Not long after the November collapse of crypto exchange FTX one of the first questions asked was, naturally, “where were the auditors?” (Francine McKenna answers that question here on CoinDesk) In the weeks that followed the FTX implosion, firms that once bragged about their crypto practices quietly shuttered them and walked away and the once darling of forward-thinking firms was now just a pile of smoldering rubble.
As the remains of FTX are picked through to find scraps to throw at its many debtors, we have now learned from a debtors report filed in bankruptcy court yesterday (embedded in its entirety below) that it’s a wonder FTX could find any auditors at all.
In an internal communication cited in the report, Bankman-Fried once said FTX’s sister company Alameda Research was “hilariously beyond any threshold of any auditor being able to even get partially through an audit.”
He said: “Alameda is unauditable. I don’t mean this in the sense of ‘a major accounting firm will have reservations about auditing it’; I mean this in the sense of ‘we are only able to ballpark what its balances are, let alone something like a comprehensive transaction history’.
“We sometimes find $50m of assets lying around that we lost track of; such is life.”
According to the report, Alameda struggled to understand what its own positions were, “let alone hedging or accounting for them.” In one example referenced in the report, employees were told by an unidentified manager in June 2022 to just “come up with some numbers? Idk.”
Let’s see what else is in this report, shall we?
[T]he Debtors have had to overcome unusual obstacles due to the FTX Group’s lack of appropriate record keeping and controls in critical areas, including, among others, management and governance, finance and accounting, as well as digital asset management, information security and cybersecurity. Normally, in a bankruptcy involving a business of the size and complexity of the FTX Group, particularly a business that handles customer and investor funds, there are readily identifiable records, data sources, and processes that can be used to identify and safeguard assets of the estate. Not so with the FTX Group.
Upon assuming control, the Debtors found a pervasive lack of records and other evidence at the FTX Group of where or how fiat currency and digital assets could be found or accessed, and extensive commingling of assets. This required the Debtors to start from scratch, in many cases, simply to identify the assets and liabilities of the estate, much less to protect and recover the assets to maximize the estate’s value. This challenge was magnified by the fact that the Debtors took over amidst a massive cyberattack, itself a product of the FTX Group’s lack of controls, that drained approximately $432 million worth of assets on the date of the bankruptcy petition, and threatened far larger losses absent measures the Debtors immediately implemented to secure the computing environment.
Despite the public image it sought to create of a responsible business, the FTX Group was tightly controlled by a small group of individuals who showed little interest in instituting an appropriate oversight or control framework. These individuals stifled dissent, commingled and misused corporate and customer funds, lied to third parties about their business, joked internally about their tendency to lose track of millions of dollars in assets, and thereby caused the FTX Group to collapse as swiftly as it had grown. In this regard, while the FTX Group’s failure is novel in the unprecedented scale of harm it caused in a nascent industry, many of its root causes are familiar: hubris, incompetence, and greed.
The debtors came to this conclusion after reviewing over one million communications (including those made on Slack, Signal, and over email) and Excel sheets, along with FTX’s various QuickBooks entries (yes, a multi-billion entity like FTX used QuickBooks).
The conclusion is not that FTX had poor controls but no controls. “The FTX Group’s control failures created an environment in which a handful of employees had, among them, virtually limitless power to direct transfers of fiat currency and crypto assets and to hire and fire employees, with no effective oversight or controls to act as checks on how they exercised those powers,” said the report. “The FTX Group lacked appropriate management, governance, and organizational structure.”
Three people — Sam Bankman-Fried, Gary Wang, and Nishad Singh — made virtually all decisions. “Among them, Bankman-Fried was viewed as having the final voice in all significant decisions, and Singh and Wang largely deferred to him,” says the report. “If Nishad [Singh] got hit by a bus, the whole company would be done. Same issue with Gary [Wang],” said an unnamed FTX Group executive quoted in the report. Former Director of Engineering Nishad Singh pleaded guilty to U.S. criminal charges in February and is cooperating with the investigation. FTX’s quiet, spotlight-shunning co-founder Gary Wang has also pleaded guilty — to wire fraud, conspiracy to commit wire fraud, conspiracy to commit commodities fraud, and conspiracy to commit securities fraud — and is helping authorities to get to the bottom of the dumpster fire that is FTX. There’s a good read about Wang on Bloomberg here (notable quote: “He was viewed by colleagues as the quiet genius of FTX, a solitary magician who worked strange hours and ignored social cues and Slack messages.”)
At its peak, the FTX Group operated in 250 jurisdictions, controlled tens of billions of dollars of assets across its various companies, engaged in as many as 26 million transactions per day, and had millions of users. And yet…
Although the FTX Group consisted of many, separate entities, transfers of funds among those entities were not properly documented, rendering tracing of funds extremely challenging. To make matters worse, Slack, Signal, and other informal methods of communication were frequently used to document approvals. Signal and Telegram were at times utilized in communications with both internal and external parties with “disappearing messages” enabled, rendering any historical review impossible. Expenses and invoices of the FTX Group were submitted on Slack and were approved by “emoji.” These informal, ephemeral messaging systems were used to procure approvals for transfers in the tens of millions of dollars, leaving only informal records of such transfers, or no records at all.
In short, a mess. Knock yourself out and read the whole report if you are so inclined.