That’s a line from a Coinbase article published on Friday, and it’s been bouncing around my head all weekend.
As the dust from FTX begins to settle, the crypto industry is waking up to what we’ve always known: crypto needs solid accounting practices. The FTX fraud serves as proof that we are far from fulfilling that mandate.
In our last issue, we covered what happened with FTX from a general perspective. This week, we’re digging into the specific accounting failures and how we can prevent them moving forward.
FTX’s Accounting Failures
I recently came across an article by a former Chairman of PwC Philippines in which he states:
“‘Our profession is about the preservation of trust.’ Our real role is to protect what is true. As accountants, our real job is to be custodians of the truth.”
As I explained in a recent LinkedIn post, we’ve shown a poor track record of “preserving trust” over the past few years:
Despite investors questioning WeWork’s poor financial performance and Adam Neumann’s antics, EY gave WeWork their blessing.
Elizabeth Holmes’ trial revealed that at least three of the Big Four had provided services to Theranos during its run but never said a peep about the company’s unethical dealings.
The SEC fined KPMG $50 million in 2019 for using stolen PCAOB inspection information to cheat on audit inspections.
While the accountants aren’t the most guilty party of the FTX scandal, it’s another black mark on our already tarnished reputation. As much as I wish it weren’t so, FTX was largely an accounting failure. The appointed restructuring CEO John Jay Ray III, who oversaw Enron’s bankruptcy proceedings, says so himself:
“Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here.”
So, where did accounting fail, and where do we go from here?
Failure #1: Related-party Ruckus
Perhaps the biggest red flag neither auditors nor investors caught was the sheer volume and audacity of related-party transactions FTX documented over the past few years. There are so many of them that I’m not sure where to start.
Keep in mind, I’m only referring to the related-party transactions that were documented— the ones sitting right under our noses the whole time. First, SBF and a few other insiders played simultaneous roles as liquidity providers, market makers, and traders for the firm.
In fact, according to a recent CoinDesk article, for the years ended Dec. 31, 2021 and 2020, “liquidity provider, market making and trading exchange transactions with a related party together represented about 6% and 11% of total exchange transaction volume, […] respectively.”
Second, SBF paid himself massive sums of money from licensing exchange software to FTX—$250.4 million for the year ended Dec. 31, 2021—to be exact.
Third, audited financial statements disclose that FTX used related parties to manage currency and treasury management activities.
Fourth, the company used the FTX FTT token as currency for acquisitions. For example, Bankman-Fried acquired trading app Blockfolio for an estimated $150 million in October 2021. Here’s the FTX Trading/Prager Metis audit report language related to that transaction:
“The FTT receivable and liability are marked to market based on the quoted price for the FTT tokens at the reporting date. As of Dec. 31, 2021 and 2020, the receivable was $496.8 million and $44.6 million, respectively, and is presented as “receivable, related party” in the shareholders’ equity section on the consolidated balance sheets.”
Failure #2: “A Complete Failure of Corporate Controls”
For goodness sake, the guy that led Enron’s bankruptcy proceedings basically came out and said that FTX was worse than Enron, and Enron was what ultimately led to Sarbanes Oxley and the internal control testing requirements we have now. Here’s another quote from our guy John Jay Ray:
“From compromised systems integrity and faulty regulatory oversight abroad, to the concentration of control in the hands of a very small group of inexperienced, unsophisticated and potentially compromised individuals, this situation is unprecedented.”
Granted, FTX is a private company, so internal control audits weren’t necessarily required; however, it was large enough based on its combined revenue to not be exempt from providing an auditor’s report on internal controls. FTX’s internal control failures were so glaringly apparent that you’d have to try hard not to see them. And yet, neither the Armanino nor the Prager Metis audit reports provide an opinion on the internal controls over accounting and financial reporting.
From what I gathered from the FTX Chapter 11 Petitions and First Day Pleadings, FTX lacked internal controls of any kind, specifically:
Each of the four business silos within FTX was controlled by Mr. Bankman-Fried
“The FTX Group did not maintain centralized control of its cash. Cash management procedural failures included the absence of an accurate list of bank accounts and account signatories, as well as insufficient attention to the creditworthiness of banking partners around the world.”
FTX had no type of employee management, not even a list of employees, terms of their agreements, or each employee’s status.
