top of page

Corrupt Code: Inside the $8 Billion FTX Fraud


Audio cover
Corrupt Code

The year is 2019, and the cryptocurrency world is ablaze with excitement. Digital coins are skyrocketing in value, and everyone is eager to cash in on the frenzy. Enter Sam Bankman-Fried, a young, ambitious entrepreneur with a vision: to create a cryptocurrency exchange that would not only dominate the market but also fuel his other venture, Alameda Research. This is how FTX was born—a platform that quickly rose to prominence in the crypto space. But beneath the surface of this success story lay a dark secret, one hidden deep within the very code that powered FTX. This is the tale of how $8 billion was siphoned away, concealed within the lines of Python code.


To unravel the threads of this massive fraud, we must start at the beginning. In 2017, Sam Bankman-Fried, often referred to as SBF, founded Alameda Research, a quantitative trading firm focused on the volatile world of cryptocurrency markets. Alameda made its name by exploiting price differences across various exchanges—buying low in one market and selling high in another, a strategy known as arbitrage.


As cryptocurrency gained mainstream attention, finding reliable sources of capital became increasingly difficult. Traditional banks, wary of the lack of regulation in the crypto world, were hesitant to lend. Faced with these challenges, SBF had an idea: why not create a cryptocurrency exchange that could generate the revenue needed to support Alameda’s operations? And so, FTX was born—a platform where users could buy, sell, and trade digital currencies. By July 2021, FTX had over a million users and was the third-largest exchange by trading volume.


With success came greed. SBF wasn’t satisfied with just the profits from trading fees. He wanted more, and thus, FTX introduced its own token, FTT. Like grocery store loyalty points, FTT had value within the FTX ecosystem—users could trade with it, earning discounts on transaction fees. But outside FTX, FTT was as valuable as Monopoly money. Despite this, FTT became central to FTX’s operation, with Alameda holding a significant portion of the tokens.


This is where the waters started to get murky. Alameda began using these FTT tokens as collateral to secure large loans in other cryptocurrencies. It was like going to a bank and saying, “Trust me, I’ve got plenty of assets,” when those assets were self-issued tokens whose value hinged entirely on the success of the company that created them.


In November 2022, the house of cards began to collapse. Coindesk, a cryptocurrency news outlet, published a damning report based on leaked financial documents from Alameda. The report revealed that much of Alameda’s value was tied up in FTT tokens, posing a significant risk since the tokens’ value was inextricably linked to FTX’s fortunes.


This is where the story shifts from financial trickery to outright fraud, hidden in plain sight within FTX’s backend code. When Coindesk’s report went live, Binance, FTX’s main competitor, saw the writing on the wall and sold off its FTT holdings. Panic spread like wildfire, and FTX customers rushed to withdraw their funds. But there was a catch: FTX didn’t have enough cash to cover these withdrawals. The exchange froze withdrawals and soon after declared bankruptcy.


As the chaos settled, the true extent of the fraud came to light—thanks to some courtroom drama and a surprising star: a code review. FTX’s backend—the codebase that managed all those transactions—held the key to understanding how Alameda siphoned off billions without raising alarms.


Gary Wang, FTX’s co-founder and chief technical officer, was called to testify during SBF’s trial. He explained how FTX’s backend worked: it contained a database tracking every account, balance, transaction, and trade. But hidden within that code were special privileges reserved exclusively for Alameda—privileges that no other account had.


One of the most damning pieces of evidence was a column in the accounts table labeled “allow negative.” When this flag was set to true, it allowed an account to have a negative balance—meaning it could withdraw or trade more funds than it actually had. Normally, when a user attempts to withdraw money, the code checks if they have enough balance. But if the “allow negative” flag was set, this check was bypassed entirely. Alameda’s accounts had this flag set, allowing them to withdraw and trade with money they didn’t have—essentially borrowing from FTX’s customers without their knowledge.


But the story didn’t end there. Gary Wang also testified that Alameda’s line of credit—originally set at a few million dollars—was gradually increased at SBF’s request until it reached a mind-boggling $65 billion. While Alameda didn’t use the entire amount, this figure underscored just how far they were operating on borrowed time, using money that wasn’t theirs. Meanwhile, FTX customers were kept in the dark about the fact that their deposits were being used to cover Alameda’s risky bets.


Then there was the supposed insurance fund—a safety net FTX claimed would protect users in case of bad investments. The fund’s value was prominently displayed on the FTX website, reassuring users that their investments were safe. But in reality, the numbers were entirely fabricated. The code responsible for updating the insurance fund’s value didn’t pull data from any legitimate source. Instead, it generated a random number based on recent trading volume, multiplied it by an arbitrary factor, and displayed it as the fund’s value. In short, it was a complete fiction.


In the end, the collapse of FTX wasn’t just a financial scandal—it was a technical one. The fraud wasn’t merely the result of shady accounting or dubious business practices; it was literally coded into the system. And while Sam Bankman-Fried now faces charges of fraud and conspiracy, the lesson for the rest of us is clear: in the world of digital finance, transparency and accountability cannot be left out of the code.


This isn’t just a tale of courtroom drama for tech enthusiasts—it’s a stark reminder that in the age of digital finance, the code that runs these systems must be as trustworthy as the people behind them. If you’re investing your money, you deserve to know how the system really works, not just what the flashy website tells you.


And if you’re ever tempted to build a billion-dollar empire on a foundation of lies and Python code, just remember: the truth will eventually come out—line by line.




Comments


bottom of page