David Lifchitz - CIO at Tellurian-ExoAlpha - 11/15/2022
A lot has already been said on the FTX debacle, but I wanted to look at the event from a different angle: why it was much harder than some pretend to spot the fraud, what can be done now that trust in the system has been severely damaged and how to deal with the next FTX.
Was FTX instantaneous collapse the Lehman, Enron or Madoff moment of the crypto world? Well all at once!
A lot has already been written about it and new shoes are still dropping from FTX everyday… FTX collapse started as a Lehman moment when the exchange was facing bank run, but then morphed into an Enron moment as we learnt about the shady accounting that its CEO, Sam Bankman-Fried (SBF), was grossly running on a spreadsheet, to a Madoff moment given how the deposits of FTX clients which were supposed to be untouchable by FTX, have been used as a piggy bank to backstop the ever-bleeding Alameda Research trading firm in which SBF had strong interests.
And if that was enough, we just learnt today that Alameda Research was buying about-to-be-listed-on-FTX-tokens to benefit from a risk-free trade by selling them when they were listed to meet the demand of genuine buyers: this is simply called insider trading and it’s purely illegal.
According to the ”I told you so (but only after the fact) experts”, FTX had so many red flags that nobody should have traded on it… but it ended up being the second largest crypto exchange till last week.
I’ve heard a lot of pundits telling “I told you so…”, but as usual, after the fact… as nobody had seen it coming before the very last moment.
According to some, more regulation would have avoided the collapse of the exchange… but Madoff, Lehman, Enron, Worldcom, etc. were all regulated businesses. These firms were audited by tier-one accounting firms, registered businesses under different regulatory agencies, but it didn’t matter. I don’t say that regulations are useless, they could give some boundaries to limit shady businesses, but they will never be sufficient to prevent determined sociopaths from running afoul of them.
Other said that proper due diligences have not been conducted:
- there were for sure some disturbing aspects to FTX business, such as the conflict of interest between an exchange (FTX) and a prop’ trading firm (Alameda Research), where the first one could give a microsecond view of its upcoming flow of orders so that the trading firm can front-run it… but this practice has been legit in TradFi for years with firms like Citadel buying the order flow of RobinHood to front-run them by a millisecond to “provide liquidity”. Actually, it was Bernard Madoff who invented the concept of payment for order flow in the 80s!
- FTX last financial audit was conducted by a seasoned 600+ employee accounting firm in March 2022 and didn’t witness any wrongdoing, just like former Arthur Andersen (Big 5) didn’t see any with Enron for example… Indeed, SBF and his minions could have just moved funds into the right wallets just before the third party audit, and then moved them out right after the auditor had ticked the box… which they probably did!
Again, I’m not saying that operational due diligence and ongoing monitoring of counterparties is useless, just the opposite in fact, and help avoid most of the scammers, but they are not a guarantee against sophisticated criminal minds.
In that regard, what FTX collapse has just revealed is that just 4 lawless buddies were the running the show (SBF and his 2 business associates (Gary Wang, CTO and Nishad Singh, Chief of Engineering) as well as Caroline Ellison, the CEO of Alameda Research, as they were the only ones aware of a backdoor in FTX program that allowed them to shuffle funds from FTX without anybody else at the 300+ employees firm notice anything wrong. And this is exactly what happened: Alameda Research whose 28-year old CEO claimed she “couldn’t remember a time when she had lost money” (reminds me of Madoff, but just younger…) was siphoning FTX clients accounts through that backdoor with the benediction of SBF to cover her gigantic losses (c. $10B of liabilities vs. less than $1B of assets). This is exactly if you were watching the gas gauge of your car dashboard stuck at the full level while someone was siphoning the tank. You trust the gauge, but then you run out of fuel later wondering what happened.
No due diligence could have pointed to that back door beside a thorough analysis of the million lines of code of the FTX program, and even if one had gone through such a thorough analysis, it would have been very easy for SBF and its friends to just remove the backdoor before giving access to the code for the audit and adding it back to it afterward.
Late last year (2021), Bankman-Fried told US lawmakers at a hearing, “There are irresponsible actors in the digital-asset industry, and those actors attract the headlines, but FTX is not one of them and in fact has built a resilient, risk-reducing platform as a competitive advantage.” But instead, FTX revealed to be a very high level premeditated and sophisticated crime that has been very hard to detect, and only a few ones have escaped from.
