On April 9, 2023, John J. Ray III filed the First Interim Report in the FTX bankruptcy case. Interim Report

This first interim report provides a high-level overview of certain of the FTX Group’s control failures in the areas of (i) management and governance, (ii) finance and accounting, and (iii) digital asset management, information security and cybersecurity. The report does not address all control failures in these or other areas. The Debtors continue to learn new information daily as their work progresses and expect to report additional findings in due course. Interim Report

The report starts off by summarizing the “five core objectives” the Debtors hoped to accomplish with in the FTX Chapter 11 bankruptcy filing. Those objections included: (1) implementation of controls, (2) asset protection and recovery, (3) transparency and investigation, (4) efficiency and coordination, and (5) maximization of value. Crypto Criminal Defense Lawyer Blog 

The report emphasizes the alleged lack of records and evidence within the FTX Group, noting “extensive commingling of assets” that made it challenging for the group to identify and protect those assets. The report also recounts a “massive cyberattack”, resulting in a $432 million loss which only added to the complexity of the Debtor’s work.

The report further highlights that: 

Despite the public image it sought to create of a responsible business, the FTX Group was tightly controlled by a small group of individuals who showed little interest in instituting an appropriate oversight or control framework. These individuals stifled dissent, commingled and misused corporate and customer funds, lied to third parties about their business, joked internally about their tendency to lose track of millions of dollars in assets, and thereby caused the FTX Group to collapse as swiftly as it had grown. In this regard, while the FTX Group’s failure is novel in the unprecedented scale of harm it caused in a nascent industry, many of its root causes are familiar: hubris, incompetence, and greed. Interim Report

The Report identified several “control failures” including:

  1. Management and governance: The Report noted that the FTX Group allegedly lacked appropriate management, governance, and organizational structure—finding that a handful of employees had virtually limitless power with no effective oversight or controls.

  2. Finance and accounting: Despite handling billions of dollars in assets and millions of transactions per day, the FTX Group allegedly lacked fundamental financial and accounting controls, complicating the reconstruction of their balance sheets.

  3. Digital asset management, information security, and cybersecurity: The report observed that FTX Group's alleged control deficiencies exposed their crypto assets to grave risks, including the November 2022 Breach.

Among many examples of its control deficiencies in this area, the FTX Group did not have any mechanism to identify promptly if someone accessed the private keys of central exchange wallets holding hundreds of millions or billions of dollars in crypto assets, and it did not fully enable even the basic features offered by AWS to assist with cyber threat detection and response.“root” login to its AWS account, the cloud computing environment where it operated the FTX exchanges and stored keys to billions of dollars in crypto assets, even though such access would provide virtually complete access to the environment. Interim Report

The Report further noted that the Debtors have recovered and secured over $1.4 billion in digital assets and identified an additional $1.7 billion in the process of being recovered. The Report concluded by noting that this is an ongoing investigation and that continued recovery efforts they will continue to provide further updates on the proceedings.

This blog post was prepared with the assistance of ChatGPT-4 AI. Nothing in this post should be considered legal advice or the creation of an attorney-client relationship. This blog is strictly for informational purposes only.