Root Causes 257: FTX Crypto Exchange Collapses

Hosted by

Tim Callan

Chief Compliance Officer

Jason Soroko

Fellow

Original broadcast date

November 18, 2022

"If you don't hold the keys, you don't hold the cheese." Crypto exchange giant FTX recently collapsed, causing ripples through the cryptocurrency world. In this episode we focus on the cryptographic difference between cryptocurrency exchanges and other exchanges and how specific FTX user experience decisions led to the loss of valuable digital assets for investors.

Podcast Transcript

Lightly edited for flow and brevity.

Tim CallanSo, there is a big item that got a lot of headlines in the news, which is the recent collapse of FTX. Jason, what’s FTX?

Jason SorokoFTX is a number of things. I will describe the most important aspect of this in a moment but a little bit of background. On this podcast, we have delved into the topic of cryptographic currencies, bitcoin, blockchain technologies, etc. The FTX is a few things but mostly it’s probably to the average person it’s known as a cryptocurrency exchange and what that really means is you can buy and sell cryptocurrencies, trade them, etc. FTX though also had a lot of other side businesses including it was it’s own market maker. It kind of acted like its own exchange as they say in itself in that it kind of acted like the NASDAQ. It wasn’t just the broker. It acted as an entire ecosystem for a lot of aspects of cryptocurrencies.

Tim CallanI sort of always thought of it as a crypto exchange but when you put it in that broader context I think that’s, certainly that’s accurate but I think that’s good to bear in mind.

Jason SorokoImagine if NASDAQ were also the market maker and also the arbitrageur and also the …FTX was all of these things.

Tim CallanAnd also the dollar.

Jason SorokoIt even had its own token. Which was a thing. So, very, very short story and this is me having no journalistic quality in what I’m about to say, which I’m staying away from it completely – it looks like there may have been, allegedly may have been, some shenanigans in what had caused the entire - - well all of FTX basically to have to declare bankruptcy and that’s bad, bad news.

So, if you had any kind of money within it, if you owned the shares of the company, it’s a very bad story and I’m sure it’s a very sore pain point to maybe even some of you listening on this podcast. This is not what the podcast is gonna be about. We just had to address the elephant in the room when we are talking about FTX.

What we are going to address here, Tim, is the PKI part of this. The interesting cryptographic part of this, which is there’s an interesting saying going around on the internet that caught my eye and that’s why, Tim, I wanted to talk about this today. And it’s great. How often do you get to hear about cryptographic keys in the public domain. Just general discourse on Twitter and these kinds of things. It’s great.

Tim CallanOr how often is discussion about crypto actually about crypto?

Jason SorokoThis is actually about

Tim CallanIt’s blockchain. It’s diversified.

Jason SorokoWell, that’s one-half of the story. What looks like is happening is the money was potentially allegedly, possibly just stolen, in which case, it has not disappeared. It may have disappeared from your account. It may have disappeared from the balance sheets of FTX, but ultimately, it may have been fraudulently given away, stolen, disappeared. We don’t know yet but, ultimately, there’s probably something on a ledger somewhere that shows who was the original owner of specific tokens and where it went, to who.

Now, here’s the second part of the story. When things started to disappear, people started to ask the question, hey, I use these guys as my broker, my cryptographic currency broker, and I trade on this exchange and now I happen to be very, very worried about where’s my cryptographic currency? Where did it go? And then somebody clever said something very, very true, which is, if you don’t hold the keys, you don’t hold the cheese.

And I thought that was a pretty clever saying. It’s cruel in the sense that it might have been the first time people heard of it but if you listen to this podcast, you heard of it before.

Which basically means quite often when you are dealing with a cryptographic currency broker, they hold the private keys to the cryptocurrency wallet. Ultimately, that is used as your identity on the underlying ledger. So, therefore, unless you hold the keys – essentially the private key itself – the public key is simply the address of your wallet. The private key, of course, being the private key. And the thing that needs to be kept secret and in safe hands. Quite often, these brokerages will keep the private key on your behalf. Your identity is simply to log in and then utilize, deposit funds, withdraw, etc., and all those things happen at the exchange and the broker on your behalf. But ultimately, a lot of people will make the assumption, well, I don’t mind if the broker holds my private key because they’re probably never gonna get into crazy shenanigans and go out of business and maybe use my funds for bad things.

Tim CallanAnd it’s a user experience that’s similar to other things. Like trading stock. When I log into my online security brokerage, I don’t have a private key that I have to keep. That is a nonsensical concept. I just own my shares of Microsoft and I’m happy. If you don’t understand the nuances of how this works, I think it’s very, very reasonable for a layperson, for an intelligent, educated layperson never to even have a clue that that wouldn’t be safe in this specific context.

Jason SorokoYour securities broken is – I happen to know in the United States and same for me in Canada – under many, many layers of government regulation, oversight, etc. etc.

And this is the big difference with cryptographic currency exchanges and brokerages. Well, first of all, as we said earlier, when the entity you are dealing with kind of plays all the roles, it’s already a little weird.

Because the opportunity for them to have shenanigans is higher. It doesn’t necessarily mean there would be shenanigans, it’s just the opportunity for them to put their fingers in all kinds of places and manipulate is kind of potentially – potentially there. But the other thing, of course, as you just said, Tim, the user experience of a securities broker customer, as the retail customer, you just log in and do your thing. And that’s the experience FTX wanted to give you. You log in and do your thing and all that complexity of the cryptocurrency wallets is just in the background.

However, as we’ve talked about on this podcast, the way cryptocurrencies work is that wallet, that cryptocurrency wallet, is your record. Is, in fact, very much tied to anything that was done in your name on your behalf and so, therefore, if you do not possess the private key to that, you are taking some level of risk because if the cryptocurrency exchange goes under, for whatever reason, there may be things that happen that you are not in complete technical control of.

Tim CallanSo, Jason, let me ask you this question. You mentioned several times that there is a ledger here. So, would it be possible for that ledger to be able to tell us that an individual token that shows up out in the wild was lost in the FTX incident. Is that a thing that could happen?

Jason SorokoThat’s a strange concept in a ledger because a ledger is always balanced. In other words, somebody always owns the token. Somebody always owns the frangible portion of a token.

Tim CallanAnd maybe my vocabulary didn’t serve me there but the point is if I was the rightful owner of this crypto coin and then FTX collapses and my crypto coin disappears and I don’t have it anymore and I wasn’t paid for it and then it shows up somewhere else and somebody is trading on it, can that be traced back to my original ownership?

Jason SorokoYes. And in fact, I think there is a very substantial cottage industry out there right now that is doing forensics about where did cryptocurrencies come from, who was the owner at a certain point in time and then where did cryptocurrencies then flow to. I do know that for all kinds of crime purposes, there’s a number of organizations that are out there that think of ransomware organizations that we’ve talked about in this podcast that have received ransomware by bitcoin or other cryptocurrencies and some good forensics of looking at the public ledger actually led to investigations of specific ransomware groups and certain funds were, cryptographic currency funds were able to be recovered in that way. I would say through good forensics, Tim, it’s probably possible to be able to figure out where the funds actually went to.

Tim CallanThat would be interesting to see if something happens there.

Jason SorokoBut there it is. I think that’s probably the main takeaway in terms of if you don’t hold the keys, you don’t hold the cheese and that is quite literally true. We just never in this normal securities world think about our securities brokers just blowing up. I mean we’ve heard of the cases of like Lehman Brothers back in 2008 but even that had layers of security around it. With cryptocurrencies, it truly is buyer beware still at this point.