Alameda Research Lost $200M to Several Phishing Attacks Due to “Poor Security Practices”: Ex-FTX Engineer

Author: CoinSense

Former Alameda Research software engineer Aditya Baradwaj has exposed several security flaws that reportedly caused the FTX’s sister hedge fund at least a staggering $200 million.

In a series of posts on X (Twitter), titled ‘The Hacks,’ the whistleblower revealed, “poor security practices at Alameda Research caused the company to lose hundreds of millions of dollars.”

Baradwaj’s posts come at a time when the beleaguered ex-FTX CEO Sam Bankman-Fried (SBF) is undergoing his six-week-long criminal trial in lower Manhattan.

Per Baradwaj’s claims, the disgraced crypto mogul SBF believed that it is important to move very fast for startup like Alameda, “so much so that he decided to ignore engineering and accounting practices that are considered standard at tech companies and financial services firms.”

The company’s security was questionable as safety checks for trading would only be added on as needed basis, Baradwaj added.

“Blockchain private keys and exchange API keys were stored in plaintext in a file that several employees could access.”

Security Incidents

He continued giving instances of some of the major security breaches that Alameda witnessed once in every few months.

In one incident, Baradwaj claimed that an Alameda trader fell victim to a phishing attack while trying to complete a DeFi transaction. He apparently clicked a fake link that had been promoted to the top of Google Search results, losing more than $100 million.

Another alarming incident took away $40 million in yield farming on a new blockchain of questionable legitimacy. “The creator ended up holding our funds hostage, and we had months of prolonged negotiations,” he wrote.

Yield farming refers to earning yield by placing coins or tokens in a decentralized application (dApp), thus providing liquidity to various token pairs. However, malicious actors fake the dApp, blocking withdrawals after attempting to amass sizable amount of funds.

In yet another security breach, blockchain private keys stored in plaintext were leaked by an ex-employee. The insider leak cost over $50 million loss, he added.

“These are just a few incidents – there’s many more, including from before my time at the company.”

Frauds Were Intentional

Alameda’s ex-CEO and SBF’s former girlfriend Caroline Ellison recently disclosed her powerful testimony against SBF, admitting that he was “very ambitious” risktaker, mishandling customer funds for his own ideals.

She also said that Bankman-Fried said there was a “5% chance that he would become the President of the United States.”

Ellison disclosed Sam’s investment choices were intentional, that led to his pursuit of funding from the Saudi Prince and plotting against Binance.

Baradwaj has been highly vocal on various frauds committed by both Alameda and FTX in recent times. He said he lost more than 90% of his liquid assets when FTX collapsed in November 2022.

However, SBF has pled not guilty to the charges brought against him and throughout his trial, maintains innocence.

Former Alameda Research software engineer Aditya Baradwaj has exposed several security flaws that reportedly caused the FTX’s sister hedge fund at least a staggering $200 million.

In a series of posts on X (Twitter), titled ‘The Hacks,’ the whistleblower revealed, “poor security practices at Alameda Research caused the company to lose hundreds of millions of dollars.”

Baradwaj’s posts come at a time when the beleaguered ex-FTX CEO Sam Bankman-Fried (SBF) is undergoing his six-week-long criminal trial in lower Manhattan.

Per Baradwaj’s claims, the disgraced crypto mogul SBF believed that it is important to move very fast for startup like Alameda, “so much so that he decided to ignore engineering and accounting practices that are considered standard at tech companies and financial services firms.”

The company’s security was questionable as safety checks for trading would only be added on as needed basis, Baradwaj added.

“Blockchain private keys and exchange API keys were stored in plaintext in a file that several employees could access.”

Security Incidents

He continued giving instances of some of the major security breaches that Alameda witnessed once in every few months.

In one incident, Baradwaj claimed that an Alameda trader fell victim to a phishing attack while trying to complete a DeFi transaction. He apparently clicked a fake link that had been promoted to the top of Google Search results, losing more than $100 million.

Another alarming incident took away $40 million in yield farming on a new blockchain of questionable legitimacy. “The creator ended up holding our funds hostage, and we had months of prolonged negotiations,” he wrote.

Yield farming refers to earning yield by placing coins or tokens in a decentralized application (dApp), thus providing liquidity to various token pairs. However, malicious actors fake the dApp, blocking withdrawals after attempting to amass sizable amount of funds.

In yet another security breach, blockchain private keys stored in plaintext were leaked by an ex-employee. The insider leak cost over $50 million loss, he added.

“These are just a few incidents – there’s many more, including from before my time at the company.”

Frauds Were Intentional

Alameda’s ex-CEO and SBF’s former girlfriend Caroline Ellison recently disclosed her powerful testimony against SBF, admitting that he was “very ambitious” risktaker, mishandling customer funds for his own ideals.

She also said that Bankman-Fried said there was a “5% chance that he would become the President of the United States.”

Ellison disclosed Sam’s investment choices were intentional, that led to his pursuit of funding from the Saudi Prince and plotting against Binance.

Baradwaj has been highly vocal on various frauds committed by both Alameda and FTX in recent times. He said he lost more than 90% of his liquid assets when FTX collapsed in November 2022.

However, SBF has pled not guilty to the charges brought against him and throughout his trial, maintains innocence.