{"id":51416,"date":"2023-04-11T14:13:43","date_gmt":"2023-04-11T14:13:43","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34511\/FTXs-Cybersecurity-Was-Hilariously-Bad.html"},"modified":"2023-04-11T14:13:43","modified_gmt":"2023-04-11T14:13:43","slug":"ftxs-cybersecurity-was-hilariously-bad","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/","title":{"rendered":"FTX&#8217;s Cybersecurity Was Hilariously Bad"},"content":{"rendered":"<p class=\"sc-77igqf-0 fnnahv\">&nbsp;<\/p>\n<figure class=\"sc-1eow4w5-1 fuSEnv align--bleed js_lazy-image js_marquee-assetfigure\" data-id=\"bf06a6ad554b649380b37afc6622b8ef\" data-recommend-id=\"image:\/\/bf06a6ad554b649380b37afc6622b8ef\" data-format=\"jpg\" data-width=\"1842\" data-height=\"1036\" data-lightbox=\"true\" data-recommended=\"false\" data-hide=\"false\" contenteditable=\"false\" draggable=\"false\" readability=\"1\">\n<div class=\"sc-1eow4w5-2 fDJNBs has-data img-wrapper\" contenteditable=\"false\" data-link-reference data-link-target data-syndicationrights=\"true\" data-imagerights=\"getty\" data-hide=\"false\" data-hidecredit=\"false\" readability=\"7\"><span class=\"sc-1eow4w5-0 knmQPh js_lightbox-wrapper\"><\/p>\n<div class=\"sc-1eow4w5-3 cPhAPD\"><picture class=\"lazy-picture\"><source media=\"(max-width: 37.31em)\" type=\"image\/jpeg\" srcset=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,q_60,w_645\/bf06a6ad554b649380b37afc6622b8ef.jpg\"><source media=\"(min-width: 37.37em)\" type=\"image\/jpeg\" srcset=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,q_60,w_965\/bf06a6ad554b649380b37afc6622b8ef.jpg\"><img decoding=\"async\" alt=\"Image for article titled FTX&amp;#39;s Cybersecurity Was Hilariously Bad\" data-chomp-id=\"bf06a6ad554b649380b37afc6622b8ef\" data-format=\"jpg\" data-alt=\"Image for article titled FTX&amp;#39;s Cybersecurity Was Hilariously Bad\" data-anim-src src=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,q_60,w_645\/bf06a6ad554b649380b37afc6622b8ef.jpg\"><\/picture><\/div>\n<p><\/span><\/p>\n<p><figcaption class=\"sc-7s1ndr-0 ljxJEn no-caption\">Photo<!-- -->: <!-- -->Joe Raedle<!-- --> (<!-- -->Getty Images<!-- -->)<\/figcaption><\/p>\n<\/div>\n<p><span data-id=\"bf06a6ad554b649380b37afc6622b8ef\" data-recommend-id=\"image:\/\/bf06a6ad554b649380b37afc6622b8ef\" data-format=\"jpg\" data-width=\"1842\" data-height=\"1036\" data-lightbox=\"true\" data-recommended=\"false\" data-hide=\"false\" class=\"js_recommend\"><\/span><\/figure>\n<div class=\"sc-1needdh-1 kpYvjT\">\n<div class=\"sc-1needdh-0 hsbzGp instream-native-video instream-permalink instream-native-video--mobile\">\n<div class=\"sc-1h0epat-0 dfVCNP\">\n<div class=\"sc-1wkneyl-4 kDKXjm video-html5-playlist\" data-playlist=\"193767,191049,194337\" data-current=\"193767\">\n<div class=\"sc-1wkneyl-0 hAZDOz video-html5-loaded\">\n<div class=\"sc-1wkneyl-1 jShsAa video-html5-player\">\n<div class=\"sc-lhhce6-0 kCklUE video-html5 autoplay muted mobile\" data-video-id=\"193767\" data-monetizable=\"true\" data-position=\"sidebar\" data-video-title=\"Pentagon Employees Too Horny to Follow Rules\" data-video-blog-id=\"4\" data-video-network=\"gizmodo\" data-video-duration=\"122\" readability=\"4.4745762711864\">\n<div class=\"sc-lhhce6-2 emBeiF video-top-bar\" readability=\"7\">\n<p>Pentagon Employees Too Horny to Follow Rules<\/p>\n<\/div>\n<p><video disablepictureinpicture muted playsinline width=\"100%\" height=\"100%\" crossorigin=\"anonymous\" preload=\"none\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193767\/193767_240p.mp4\" label=\"240p\" type=\"video\/mp4\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193767\/193767_480p.mp4\" label=\"480p\" type=\"video\/mp4\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193767\/193767_720p.mp4\" label=\"720p\" type=\"video\/mp4\"><source data-src=\"https:\/\/vid.kinja.com\/prod\/193767\/193767_1080p.mp4\" label=\"1080p\" type=\"video\/mp4\"><track kind=\"captions\" label=\"English\" src=\"https:\/\/kinja.com\/api\/videoupload\/caption\/19219.vtt\" srclang=\"en\"><\/video><\/p>\n<div class=\"sc-1yhvqfu-3 ghtqRH video-controls\">\n<div class=\"sc-1yhvqfu-2 elBHkL\">\n<div class=\"sc-1sfctwm-2 fXTnmP closed-captions-box