October 12, 2023 at 09:51 GMTModified date: October 12, 2023 at 09:51 GMT
October 12, 2023 at 09:51 GMT

Lax security at Alameda led to losses over $200m, says ex-employee

As the court heard multiple testimonies in the SBF trial, the public got a view of the inside workings of Alameda Research on X (formerly Twitter).

Lax security at Alameda led to losses over $200m, says ex-employee

As the court heard multiple testimonies in the Sam Bankman-Fried trial, the public got a view of the inside workings of Alameda Research on X (formerly Twitter). This was revealed by Aditya Baradwaj, an ex-employee of the former Sam Bankman-Fried-run trading company.

Baradwaj claimed Alameda to have lost at least $200million to a variety of phishing attacks that is common in the industry. According to him, this was a result of weak security practices undertaken by the company.

“SBF believed that the single most important thing for a startup like Alameda or FTX was being able to move very, very fast. So much so that he decided to ignore engineering and accounting practices that are considered standard at tech companies and financial services firms,” said the ex-employee on X.

He then asserted that there was virtually no code testing or incomplete balance accounting. Safety checks for trading would only be added on an as-needed basis too. On top of this, blockchain private keys and exchange API keys were stored in plaintext in a file that could easily be accessed by several employees.

While this allowed the company to move at a “breathtaking speed”, the flip side was that it was faced with a major security incident once every few months. He then went on to talk about three such incidents which led to losses of over $200m.

The first one was when an Alameda trader got phished while trying to complete a DeFi transaction by accidentally clicking a fake link that had been promoted to the top of Google Search results. This cost the company a total of $100m.

More than $40m was lost in yield farming, which is a popular way to earn rewards by supplying tokens to a financial application on a blockchain. However, in the case of Alameda, it was done on a “new blockchain of questionable legitimacy”. This led to months of prolonged negotiations as the creator ended up holding the funds hostage, said Baradwaj.

Another exploit happened when an old version of the plaintext keys file was leaked. This led to the attacker transferring funds out of some exchanges and placing bad orders. Baradwaj claimed that the file was potentially leaked by a former employee.

These incidents were just a few amongst the many that happened at Alameda, declared the ex-employee. He also mentioned FTX facing issues here, particularly the MobileCoin fiasco that FTX co-founder Gary Wang recently testified about during the trial.

Several reports published recently have also claimed the now-defunct FTX exchange to have had weak and neglected security practices, easily leading to losses of over billion dollars. Just a few hours after the company had declared bankruptcy in November 2022, accounts tied to FTX and FTX.US were drained of funds in an attack.

It was later confirmed that $323m in various tokens were hacked from its international exchange and $90m from its US platform.

Baradwaj’s latest X posts are a part of a wider thread on the platform where he talks about the various stories from inside Alameda, like how “a misplaced decimal point at Alameda Research caused a market crash that echoed around the world”.

He added weight to the points made by prosecutors in court about how FTX and Alameda Research were highly intertwined despite the fact that on paper, Sam had already transitioned to running FTX full-time. However, in practice, they had joint offices, social events, and housing arrangements.

The ex-Alameda employee also highlighted the multiple irresponsibilities that he noted while working for the company. This included: careless risk management for a company handling billions of dollars in capital, technical debt that would “make any software engineer shed a tear” and millions lost in wasteful spending.