Ex-employee exposes risk management flaws at FTX, Alameda

Aditya Baradwaj, a former employee at Alameda Research, recently illuminated the risky, rapid operational practices at FTX and Alameda, pointing to skipped safety protocols.

In a Twitter thread, former Alameda Research employee Aditya Baradwaj looked inside the lack of risk management policies and procedures at cryptocurrency exchange FTX and trading firm Alameda Research.

Baradwaj explained that FTX founder Sam Bankman-Fried believed moving quickly was the most important thing for a startup like FTX and Alameda. As a result, standard engineering and accounting practices were ignored.

According to Baradwaj, this meant no code testing and incomplete balance accounting. Safety checks and proper key storage were only added when absolutely necessary.

While this allowed developers to work rapidly, it also led to major security incidents every few months, costing the companies tens of millions of dollars in losses.

Baradwaj cited three examples: a phishing attack costing over $100 million, a dispute with a questionable blockchain creator resulting in a $40 million loss, and a leaked plaintext keys file enabling an attacker to steal $50 million.

Despite these repeated incidents, Baradwaj claims no serious changes were made to FTX and Alameda Research operations under Bankman-Fried’s leadership. The risky practices continued until the recent collapse of FTX amid liquidity issues and allegations of mishandled customer funds.

“It’s the kind of risk-taking that seems to work… until it doesn’t.”

Aditya Baradwaj, former employee at Alameda Research