If the cryptocurrency exchange returns, would its new leadership take a deliberate, consistent stance on security?

Joao-Pierre S. Ruth, Senior Editor

April 16, 2023

After numerous alleged security failings by the former leadership of bankrupt crypto exchange FTX were detailed last week, word came from the attorneys reporting to the independent directors on the case that $7.3 billion in assets were recovered and revival of FTX might be in the cards.

The potentially miraculous recovery of that funding is likely good news for FTX’s creditor, though it does not cover all the assets that are due. Talk of reviving FTX is an even trickier prospect given the emerging details on security and trust being revealed in court.

FTX founder Sam Bankman-Fried and others accused of fraud and other crimes related to crypto exchange are extremely unlikely to be part of a resurrection of FTX -- there is plenty of prison time to go around if convicted.

Is a change in leadership, even as drastic as this, enough to right the ship? Can trust be reforged in the crypto exchange? Let’s look at the security issues FTX had, some of which may have been self-induced.

In the first interim report filed with the court on control failures at FTX, the debtors had plenty to grumble about:

“Upon assuming control, the debtors found a pervasive lack of records and other evidence at the FTX Group of where or how fiat currency and digital assets could be found or accessed, and extensive commingling of assets. This required the debtors to start from scratch, in many cases, simply to identify the assets and liabilities of the estate, much less to protect and recover the assets to maximize the estate’s value. This challenge was magnified by the fact that the debtors took over amidst a massive cyberattack, itself a product of the FTX Group’s lack of controls, that drained approximately $432 million worth of assets on the date of the bankruptcy and threatened far larger losses absent measures the debtors immediately implemented to secure the computing environment.”

So not only was FTX in trouble for alleged fraud, it lost millions allegedly thanks to lax controls to prevent cyberattacks. Some of the selling points in the fintech space include the potential for financial inclusivity and financial freedom for those who have been left behind by cycles of capitalism. News of a cyberattack naturally might affect confidence in any financial institution, but adding an alleged lack ofsecurity controls could shatter what remains of confidence.

This might have been an oversight on the part of FTX, however the court report paints a picture of callous disregard for cybersecurity by the exchange’s leadership:

“The FTX Group’s control failures created an environment in which a handful of employees had, among them, virtually limitless power to direct transfers of fiat currency and crypto assets and to hire and fire employees, with no effective oversight or controls to act as checks on how they exercised those powers. These employees, particularly Bankman-Fried, deprioritized or rejected advice to improve the FTX Group’s control framework, exposing the exchanges to grave harm from both external bad actors and their own misconduct.”

Add on to that a lack of proper accounting, governance and you essentially have poor oversight, which allegedly were as flagrant as they were egregious:

“Despite the public image it sought to create of a responsible business, the FTX Group was tightly controlled by a small group of individuals who showed little interest in instituting an appropriate oversight or control framework. These individuals stifled dissent, commingled and misused corporate and customer funds, lied to third parties about their business, joked internally about their tendency to lose track of millions of dollars in assets, and thereby caused the FTX Group to collapse as swiftly as it had grown. In this regard, while the FTX Group’s failure is novel in the unprecedented scale of harm it caused in a nascent industry, many of its root causes are familiar: hubris, incompetence, and greed.”

There are a lot of tools that might have been put into place to catch some or all of that kind of activity. Whether FTX possessed such tools and ignored them -- that may come out in court. But knowing who has access to resources, why they have access, limiting access to real needs -- that is not a hard resource to find. And if the statement about rejecting advice to improve controls is true, that is some significant bad security stewardship.

Security tools only work if an organization puts them into play and remains consistent in their use.

What to Read Next:

What Just Broke?: Alleged Dark Deals in Synthetic Data

What Just Broke?: Digital Ethics in the Time of Generative AI

Q&A: The Failed Binance -- FTX Deal and the Crypto Winter

About the Author(s)

Joao-Pierre S. Ruth

Senior Editor

Joao-Pierre S. Ruth covers tech policy, including ethics, privacy, legislation, and risk; fintech; code strategy; and cloud & edge computing for InformationWeek. He has been a journalist for more than 25 years, reporting on business and technology first in New Jersey, then covering the New York tech startup community, and later as a freelancer for such outlets as TheStreet, Investopedia, and Street Fight. Follow him on Twitter: @jpruth.


Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights