- Whistleblower Aditya Baradwaj shared these shocking details in a post titled “The Hacks”
- These revelations from the former engineer come amid ongoing legal proceedings involving FTX founder Sam Bankman-Fried
In a startling revelation, a former engineer at Alameda Research, the sister hedge fund of cryptocurrency exchange FTX, has disclosed significant losses in trading funds, totaling at least $190 million, due to avoidable scams. Aditya Baradwaj, the whistleblower, shared these shocking details in a post titled “The Hacks” on 12 October.
Baradwaj highlighted the striking agility of Alameda Research, emphasizing that this rapid pace often led to “major security incidents” occurring every few months. These incidents apparently had significant financial ramifications.
One of the most noteworthy exploits occurred when a trader at Alameda Research inadvertently clicked on a malicious link that was prominently displayed in Google Search results. This simple action resulted in the loss of over $100 million of the firm’s funds during a decentralized finance transaction.
Incident #1:
An Alameda trader got phished while trying to complete a DeFi transaction by accidentally clicking a fake link that had been promoted to the top of Google Search results
Cost: $100M+
Postmortem: Implemented extra checks on our internal wallet software
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023
Alameda Research’s costly security lapses pay the price
Another significant loss stemmed from Alameda’s involvement in yield farming on a blockchain of “questionable legitimacy,” eventually resulting in losses exceeding $40 million. The whistleblower detailed the firm’s culture of prioritizing speed and agility, which often came at the expense of industry-standard engineering and accounting practices. This approach involved minimal code testing and incomplete balance accounting.
Incident #2:
We started yield farming on a new blockchain of questionable legitimacy. The creator ended up holding our funds hostage, and we had months of prolonged negotiations
Cost: $40M+
Postmortem: Decided to be more careful about which chains/protocols we trade on
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023
The failure to incorporate safety checks for trading occurred only when they were considered necessary. Moreover, the company stored sensitive data, including blockchain private keys and exchange API keys, in plaintext files that several employees could access, creating a significant security vulnerability.
These security lapses resulted in further breaches.
In another incident, an old version of plaintext files containing keys to Alameda’s wallets was leaked. This allowed an attacker to transfer funds out of specific exchanges and incurring losses exceeding $50 million.
Incident #3:
An old version of our plaintext keys file was leaked, likely by a former employee. The attacker transferred funds out of some exchanges and placed bad orders
Cost: $50M+
Postmortem: Migrated our secret keys to a more secure storage system
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023
Baradwaj revealed that numerous other incidents of a similar magnitude occurred before his time at the firm. In doing so, he pointed to a pattern of inadequate security practices.
FTX case keeps unraveling
These revelations from the former engineer come amid ongoing legal proceedings involving FTX founder Sam Bankman-Fried. Former Alameda CEO Caroline Ellison has testified against Bankman-Fried in a fraud trial. Other former colleagues such as Adam Yedidia and Gary Wang have also provided substantial evidence against the billionaire entrepreneur.
Wang admitted to writing specific code that allowed Alameda to engage in trading with a near-unlimited line of credit from FTX, raising concerns about the firm’s financial practices. For her part, Ellison has elaborated on the alleged mingling of funds between FTX and Alameda.
Sam Bankman-Fried has maintained his innocence throughout the trial though, pleading not guilty to the charges against him.
