Inside FTX: Jokes about misplaced funds, diabolical IT, poor oversight, and worse

The liquidators picking over the remains of FTX have released their first formal report into Sam Bankman-Fried's imploded empire – and it somehow appears things are worse than feared.

The 39-page dossier [PDF] details an organization with little to no oversight of its own operations, and leadership that stifled dissent, commingled customer and corporate funds, lied to investors and the public, and routinely misplaced millions of dollars belonging to netizens.

In one internal communication included in the report, Bankman-Fried made light of the fact that FTX subsidiary Alameda Research was unauditable because even its leaders could only "ballpark" the org's balance sheets.

"We sometimes find $50m of assets lying around that we lost track of; such is life," SBF wrote. 

FTX lacked any real form of management or governance oversight, the report claims, stating that SBF, former FTX engineering lead Nishad Singh, and FTX cofounder and CTO Gary Wang were the only ones with any governance capabilities. 

"Board oversight … was effectively nonexistent," the report states, adding that FTX didn't have any internal audit functions or employees with experience in finance, accounting, human resources, or cybersecurity in place to serve as a check to the SBF-Singh-Wang leadership triad. 

• FTX cryptovillain Sam Bankman-Fried charged with bribing Chinese officials
• FTX inner circle helped itself to $3.2B, liquidators say
• FTX is back in Japan, where users can withdraw fiat and crypto
• Meta winds down NFTs but will continue token efforts

To make matters worse, the report claims that when high-ranking officials in the company attempted to impose oversight structures or rules for delegation of authority, some were rebuffed and others fired outright. Things were so bad that "at the time of the bankruptcy filing, the FTX Group did not even have current and complete lists of who its employees were," the report concluded. 

FTX also lacked any form of internal policies, necessitating a scramble to "cobble together purported policies that could be shown to auditors" in late 2020. The FTX Group also lacked any enterprise resource planning software, instead relying on QuickBooks and "a hodgepodge of Google documents, Slack communications, shared drives, and Excel spreadsheets and other non-enterprise solutions to manage their assets and liabilities." 

You stored so much crypto in what?!

The report said FTX's debtors identified a number of "extensive deficiencies in the FTX Group's controls with respect to digital asset management, information security, and cybersecurity" that ultimately led to it exposing customer crypto funds to "a grave risk of loss, misuse and compromise," not unlike the November 2022 security breach that, or so it's claimed, saw someone skim hundreds of millions in crypto from the company's accounts. 

Some of the extensive deficiencies included storing "virtually all funds" in hot wallets, those being cryptocurrency wallets effectively connected to the internet and not isolated from potential theft. Ideally, you want to hold much of your assets in cold offline wallets.

Meanwhile, private keys to FTX Group crypto assets were stored in a mix of "over one thousand [AWS] servers and related system architecture."

All of its compounding management failures, the debtors said, placed customer assets and funds at risk "from the outset." The report states that FTX's liquidators have recovered and secured approximately $1.4 billion of crypto-assets and have identified an additional $1.7 billion they are still working to recover.

The review of FTX's finances is ongoing, the defunct crypto-exchange said, and additional reports are expected as its Chapter 11 bankruptcy process continues. There is, as you'd expect, a long queue of people who want their money back from the imploded biz. An omnibus hearing of those proceedings is scheduled for this Wednesday. ®