in “Ethereum assets”, stored in plain text without encryption and easily accessible. Separately, private keys to billions of dollars-worth of additional digital assets were stored within an Amazon Web Services password manager that “many FTX Group employees” had access to and could transfer those assets by themselves, whenever they wanted to. 

Alameda Research, the sister hedge fund owned by Bankman-Fried, had similar security issues. 

“For example, a key for $600 million dollars’ worth of crypto assets was titled with four non-descriptive words, and stored with no information about what the key was for, or who might have relevant information about it. [Bankman-Fried companies] identified other keys to millions of dollars in crypto assets that were simply titled ‘use this’ or ‘do not use,’ with no further context.”

To punctuate its point, the report notes that $432 million worth of digital assets were stolen from FTX by a malicious actor the night the majority of the crypto empire was placed into bankruptcy by Bankman-Fried. The report says that $1.4 billion of digital assets have been recovered and secured in cold wallet storage, but have identified an additional $1.7 billion in digital assets that still need to be recovered. 

Blockchain analysis firms TRM and Chainalysis have been contracted to assist in tracking down those assets. 

FTX and Alameda’s digital assets could’ve been lost forever

Aside from being highly vulnerable to theft or hacking, a number of wallet keys weren’t backed up. 

“Many FTX Group private keys were stored without appropriate backup procedures such that if the key was lost, the associated crypto assets would likely be permanently lost,” putting the world’s then-second largest digital asset firm in the same position as individual crypto owners who forgot to transfer their private key over from an old laptop. 

“Because the FTX Group failed to maintain appropriate records of access to private keys, employees or others could potentially copy those keys to their own electronic devices and transfer the associated crypto assets without detection,” the report continues. 

There’s always (FTX) money in Alameda

Alameda Research, the investment firm co-founded by Bankman-Fried and Wang prior to FTX, had no idea how much money it had, or didn’t have. But the firm kept operating through money it took from FTX in return for IOUs, if anything at all. 

“Alameda often had difficulty understanding what its positions were, let alone hedging or accounting for them,” the report reads. “For the vast majority of assets, Alameda’s recordkeeping was so poor that it is difficult to determine how positions were marked.”