hide\">\n<div class=\"sc-1sfctwm-1 jglhFk\">\n<div class=\"sc-1sfctwm-0 hbyQRD\">\n<ul>\n<li class=\"selected\" data-label>Off<\/li>\n<li class data-label=\"English\">English<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">FTX, the <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.wsj.com\/articles\/crypto-bitcoin-ftx-bankman-fried-11661206532&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.wsj.com\/articles\/crypto-bitcoin-ftx-bankman-fried-11661206532\" target=\"_blank\" rel=\"noopener noreferrer\">once beloved<\/a><\/span> crypto exchange that <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;Internal link&quot;,&quot;https:\/\/gizmodo.com\/ftx-bankruptcy-crypto-sam-bankman-fried-binance-1849772418&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/gizmodo.com\/ftx-bankruptcy-crypto-sam-bankman-fried-binance-1849772418\">imploded<\/a><\/span> in a maelstrom of financial misconduct last year, appears to have spent little effort protecting its customers\u2019 digital assets. Indeed, the company\u2019s <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;Internal link&quot;,&quot;https:\/\/gizmodo.com\/ftx-debtors-report-sbf-sam-bankman-fried-crypto-1850318401&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/gizmodo.com\/ftx-debtors-report-sbf-sam-bankman-fried-crypto-1850318401\">latest bankruptcy report<\/a><\/span> reveals that, in addition to managing its finances like a debauched Roman emperor, the disgraced crypto exchange also had some of the worst cybersecurity practices imaginable.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">Of course, we\u2019ve known that FTX sucked at cyber since at least last November when, less than 24 hours after the company declared Chapter 11 <!-- -->and its former <!-- -->CEO, Sam Bankman-Fried<!-- -->, stepped down, the company suffered a massive <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;Internal link&quot;,&quot;https:\/\/gizmodo.com\/ftx-says-it-may-have-been-hacked-as-600-million-in-cr-1849776288&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/gizmodo.com\/ftx-says-it-may-have-been-hacked-as-600-million-in-cr-1849776288\">cyberattack<\/a><\/span>. During that cyberattack, someone<!-- --> made off with $432 million in assets, a bundle of dig<!-- -->ital cash that is still unaccounted for\u2014just like <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/mashable.com\/article\/ftx-missing-customer-funds&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/mashable.com\/article\/ftx-missing-customer-funds\" target=\"_blank\" rel=\"noopener noreferrer\">a whole lot more<\/a><\/span> of FTX customers\u2019 money.<\/p>\n<p class=\"sc-77igqf-0 fnnahv\">At the time, the hacking incident seemed like just more bad news on top of an already epic shit sundae, but now we have a little more context for the episode. Monday\u2019s report, which extensively reviews the company\u2019s total failure to institute quite basic digital protections, is a comic masterpiece that will make you wonder how the company didn\u2019t get hacked earlier.<\/p>\n<div class=\"sc-bxm4mm-7 jKZusJ\">\n<div class=\"sc-17kx9cd-5 kDVAgq\">\n<div class=\"sc-bxm4mm-0 cfXsIw\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">\u201cThe FTX Group failed to implement basic, widely accepted security controls to protect crypto assets. Each failure was egregious in the context of a business entrusted with customer transactions,\u201d the filing states. Here are some of the takeaways about those failures. <\/p>\n<h3 class=\"sc-1bwb26k-1 igvwmj\" id=\"h38137\"><strong>FTX Didn\u2019t Have a Cybersecurity Staff<\/strong><\/h3>\n<p class=\"sc-77igqf-0 fnnahv\">Despite being a company tasked with protecting tens of billions of dollars in crypto assets, FTX had no dedicated cybersecurity staff. None. Indeed, Monday\u2019s filing shows the company never bothered to hire a <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.zdnet.com\/article\/what-is-a-ciso-everything-you-need-to-know-about-the-chief-information-security-officer\/&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.zdnet.com\/article\/what-is-a-ciso-everything-you-need-to-know-about-the-chief-information-security-officer\/\" target=\"_blank\" rel=\"noopener