When trust is gone…
Contrarily to an asset manager or a prop’ trading firm that makes bets on asset prices moves, taking more or less managed risks in search of profits, an exchange in its simple form, is just a program matching buyers and sellers. An exchange earns its living by taking a commission on each trade that takes place on it. As simple as that. Period. Besides a technical risk of malfunctioning or a hack (as suffered Mt. Gox exchange in 2014), there shouldn’t be any other major risk. Funds deposited by its clients at the exchange in order to be quickly available to match with other clients orders are supposed to be segregated from each other, and definitely not available to the exchange.
Therefore exchanges, which are key parts of the trading business, are supposed to be trustable pieces of the puzzle. People creating and running these exchanges are assumed to be honest people, and that’s the basis of any business: if you don’t trust someone to do business with, there’s no business. For example, you pay an insurance to cover your house because you trust the insurer to reimburse you in case of damage. You eat the bread from your favorite baker because you trust him to provide you with a tasty bacteria-less bread, etc. Of course we learn from time to time that some trusted brands and businesses turn out to be crooks which can have deadly consequences as in the food of pharmaceutical industry for example, when they are aware that some lots are contaminated but try to hide it in the hope that nobody will get too sick and avoid trashing out these lots registering a financial loss for the producer.
Within a business domain, when a bad actor is spotted and condemned, hurt people will just take their business to a more honest competitor, as they tend to be numerous in a given industry sector.
But in the crypto world, there are not many centralized crypto exchanges with decent liquidity and robustness (they can be counted on just one hand at most…). Thus when the second largest one reveals to be a total fraud, that chills out the whole ecosystem, especially given the numerous frauds and hacks witnessed over just the last few years. Changpeng Zhao, the CEO of Binance which is the largest crypto exchange by far, was the first to highlight that concern, instead of celebrating the closure of its main competitor.
Never again?
As long as the world is world, there will be crooks, fortunately in much lower numbers than honest people, but we have to deal with them.
The traditional financial industry has had its load of famous rogue traders: Nick Leeson (English former derivatives trader whose fraudulent, unauthorized and speculative trades resulted in the 1995 collapse of Barings Bank, the United Kingdom's oldest merchant bank); Jordan Belfort (American former stockbroker who pleaded guilty to fraud and related crimes in connection with stock-market manipulation and running a boiler room as part of a penny-stock scam); Jerome Kerviel (French rogue trader who was convicted and imprisoned in the 2008 Société Générale trading loss for breach of trust, forgery and unauthorized use of the bank's computers, resulting in losses valued at €4.9 billion); Bernard Madoff (American fraudster and financier who ran the largest Ponzi scheme in history, worth about $64.8 billion) to name just a few.
Crypto finance has also had its load of scammers, but Sam Bankman-Fried is so far the biggest one, not because of the size of the loss (about $10B so far), but because he was supposedly running a risk-less and trusted business as explained above. The Terra-Luna debacle which also took place in 2022, with loss amounting to $45B was related to a failure of protocol conception being overwhelmed, which took down Three Arrows Capital, a $10B crypto hedge fund with poor risk management despite it being perceived as the “adult in the room”; Celsius $4.7B loss also in 2022 is the closest instance to a Ponzi scheme in crypto…. and this is without counting the many scams related to coins’ ICOs.
Some are urging exchanges to provide “proof of reserves” using Merkle trees, which when set-up as a sort of map of clients funds, allow them to know if the exchange would have enough to meet investors withdrawals. However, that won’t be the panacea either as this only tracks holdings but would not prevent an exchange from misappropriating the funds. And finally, just as with a financial audit, the proof of reserves verifier of the exchange could only verify what the exchange presents, and as it has been the case with FTX, its CEO outright lied about it, even tweeting the day redemptions were suspended that customers money was safe… of course just before deleting his lying tweets, just as if that would prevent him from pursuits.
Others are claiming that it’s time for DeFi to shine as CeFi cannot be trusted, but until FTX, most of the heists have been conducted in DeFi protocols with Smart Contracts poorly written, allowing hackers to exploit their flaws. DeFi looks like the future of Finance, but not before the next decade as so much has still to be built on enough reliable bases and easy to access to become mainstream, but risk zero will never exist.
So until DeFi becomes mainstream, thorough due diligence, regulations, proof-of-reserves could help as necessary conditions, but not sufficient.
All one can do is minimize its risk by dealing with different counterparties to spread its risk, and in case of doubt, shoot first (i.e. remove its funds when he can) and ask questions later!