\n
The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n
The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n
FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n
The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n
See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
\"The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions, and any one of the controls may have prevented the loss in the November 2022 Breach. Taken together, the failures were further magnified, since each control failure exacerbated the risk posed by the others.\"<\/em><\/p>\n\n\n\n The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
Under a section titled \"Lack of security controls to protect crypto assets\", the report states that;<\/p>\n\n\n\n \"The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions, and any one of the controls may have prevented the loss in the November 2022 Breach. Taken together, the failures were further magnified, since each control failure exacerbated the risk posed by the others.\"<\/em><\/p>\n\n\n\n The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
The once loved, now disgraced crypto exchange FTX has had further details about the company's inner workings released in its latest bankruptcy report<\/a> from April 9th.<\/p>\n\n\n\n Under a section titled \"Lack of security controls to protect crypto assets\", the report states that;<\/p>\n\n\n\n \"The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions, and any one of the controls may have prevented the loss in the November 2022 Breach. Taken together, the failures were further magnified, since each control failure exacerbated the risk posed by the others.\"<\/em><\/p>\n\n\n\n The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
Google also stated that \"independent security researchers make enormous contributions to security, including at\u00a0Google<\/a>,\"<\/em> so they're also developing a fund which would protect good-faith security research in legal cases. <\/p>\n","post_title":"Google Establishes A Hacking Policy Council Among Others; Cybersecurity And Vulnerability Management","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"google-establishes-a-hacking-policy-council-among-others-cybersecurity-and-vulnerability-management","to_ping":"","pinged":"","post_modified":"2023-04-15 18:30:50","post_modified_gmt":"2023-04-15 08:30:50","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10946","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":10884,"post_author":"12","post_date":"2023-04-13 14:49:02","post_date_gmt":"2023-04-13 04:49:02","post_content":"\n The once loved, now disgraced crypto exchange FTX has had further details about the company's inner workings released in its latest bankruptcy report<\/a> from April 9th.<\/p>\n\n\n\n Under a section titled \"Lack of security controls to protect crypto assets\", the report states that;<\/p>\n\n\n\n \"The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions, and any one of the controls may have prevented the loss in the November 2022 Breach. Taken together, the failures were further magnified, since each control failure exacerbated the risk posed by the others.\"<\/em><\/p>\n\n\n\n The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
The whitepaper proposes a new response to these risks which include; greater transparency in vulnerability exploitation and patch adoption to deduce if current approaches are working, more attention on friction points to ensure risks to users are being comprehensively addressed, address the root cause\u00a0of vulnerabilities and prioritize modern secure software development, and protect good-faith security researchers\u00a0who make significant\u00a0contributions\u00a0to security through their efforts to find vulnerabilities before attackers can exploit them - these researchers are often met with legal threats and misunderstandings behind their intentions.<\/p>\n\n\n\n Google also stated that \"independent security researchers make enormous contributions to security, including at\u00a0Google<\/a>,\"<\/em> so they're also developing a fund which would protect good-faith security research in legal cases. <\/p>\n","post_title":"Google Establishes A Hacking Policy Council Among Others; Cybersecurity And Vulnerability Management","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"google-establishes-a-hacking-policy-council-among-others-cybersecurity-and-vulnerability-management","to_ping":"","pinged":"","post_modified":"2023-04-15 18:30:50","post_modified_gmt":"2023-04-15 08:30:50","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10946","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":10884,"post_author":"12","post_date":"2023-04-13 14:49:02","post_date_gmt":"2023-04-13 04:49:02","post_content":"\n The once loved, now disgraced crypto exchange FTX has had further details about the company's inner workings released in its latest bankruptcy report<\/a> from April 9th.<\/p>\n\n\n\n Under a section titled \"Lack of security controls to protect crypto assets\", the report states that;<\/p>\n\n\n\n \"The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions, and any one of the controls may have prevented the loss in the November 2022 Breach. Taken together, the failures were further magnified, since each control failure exacerbated the risk posed by the others.\"<\/em><\/p>\n\n\n\n The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
An accompanying whitepaper<\/a> titled \"Escaping The Doom Loop\" <\/em>was released by Google. The doom loop is the endless cycle of vulnerability, followed by patch, followed by vulnerability will be mitigated only by \"focusing on the fundamentals of secure software development, good patch hygiene, and designing for security and ease of patching from the start.\"<\/em><\/p>\n\n\n\n The whitepaper proposes a new response to these risks which include; greater transparency in vulnerability exploitation and patch adoption to deduce if current approaches are working, more attention on friction points to ensure risks to users are being comprehensively addressed, address the root cause\u00a0of vulnerabilities and prioritize modern secure software development, and protect good-faith security researchers\u00a0who make significant\u00a0contributions\u00a0to security through their efforts to find vulnerabilities before attackers can exploit them - these researchers are often met with legal threats and misunderstandings behind their intentions.