noreferrer\">CISO<\/a><\/span> (a chief information security officer) to manage its risks for them. Instead, they relied on two of the company\u2019s software developers who, the report notes, did not have formal training in security and whose jobs put them at odds with actually prioritizing security. The report states: <\/p>\n<blockquote data-type=\"BlockQuote\" class=\"sc-8hxd3p-0 eXwMsK\" readability=\"18\">\n<p class=\"sc-77igqf-0 fnnahv\">The FTX Group had no independent Chief Information Security Officer, no employee with appropriate training or experience tasked with fulfilling the responsibilities of such a role, and no established processes for assessing cyber risk, implementing security controls, or responding to cyber incidents in real time&#8230;as with critical controls in other areas, the FTX Group grossly deprioritized and ignored cybersecurity controls, a remarkable fact given that, in essence, the FTX Group\u2019s entire business\u2014its assets, infrastructure, and intellectual property\u2014consisted of computer code and technology.<\/p>\n<\/blockquote>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">Granted, lots of tech companies suffer from <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.forbes.com\/sites\/forbesbusinesscouncil\/2022\/12\/06\/fixing-the-cybersecurity-staff-shortage\/?sh=2f7e492a5b4a&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.forbes.com\/sites\/forbesbusinesscouncil\/2022\/12\/06\/fixing-the-cybersecurity-staff-shortage\/?sh=2f7e492a5b4a\" target=\"_blank\" rel=\"noopener noreferrer\">staffing shortages<\/a><\/span> when it comes to cybersecurity but that\u2019s really only excusable if you\u2019re a startup and don\u2019t have the manpower or capital to hire competent people. In the days before its implosion, FTX was <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.cnbc.com\/2022\/11\/21\/collapsed-crypto-exchange-ftx-owes-top-50-creditors-3-billion-filing.html&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.cnbc.com\/2022\/11\/21\/collapsed-crypto-exchange-ftx-owes-top-50-creditors-3-billion-filing.html\" target=\"_blank\" rel=\"noopener noreferrer\">reported<\/a><\/span> to be worth as much as $32 billion. Suffice it to say, I think they could\u2019ve hired a guy. <\/p>\n<h3 class=\"sc-1bwb26k-1 igvwmj\" id=\"h38138\">FTX Pretty Much Never Used Cold Storage, the Industry Standard<\/h3>\n<p class=\"sc-77igqf-0 fnnahv\">Another really dumb thing that FTX did was fail to keep its users\u2019 crypto assets in cold storage\u2014a standard security practice that most crypto exchanges claim to abide by. <\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">In general, crypto assets can be stored in two separate ways: \u201c<span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.cnet.com\/personal-finance\/crypto\/the-best-bitcoin-and-crypto-wallets\/&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.cnet.com\/personal-finance\/crypto\/the-best-bitcoin-and-crypto-wallets\/\" target=\"_blank\" rel=\"noopener noreferrer\">hot wallets<\/a><\/span>,\u201d which are software-based accounts connected to the internet; and \u201c<span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;Internal link&quot;,&quot;https:\/\/gizmodo.com\/theres-a-deep-cold-storage-vault-for-bitcoin-opening-1498724065&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/gizmodo.com\/theres-a-deep-cold-storage-vault-for-bitcoin-opening-1498724065\">cold storage<\/a><\/span>,\u201d which is an offline, hardware-based form of storage. Cold storage is considered secure, while \u201chot wallets\u201d are riskier, because\u2014being linked to the web\u2014they can (and often do) <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.coindesk.com\/markets\/2022\/08\/03\/phantom-wallet-exploit-drains-millions-in-sol-tokens\/&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.coindesk.com\/markets\/2022\/08\/03\/phantom-wallet-exploit-drains-millions-in-sol-tokens\/\" target=\"_blank\" rel=\"noopener noreferrer\">get hacked<\/a><\/span>. <\/p>\n<p class=\"sc-77igqf-0 fnnahv\">Common wisdom suggests that companies keep just as much crypto in hot wallets as necessary to keep accounts liquid, while the rest of the crypto should be kept in cold storage. However, FTX didn\u2019t do that; instead, the report says it kept \u201cvirtually all\u201d of its customers\u2019 assets in hot wallets.