You would expect major merchants to ensure high levels of security and take steps to protect against phishing attacks and hacks, both of which plague the crypto ecosystem.
But not Alameda Research. The beleaguered trading firm, led by Sam Bankman-Fried, lost at least $200 million to a variety of common attack vectors running rampant in the industry, according to new claims from ex-employee Aditya Baradwaj.
“SBF believed that the most important thing for a startup like Alameda or FTX was the ability to move very, very quickly,” Baradwaj posted earlier today on social app X. “This meant virtually no code testing and incomplete balance sheet accounting.”
“Blockchain private keys and exchange API keys were stored in plaintext in a file that could be accessed by multiple employees,” Baradwaj added. CoinDesk verified that Baradwaj was an Alameda employee by reviewing pay stubs he provided.
Alameda lost $40 million through yield farming on a “new blockchain of questionable legitimacy,” with the network’s creator holding the company’s funds hostage. Months of negotiations followed, but it is unclear whether these funds were ultimately recovered.
Yield farming is a popular way to earn rewards by supplying tokens to a financial application on a blockchain. However, applications built by malicious actors can block withdrawals after raising a significant amount of capital, which can lead to losses.
Another security issue occurred when private keys, or a password for a secure crypto store, were leaked “probably by a former employee.” The attack cost Alameda more than $50 million in various tokens.
The biggest blow, however, was a $100 million loss after Alameda was tricked into clicking a fake phishing link on Google Ads. The fake link likely imitated a DeFi protocol and was promoted to the top of Google searches.
Baradwaj stated that these incidents were just a few of the many safety failures at Alameda.
Michaels Lewis’ recently released biography of Bankman-Fried claims that the founder lost at least $500,000 every day during Alameda’s early days and once lost more than $4 million worth of XRP tokens.
Together, these losses demonstrate the lax safety practices at Alameda and the apparent carelessness of its employees. Each of these attacks could have been prevented if private keys had been more securely stored and if DeFi transactions had been carefully vetted before millions of dollars of capital were moved.
Such losses were not limited to Alameda. Bankman-Fried’s other company, crypto exchange FTX, lost more than $400 million shortly after it declared bankruptcy in November 2022. The root cause of the attack turned out to be poor private key management – which could have cost the company more than $1 billion.