<\/p>\n\n\n\n Google also stated that \"independent security researchers make enormous contributions to security, including at\u00a0Google<\/a>,\"<\/em> so they're also developing a fund which would protect good-faith security research in legal cases. <\/p>\n","post_title":"Google Establishes A Hacking Policy Council Among Others; Cybersecurity And Vulnerability Management","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"google-establishes-a-hacking-policy-council-among-others-cybersecurity-and-vulnerability-management","to_ping":"","pinged":"","post_modified":"2023-04-15 18:30:50","post_modified_gmt":"2023-04-15 08:30:50","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10946","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":10884,"post_author":"12","post_date":"2023-04-13 14:49:02","post_date_gmt":"2023-04-13 04:49:02","post_content":"\n The once loved, now disgraced crypto exchange FTX has had further details about the company's inner workings released in its latest bankruptcy report<\/a> from April 9th.<\/p>\n\n\n\n Under a section titled \"Lack of security controls to protect crypto assets\", the report states that;<\/p>\n\n\n\n \"The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions, and any one of the controls may have prevented the loss in the November 2022 Breach. Taken together, the failures were further magnified, since each control failure exacerbated the risk posed by the others.\"<\/em><\/p>\n\n\n\n The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n See Related:<\/em><\/strong> Sam Bankman-Fried Released on a $250M Bail; Former FTX Executives Plead Guilty<\/a><\/p>\n\n\n\n The phrase \"not your keys, not your coins\" is common place in the crypto industry, keys are the one barrier that prevent a bad player from stealing your assets, so it is understood that they should be protected with the upmost security. Well, the private keys and seed phrases were stored by FTX in plain text documents, no encryption, stored on AWS. These documents also weren't well organised and were left lying around different locations in their storage.<\/p>\n\n\n\n FTX also \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management,\u201d this is referring to multi-factor authentication which prevents someone accessing your account even if they have your password.<\/p>\n\n\n\n The list goes on, but one thing is clear, if FTX weren't to blow up when it had, it was bound to happen sooner or later.<\/p>\n\n\n\n See Related: <\/em><\/strong>FTX Co-Founder Pleads Guilty To Fraud Charges; Faces Up To 75 Years In Prison<\/a><\/p>\n","post_title":"FTXs Latest Bankruptcy Report Details Poor Financial Management And Cybersecurity","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"ftxs-latest-bankruptcy-report-details-poor-financial-management-and-cybersecurity","to_ping":"","pinged":"","post_modified":"2023-04-13 14:50:08","post_modified_gmt":"2023-04-13 04:50:08","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10884","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"}],"next":false,"total_page":false},"paged":1,"class":"jblog_block_13"};
Google's announcement states that cyber security risks often remain even after they're known and fixed, and new cyber security risks are often adaptations from previously patched ones.<\/p>\n\n\n\n An accompanying whitepaper<\/a> titled \"Escaping The Doom Loop\" <\/em>was released by Google. The doom loop is the endless cycle of vulnerability, followed by patch, followed by vulnerability will be mitigated only by \"focusing on the fundamentals of secure software development, good patch hygiene, and designing for security and ease of patching from the start.\"<\/em><\/p>\n\n\n\n The whitepaper proposes a new response to these risks which include; greater transparency in vulnerability exploitation and patch adoption to deduce if current approaches are working, more attention on friction points to ensure risks to users are being comprehensively addressed, address the root cause\u00a0of vulnerabilities and prioritize modern secure software development, and protect good-faith security researchers\u00a0who make significant\u00a0contributions\u00a0to security through their efforts to find vulnerabilities before attackers can exploit them - these researchers are often met with legal threats and misunderstandings behind their intentions.<\/p>\n\n\n\n Google also stated that \"independent security researchers make enormous contributions to security, including at\u00a0Google<\/a>,\"<\/em> so they're also developing a fund which would protect good-faith security research in legal cases. <\/p>\n","post_title":"Google Establishes A Hacking Policy Council Among Others; Cybersecurity And Vulnerability Management","post_excerpt":"","post_status":"publish","comment_status":"closed","ping_status":"closed","post_password":"","post_name":"google-establishes-a-hacking-policy-council-among-others-cybersecurity-and-vulnerability-management","to_ping":"","pinged":"","post_modified":"2023-04-15 18:30:50","post_modified_gmt":"2023-04-15 08:30:50","post_content_filtered":"","post_parent":0,"guid":"https:\/\/www.thedistributed.co\/?p=10946","menu_order":0,"post_type":"post","post_mime_type":"","comment_count":"0","filter":"raw"},{"ID":10884,"post_author":"12","post_date":"2023-04-13 14:49:02","post_date_gmt":"2023-04-13 04:49:02","post_content":"\n The once loved, now disgraced crypto exchange FTX has had further details about the company's inner workings released in its latest bankruptcy report<\/a> from April 9th.<\/p>\n\n\n\n Under a section titled \"Lack of security controls to protect crypto assets\", the report states that;<\/p>\n\n\n\n \"The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions, and any one of the controls may have prevented the loss in the November 2022 Breach. Taken together, the failures were further magnified, since each control failure exacerbated the risk posed by the others.\"<\/em><\/p>\n\n\n\n The November breach is in reference to a $650M breach just hours after Sam Bankman-Fried stepped down<\/a> as CEO.<\/p>\n\n\n\n See Related: <\/strong><\/em>Bankrupt FTX Investigates $650M Hack, Users Warned To Delete FTX App<\/a><\/p>\n\n\n\n The report details that FTX didn't have a cybersecurity staff, or a Chief Information Security Officer either. These important jobs meant to protect the billions of dollars of customer assets were relied upon on two software developers - neither of which had formal training within this field.<\/p>\n\n\n\n On top of this, \u201cthe FTX Group made little use of cold storage\u201d<\/em>. Instead they opted for hot storage for \"virtually all\"<\/em> assets, which has a direct link to the internet making these wallets hackable, compared to cold storage which remains offline. Using hot wallets is common place in exchanges, this allows liquidity to remain within the exchange, but often just enough is stored to keep assets liquid, the rest is put into cold storage - as it is far safer.<\/p>\n\n\n\n
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n
ADVERTISEMENT
Security, Encryption, Cold Storage, And Authentication<\/h2>\n\n\n\n