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">Did FTX not know that cold storage was more secure or something? Nope, worse than being too stupid to implement proper controls, the exchange\u2019s leadership appears to have just not given much of a shit.<\/p>\n<p class=\"sc-77igqf-0 fnnahv\">\u201cThe FTX Group undoubtedly recognized how a prudent crypto exchange should operate, because when asked by third parties to describe the extent to which it used cold storage, it lied,\u201d the report states, listing off a number of examples in which FTX executives\u2014including SBF\u2014claimed that they kept users\u2019 assets in cold storage. In one instance, the company told investors that, in keeping with industry best practices, it kept a small amount of crypto in hot wallets, while the rest was \u201cstored offline in air gapped encrypted laptops, which are geographically distributed.\u201d But this was, according to the report, just bullshit.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">Instead, as the report notes, \u201cthe FTX Group made little use of cold storage\u201d except in Japan, \u201cwhere [it was] required by regulation to use\u201d it. <\/p>\n<h3 class=\"sc-1bwb26k-1 igvwmj\" id=\"h38139\">Private Cryptographic Keys Were Left Unencrypted<\/h3>\n<p class=\"sc-77igqf-0 fnnahv\">Another totally idiotic thing that the FTX peeps did is keep clients\u2019 sensitive cryptographic keys and seed phrases stored in plaintext documents that were apparently accessible by staff. <\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 fnnahv\">In crypto, the key or seed phrase is the password that gets you inside a user\u2019s individual wallet. Suffice it to say, industry standards compel crypto exchanges to keep that information encrypted and, thus, safe from prying eyes. Not so, with FTX\u2014which apparently kept keys that could open wallets worth tens of millions of dollars unencrypted, in plaintext, just lying around in AWS. <\/p>\n<p class=\"sc-77igqf-0 fnnahv\">According to the report, this was part and parcel of a generally disorganized approach to security, in which \u201cprivate keys and seed phrases used by FTX.com, FTX.US, and Alameda were stored in various locations throughout the FTX Group\u2019s computing environment in a disorganized fashion, using a variety of insecure methods and without any uniform or documented procedure.\u201d<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<h3 class=\"sc-1bwb26k-1 igvwmj\" id=\"h38140\">The FTX Gang Didn\u2019t Really Use Multi-Factor Authentication<\/h3>\n<p class=\"sc-77igqf-0 fnnahv\">SBF and his merry band of hipsters also apparently \u201cfailed to effectively enforce the use\u201d of multi-factor authentication (MFA)\u2014a very basic form of web security that pretty much everybody who works in an office knows about. The recently released report states that the crypto exchange\u2019s leadership \u201cfailed to implement in an appropriate fashion even the most widely accepted controls relating to Identity and Access Management (\u201cIAM\u201d).\u201d This included a failure to use MFA as well as single-sign on services\u2014also widely considered to be an industry best practice.<\/p>\n<div class=\"sc-17kx9cd-5 kDVAgq js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic\">\n<div class=\"sc-17kx9cd-4 bNalOf ad-unit ad-mobile\">\n<p>Advertisement<\/p>\n<\/div>\n<\/div>\n<h3 class=\"sc-1bwb26k-1 igvwmj\" id=\"h38141\">And much, much more!<\/h3>\n<p class=\"sc-77igqf-0 fnnahv\">There are a lot of other hilarious jewels of security negligence that FTX appears to have committed, so I\u2019d suggest reading the <span><a class=\"sc-1out364-0 dPMosf sc-145m8ut-0 jCErAQ js_link\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.prnewswire.com\/news-releases\/ftx-debtors-release-report-on-ftx-groups-control-failures-301792891.html&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.prnewswire.com\/news-releases\/ftx-debtors-release-report-on-ftx-groups-control-failures-301792891.html\" target=\"_blank\" rel=\"noopener noreferrer\">full report<\/a><\/span> if you want your jaw to drop to the floor. <\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34511\/FTXs-Cybersecurity-Was-Hilariously-Bad.