How Alameda Research lost nearly $200M to security breaches
Aditya Baradwaj, a former engineer at Alameda Research, has disclosed how lax security practices within the now-defunct company led to substantial losses nearing $200 million.
Baradwaj revealed that Sam Bankman-Fried (SBF), the founder of both Alameda and FTX, prioritized rapid company expansion over crucial risk management protocols. As a result, the company encountered challenges related to account reconciliation, trading safety measures, and safeguarding blockchain private keys.
“[SBF] decided to ignore engineering and accounting practices that are considered standard at tech companies and financial services firms. This meant virtually no code testing and incomplete balance accounting “
According to Baradwaj, Alameda experienced three major security incidents before the collapse.
The first incident involved a phishing attack that resulted in over $100 million in damages. This attack occurred when an Alameda trader inadvertently clicked on a Google link during a trade. Subsequently, the company implemented additional security checks for its internal wallet software.
Similarly, the company faced another setback that led to the loss of more than $40 million while engaging in yield farming on a questionable blockchain. The creator of this blockchain held the company’s funds hostage for an extended period. In response, the company decided to exercise greater caution in selecting chains and protocols for future operations.
Baradwaj also revealed a security breach where the company’s “blockchain private keys and exchange API keys” were leaked in plaintext. This incident led to losses exceeding $50 million as the attacker transferred the company’s funds to various exchanges and placed malicious orders that caused further losses. The company moved its private keys to a more secure storage system to prevent a recurrence.
Despite these substantial losses, the company maintained its operational approach without making significant changes, as noted by the engineer.
The revelation comes amid the ongoing criminal trial of SBF. An unpublished post by the fallen founder revealed that he planned to shutter the crypto trading firm before his companies collapsed last year.
Meanwhile, top insiders at the defunct firm, including Alameda Research CEO Caroline Ellison, have detailed how SBF implemented systems that allowed his alleged fraudulent acts to flourish.