Live from the FTX meltdown

*** Originally published Friday 11th November, edited for latest developments***
Where are we now?
Thursday 17th November: The first filing is made in the bankruptcy court of the state of Delaware. You can read the key takeaways here.
Saturday 12th November, 3am UTC: A reported hack starts to drain funds from FTX under the nose of the appointed administrator. Updates to FTX apps and email links sent to customers reportedly contain Trojan malware targeting users funds.
Friday 11th November, 5pm UTC: FTX files for Chapter 11 Bankruptcy in the State of Delaware – this is going to be years in the unravelling.
Friday 11th November, 12 noon UTC: depositors are finding ever more tricky and innovative ways to extract their funds from FTX. Around $50m worth of assets was extracted using a loophole in the FTX NFT platform. An agreement with TRON briefly enabled holders of certain tokens to move their funds. FTX is still stumbling along, hunting for investors to help its liquidity after an initial offer of help from Binance was withdrawn, and the latest news reports indicate that TRON may be stepping in to help. Alameda Research has been closed.
Original Post – Exchanges 101
This is but a snapshot of the events and lessons in the ongoing FTX meltdown. By the time you read this (or even before I finish posting), something new will have emerged about this crazy situation.
1. What’s FTX?
FTX is – was – a large cryptocurrency exchange, based in the Bahamas. All exchanges act like the counter at your international airport. One enables you to exchange what’s in your wallet for the currency of a different country, the other the cryptocurrency of a different blockchain.
Some exchanges are centralised (CEX) such as Coinbase, Binance, Gemini and others. These allow you to exchange your country’s currency for crypto, and as such they are regulated. For example, in the UK the FCA requires that consumers and their sterling deposits are protected by strong Know Your Customer and Anti-Money Laundering processes and an e-money licence. Others are decentralised exchanges (DEX), not regulated and only dealing in cryptocurrencies. All the transfers between cryptocurrencies are automated, making fees much lower and more attractive to users.
>> Edit: FTX was a centralised exchange that had been working with the US Securities and Exchange Commission on industry regulation. It offered attractive returns for customers holding their crypto in the exchange, and useful tools for loss mitigation in trading.
2. Why does FTX have people’s money?
In order to use any exchange, you start by adding funds to your account. For convenience, regular users and traders will often keep their money in the exchange account rather than transferring backwards and forwards to wallets on individual blockchains. It’s easier and cheaper, but it means that the exchange has custody of your money. This is not necessarily a good thing, as the collapse of FTX and others before has shown.
3. Not your keys, not your crypto
This is a mantra of the crypto world. Successive failures of exchanges including Mt Gox in 2014 and Quadriga in 2019 (dramatised on Netflix as “Trust No-one: The Hunt for the Crypto King“) reinforce the message that when someone else has custody of your crypto, you have no control if that person or organisation does not take care of it. By contrast, if you have the private keys to your on-chain wallet then you are in full control. Of course, that means that if you lose the private keys (seed phrases), you lose the money. If holding your own crypto, do ensure that the keys are safe, backed up, and accessible by your nearest and dearest in case of disaster.
4. So what happened to FTX?
In a nutshell, it appears that FTX used customer deposits as a loan to founder Sam Bankman-Fried’s core business, Alameda Research. This was in violation of FTX’s own terms of service for protection of all funds in their custody. The transaction was spotted on the blockchain (the gift of transparency!) and worried depositors started to withdraw their funds in a classic “run on the bank” scenario similar to the 2008 failure of Northern Rock.
The story keeps moving, but the key takeaways don’t change:
- Poor business decisions and unethical behaviours can happen in any sector
- Regulation to protect consumers is increasingly important
- If it looks too good to be true, it probably is
- Not your keys, not your crypto.