A former engineer at Alameda Research, a sister hedge fund of the cryptocurrency exchange FTX, has revealed shocking security lapses and losses of at least $190 million due to avoidable scams, leading to major concerns about the firm’s practices. In an October 12 post on a popular forum, the former engineer, Aditya Baradwaj, turned whistleblower, exposed the firm’s alleged lack of proper security and risk management.
Baradwaj described Alameda Research’s approach as “breathtaking” agility, but one that frequently led to “major security incidents” occurring as often as every few months. He cited specific examples of security breaches, including a trader losing over $100 million of the firm’s funds after clicking on a malicious link that was promoted to the top of Google search results. The incident occurred while the trader was attempting to sign off on a decentralized finance transaction.
Another example cited by Baradwaj was Alameda’s involvement in yield farming on a blockchain of “questionable legitimacy,” which resulted in losses exceeding $40 million.
According to the whistleblower, the focus on moving quickly, championed by FTX founder Sam Bankman-Fried, caused Alameda to disregard industry-standard engineering and accounting practices. Baradwaj pointed out that there was virtually no code testing, incomplete balance accounting, and safety checks for trading were added on an as-needed basis. Furthermore, sensitive data, such as blockchain private keys and exchange API keys, were stored in plaintext files accessible by several employees, putting the firm’s assets at risk.
One security incident involved a leak of an old version of plaintext files containing keys to Alameda’s wallets, resulting in losses of over $50 million as funds were transferred out of some exchanges.
The revelations by Aditya Baradwaj follow the recent trial of Sam Bankman-Fried, who is facing fraud charges. Alameda’s former CEO, Caroline Ellison, has testified against Bankman-Fried, and several former colleagues have provided evidence against him. The trial is ongoing, and Bankman-Fried has maintained his innocence, pleading not guilty to the charges.
These revelations have raised significant concerns about security practices within the cryptocurrency industry and the potential risks faced by trading firms and exchanges due to lax security measures and an emphasis on speed over safety.