Alameda Research, Sam Bankman-Fried’s firm, lost at least $190 million due to a lax approach to security, according to former trading-firm programmer Aditya Baradwaj.
PART 3: THE HACKS
or
How poor security practices at Alameda Research caused the company to lose hundreds of millions of dollars
(1/n) ?#SBF #FTX pic.twitter.com/RFocE7w3Gx
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023
The specialist noted that after the collapse of FTX and affiliated Alameda there was much discussion about shortcomings in risk-management structures at both companies. John Ray, who led the exchange through bankruptcy, described the situation as ‘a complete failure of corporate governance’.
“Sam believed that the single most important thing for startups like Alameda or FTX was the ability to move very, very fast. So much so that he decided to ignore software engineering practices and accounting practices that are considered standard at tech companies and financial services firms,” noted Baradwaj.
SBF believed that the single most important thing for a startup like Alameda or FTX was being able to move very, very fast
So much so that he decided to ignore engineering and accounting practices that are considered standard at tech companies and financial services firms
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023
According to him, the approach indeed allowed growth at a dizzying pace. But the downside was security incidents that occurred every few months.
In one case, an Alameda trader was subjected to a phishing attack, resulting in the firm losing $100 million. While attempting to complete a DeFi transaction, an employee clicked on a fake link that a Google search had returned at the top, Baradwaj explained.
The second incident occurred when the company began yield farming on a new blockchain of questionable legitimacy. As a result, the protocol developers simply appropriated assets worth more than $40 million, the programmer said.
In another example, Baradwaj described a leak of an old version of a text file containing Alameda’s keys into the network. As a result, the attacker could transfer funds from some exchanges and place ‘bad orders,’ resulting in losses of more than $50 million.
Baradwaj stressed that there were many more such cases, including before his arrival at the company. At Alameda, responses were reactive, patching risk-management and security systems on the fly.
“Was the trade-off worth it? Sam, it seems, thought so. Even after all these incidents, there were no serious attempts to change the way we worked. It seems that such risk works… until it doesn’t,” the programmer wrote.
Was the tradeoff worth it?
Sam certainly seemed to think so. Even after all these incidents, no serious attempt was made to change the way we operated.
It’s the kind of risk-taking that seems to workt until it doesn’t.
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023
Earlier, Baradwaj disclosed that this was the cause of Bitcoin’s 87% drop on the Binance.US platform in 2021.