By CyberTalk Staff
The FTX bankruptcy saga is sending shockwaves throughout cryptocurrency and DeFi (distributed finance using blockchain) industries. Knowing the factors surrounding the rise and fall of FTX can help security leaders to detect and reduce risks to your security practice when dealing with crypto.
Takeaway #1: How secure was FTX from the start? Not so secure.
In November 2017, Sam Bankman-Fried (SBF) and associates founded Alameda Research to perform trades and to matchmake buyers and sellers. By mid-2019, SBF and Gary Wang founded FTX. Within 2 years, FTX became one of the largest exchanges, raising $900M+ in funding. FTX’s valuation soared to $32 Billion.
The FTX website claimed their security measures followed “industry standards” without elaboration of certifications or cyber security controls. FTX touted 2FA password protection for account login and for withdrawals as well as the ability to create permission levels for custom logins for other account users. In addition, FTX used Whitelisted Wallet Addresses that require withdrawals go to predesignated addresses.[1]
Unfortunately, industry standard security in the crypto and DeFi industries have abysmal records for security. For example, a cyber attack cost the exchange Ascendex $77 million worth of RC20, BSC, and Polygon tokens.[2] Olympus DAO lost over 30,437 OHM tokens (almost $300,000) from the DeFi protocol. In this attack, hackers used a loophole in the network’s smart contract system on the Ethereum blockchain.[3] A cyber attack on Singapore-based decentralized multi-chain BitKeep resulted in a $9.9 digital asset loss.[4] The list of hacked exchanges and DeFi companies is long.
In a further shortcoming, the CEO replacing SBF, John Ray III, later told a bankruptcy court that FTX had used “an unsecured group email account as the root user to access confidential private keys and critically sensitive data for all FTX Group companies.”[5] In today’s threatscape that is characterized by 5th-generation multi-vector cyber attacks and motivated criminals, FTX security was shockingly weak.
Crypto and DeFi organizations must ensure that their cyber security implementations are far above industry standards, including advanced threat prevention that prevents 5th generation cyber attacks outside the environment before causing damage. In addition, crypto and DeFi organizations must upgrade security from a collection of point solutions to comprehensive, consolidated protection including data center, endpoints, cloud, mobile devices, IoT, SaaS and all other IT elements to ensure that an optimal security posture is maintained.
Takeaway #2: Rapid growth through acquisition is a security nightmare
During its growth phase, FTX acquired around 130 subsidiary companies[6]. This caused an explosive expansion of FTX’s threat surface. Here is why.
First, each of these subsidiaries had immature deployments and various security gaps that could quickly become entry vectors, spread malware, and enable other forms of hacking throughout the FTX ecosystem. Second, integrating multiple business systems hastily allows software flaws in one area that can be exploited for criminal activities throughout the ecosystem. Third, security deployments at acquisitions using several manufacturers are not interoperable or integrated, and certainly not centrally managed leaving security gaps within and among acquisitions, cloud deployments, end users and colocation facilities.
The way to handle cyber security in a complex, multi-subsidiary computing environment is to implement a consolidated security architecture. A consolidated security architecture can micro-segment every IT element at every subsidiary to establish a true zero-trust environment. Using a consolidated security architecture with a single user interface also makes managing and administering security very practical for the whole ecosystem. Consider sending in gear to acquisition targets to determine their security posture during negotiations. This has led to unexpected discoveries and acquisition values being modified to deal with issues found.
Takeaway #3: The threat may be inside the house. Know your software.
Financial filings revealed someone at FTX installed a backdoor[7] in FTX software to enable the transfer of $10 billion in customers’ funds – without their knowledge – to Alameda research to use for speculative investments. The backdoor shows how important it is for security professionals, especially the CISO, to regularly review software in order to look for irregularities.
To ensure production software is secure, current CI/CD Shift Left development requires code scanning and fixes to occur during early development, not after use in production. The tools must integrate with all the development tools that teams use. For example, use developer-first cloud security like CloudGuard Spectral that monitors, classifies, and protects your code, assets, and infrastructure for exposed API keys, tokens, credentials, and high-risk security configurations. Also ensure you use a process to identify the SBOM (Security Build of Materials) to know what libraries and 3rd party risks and dependencies are involved.
Takeaway #4: Chaos breeds crime
On November 2, 2022, CoinDesk reported financial records showed FTX partner Alameda Research held $14.6 billion of FTX’s exchange token FTT. This news story led FTX competitor Binance to dump $2.1 Billion of FTT, leading to a rapid decline of FTT and Alameda losing liquidity. Within 72 hours FTX users withdrew $6 billion, crashing the FTT token’s value by 80% or $2 billion.[8] This left FTX with $9 billon in liability with $900 million worth of liquidity. This chaos created a fertile breeding ground for cyber crime. FTX got hacked multiple times. The first hack[9] lost $600 million of customer funds.