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":51417,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10468],"class_list":["post-51416","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerdata-lossfraudcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FTX&#039;s Cybersecurity Was Hilariously Bad 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FTX&#039;s Cybersecurity Was Hilariously Bad 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-11T14:13:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,q_60,w_645\/bf06a6ad554b649380b37afc6622b8ef.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"FTX&#8217;s Cybersecurity Was Hilariously Bad\",\"datePublished\":\"2023-04-11T14:13:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/\"},\"wordCount\":1116,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ftxs-cybersecurity-was-hilariously-bad.jpg\",\"keywords\":[\"headline,hacker,data loss,fraud,cryptography\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/\",\"name\":\"FTX's Cybersecurity Was Hilariously Bad 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ftxs-cybersecurity-was-hilariously-bad.jpg\",\"datePublished\":\"2023-04-11T14:13:43+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ftxs-cybersecurity-was-hilariously-bad.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ftxs-cybersecurity-was-hilariously-bad.jpg\",\"width\":645,\"height\":363},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ftxs-cybersecurity-was-hilariously-bad\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,data loss,fraud,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerdata-lossfraudcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"FTX&#8217;s Cybersecurity Was Hilariously Bad\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FTX's Cybersecurity Was Hilariously Bad 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/","og_locale":"en_US","og_type":"article","og_title":"FTX's Cybersecurity Was Hilariously Bad 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-11T14:13:43+00:00","og_image":[{"url":"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,q_60,w_645\/bf06a6ad554b649380b37afc6622b8ef.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"FTX&#8217;s Cybersecurity Was Hilariously Bad","datePublished":"2023-04-11T14:13:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/"},"wordCount":1116,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/ftxs-cybersecurity-was-hilariously-bad.jpg","keywords":["headline,hacker,data loss,fraud,cryptography"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/","url":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/","name":"FTX's Cybersecurity Was Hilariously Bad 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/ftxs-cybersecurity-was-hilariously-bad.jpg","datePublished":"2023-04-11T14:13:43+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/ftxs-cybersecurity-was-hilariously-bad.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/04\/ftxs-cybersecurity-was-hilariously-bad.jpg","width":645,"height":363},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ftxs-cybersecurity-was-hilariously-bad\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,data loss,fraud,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerdata-lossfraudcryptography\/"},{"@type":"ListItem","position":3,"name":"FTX&#8217;s Cybersecurity Was Hilariously Bad"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51416","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51416"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51416\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/51417"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51416"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51416"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51416"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}