Now-Bankrupt FTX Suffered Cybersecurity Deficiencies on an Unimaginable Scale

Latitude Financial vows not to pay ransom, GDAC exchange hacked for $13.9 million, Hacker steals $2 million from Terraport Finance days after launch, Circle tweets exposed to outsiders, much more

Check out my latest CSO column, which delves into a possible battle brewing over the FCC’s proposed data breach reporting requirements.

According to the company’s latest bankruptcy report, FTX, the crypto exchange that flamed out last year, suffered severe cybersecurity liabilities on a scale that few could imagine.

“The FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions,” the filing states.

First, FTX had no dedicated cybersecurity staff, according to the filing. The company had never hired a CISO to manage the company’s risks for them. Instead, they relied on two of the company’s software developers who, the report notes, did not have formal security training and whose jobs put them at odds with prioritizing security.

Moreover, the company failed to keep its users’ crypto assets in cold storage, a standard security practice by which most crypto excha…