In addition to the theft, according to the company’s tech support Telegram account, “FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Do not go on FTX site as it might download Trojans.”[10] FTX’s software supply chain and website had also been compromised.
During chaotic times, comprehensive preventative security against all current threats is required to protect today’s crypto and DeFi organizations. Incomplete security could make your exchange the main course of a hacker feeding frenzy.
Takeaway #5: In Cryptocurrency and DeFi, trust is the most asset.
The crypto industry is in retreat due to lack of trust as evidenced by Genesis Global Capital suspending withdrawals and seeking emergency funding[11], and a bankruptcy filing by crypto-lender BlockFi.[12] One might think crypto is on the way out. You might have thought the same thing about the Internet after the Dot-Com Bust of the early 2,000s. FTX is a lesson that as crypto joins the traditional economy, care is warranted to ensure that cyber security standards include comprehensive threat prevention in a consolidated security architecture as baselines to restore investor trust.
Fast moving new investment and financial tools that have escaped heavy oversight and regulations will no longer be allowed. Expect investigations that lead to updated laws to address this wild west. The security exposures with cryptocurrency exchanges (or any other burgeoning industry) are another reminder that security leaders and their strategies play an integral role to keep organizations and their customers safe.
To learn more about developer-first cloud security CloudGuard Spectral, visit this page. To get information about a consolidated security approach, go to Check Point Infinity.
[1] Anon, Personal Account Security, FTX.com, as viewed on November 26, 2022. https://help.ftx.com/hc/en-us/articles/360044838051-FTX-Security-Features-
[2] Waqas. Ascendex has lost $77 million worth of RC20, BSC, and Polygon tokens to cyberattack., HackRead, December 13, 2021. https://www.hackread.com/ascendex-cryptocurrency-exchange-hacked/
[3] Savannah Fortis, DeFi Protocol Olympus DAO Hacked! Hackers Drained Over $300K Through Smart Contract Exploit, CoinPedia, Oct 21, 2022. https://coinpedia.org/hack/defi-protocol-olympus-dao-hacked-hackers-drained-over-300k-through-smart-contract-exploit/
[4] “Digital Assets of $9.9 Million Stolen in BitKeep Cyber Attack,” by Adeola Adegunwa, Information Security Buzz, December 29, 2022
[5] Jon Brodkin, Founder ran FTX as “personal fiefdom;” many assets stolen or missing, court hears, Ars Technica, November 23, 2022. https://arstechnica.com/tech-policy/2022/11/founder-ran-ftx-as-personal-fiefdom-many-assets-stolen-or-missing-court-hears/
[6] William A. Frederick, The Ignoble End of Sam Bankman-Fried’s Crypto Empire FTX: An Epic Timeline, Medium, November 20, 2022. https://medium.com/@CryptoSavingExpert/the-ignoble-end-of-sam-bankman-frieds-crypto-empire-ftx-an-epic-timeline-85fec6a3ceba
[7] Luc Olinga, Timeline of Cryptocurrency Exchange FTX’s Epic Collapse, The Street, Nov 20, 2022 . https://www.thestreet.com/investing/cryptocurrency/timeline-of-cryptocurrency-exchange-ftxs-epic-collapse
[8] MacKenzie Sigalos FTX’s FTT token plunges 80%, wiping out over $2 billion in value, CNBC, November 8,2022.
[9] Newser Editors and Wire Services, FTX Bankruptcy Mess Gets Even Worse, Newser, Nov 22, 2022. https://www.newser.com/story/328299/ftx-lawyers-substantial-amount-of-assets-stolen.html
[10] Mike Pearl , ‘Hacked’ FTX scrambles to quarantine whatever crypto is left in it, Mashable, November 12, 2022. https://mashable.com/article/ftx-is-trying-to-quarntine-whatever-money-is-left
[11] Joel Khalili, Crypto Contagion Is Spreading, Fast, Wired, Nov 25, 2022. https://www.wired.com/story/ftx-collapse-genesis-crypto/
[12] Hannah Lang, Niket Nishant and Manya Saini, Crypto lender BlockFi files for bankruptcy, cites FTX exposure, REuters, November 28, 2022. https://www.reuters.com/technology/crypto-lender-blockfi-files-bankruptcy-protection-2022-11-28/
The post The FTX meltdown: Five takeaways for cyber security professionals appeared first on CyberTalk.