The Nassau, Bahamas-based FTX cryptocurrency exchange, which filed for bankruptcy on Nov. 11, 2022, has revealed it moved all digital assets offline and initiated an investigation to determine whether roughly $400 million USD in crypto assets were stolen. FTX general counsel Ryne Miller asserted that FTX “initiated precautionary steps,” including moving digital assets to cold wallets.
- Even for blockchains, the first rule of IT still applies: Garbage in, garbage out. If you don’t have any processes to manage your funds, who knows what is moved to what cold wallet, and who controls the respective keys. In the end, you may just end up with a cryptographically sound record of what funds the administrators decided to allow the “investors” to fight for. Sadly, I doubt that this incident will kill cryptocurrencies.
- Even though assets were secured, $473M was allegedly stolen, and it’s postulated this was an insider. From the court filing by John Ray III, “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here. From compromised systems integrity and faulty regulatory oversight abroad, to the concentration of control in the hands of a very small group of inexperienced, unsophisticated and potentially compromised individuals, this situation is unprecedented.” The takeaways, if you’re interested in Cryptocurrency, are both to make sure that there is sufficient separation of duties, and appropriately mitigated risks to include MFA, cold and encrypted (client-side) wallets as well as multi-signature wallets which require multiple keys to perform a transaction. Even if you’re not in the Cryptocurrency business, ensure you have sufficient separation of duties, and traceability on transactions.
- Really what this and the numerous other incidents point out is that “crypto” “currencies” are not currencies and often don’t implement cryptography very well. From a business perspective, use of them by legitimate businesses over other forms of electronic payments doesn’t provide any cost savings or revenue gains that would offset the enormous increase in risk.
Read more in