FTX’s digital asset custody was entirely fraudulent. SBF and Gary Wang controlled all assets and used an unsecured group email account to share private keys. They also used “software to conceal the misuse of customer funds.”
Failure #3: Two Questionable Auditors
One of the first questions to naturally emerge in this scandal is, “who were the auditors?” There were two—apparently, having more auditors on a single engagement does not increase the quality of said audit. New York City-based firm Armanino performed the 2020 and 2021 FTX US audits, and — I kid you not — “Metaverse-based” Prager Metis, published a now-deleted post back in June 2022 saying that it was “proud to support FTX US.”
hed a now-deleted post back in June 2022 saying that it was “proud to support FTX US.”
Both Prager Metis and Armanino have less-than-stellar track records with the PCAOB, and now, with John Ray Jay III, who says he has “substantial concerns as to the information presented in these audited financial statements” and that the audited financials can’t be trusted.
I’m sure we could spend hours detailing every accounting failure that contributed to FTX’s fraud, but I’d rather refocus our energy on discussing a solution, which brings us to our next section.
Where Do We Go From Here?
In an ironic twist, crypto brokers, lenders, and exchanges are scrambling to put their clients at ease by getting the blessing of an auditor. But the “audits” they are getting look mighty similar to the “audits” FTX received. You’ve probably heard talk of “proof-of-reserves” — a way to verify that a platform holds enough assets to match their users’ deposits.
As I see it, this is our opportunity as accountants to either redeem ourselves as “custodians of the truth” or sit idly by as someone else (hopefully) solves the problem. Before you decide to quit your day job and make it your life’s mission to solve crypto’s accounting problem, know that there are no easy answers here.
As with many other innovations within digital assets, bringing accounting transparency to the blockchain will require a massive coordinated effort. I’ll share my initial thoughts on the matter in hopes that more competent accountants (maybe even somebody reading this!) will put some brain power into a solution.
Trust on a Spectrum
Before we can get into the nitty-gritty of how crypto companies can provide proof of reserves, you have to understand what crypto ideally seeks to be: a distributed, trustless system. The FTX fraud proves we are far from making this a reality—we trusted Sam Bankman-Fried, and he betrayed that trust. That said, accountants should understand that this is one of the foundational rules of the sandbox we play in. And I tread lightly here; full financial statement audits by independent third parties go a long way to establishing transparency, but even those are not enough on their own. After all, this approach still requires tremendous trust in the auditors.
It’s helpful to think of trust as being on a spectrum. On one end, we have the more centralized traditional finance form of trust: trust companies to act in good faith and trust auditors to do their job right. On the other end, we have the more crypto-native approach of trusting mathematics, computer code, and node validators to do their job. Several techniques for establishing proof-of-reserve lie at different points on the spectrum, and each has pros and cons.
Potential Paths to Proof-of-Reserves (PoR)
Rather than reinvent the wheel, I’ll synthesize thoughts from two of the most prominent thinkers in the industry here: Vitalik Buterin, Co-founder of Ethereum, and Philip Martin, Chief Security Officer at Coinbase. I strongly recommend reading each of these articles. How do we go about establishing proof-of-solvency for crypto custodians? Here are a few techniques, in rough order from least desirable to most desirable:
Self-attested proof-of-reserve (PoR). In this technique, the platform discloses public addresses and proof that they own the associated private key. The easiest way to do this would be to publish a list of usernames and balances, then users could check that their balance is included, and anyone could audit the list. This would create a massive privacy problem, so you could encrypt the list, but even this leaks balances and changes in the pattern of balances.The other problem here is that it doesn’t prove that liabilities are less than assets—in accounting speak: we’re only verifying one side of the ledger. You also run into problems with collateral dual-use. There aren’t many safeguards in place to prevent crypto custodians from shuttling funds back and forth to falsify proof of assets.
Third party audited PoR. As above, but conducted by an independent 3rd party. This technique adds a layer of assurance but does little to detect or prevent the flaws outlined above.
Self-attested PoR-and-liability (PoRL). As above, but including both proof of assets and proof of liabilities, generally using a Merkle tree to allow for customer validation of the inclusion of their specific balances in the total liability amount.Now we’re looking at both sides of the balance sheet, but privacy leakage is still possible. Vitalik makes a strong case for improving privacy via the powerful ZK-SNARK technology. ZK-SNARKs are zero-knowledge, succinct, non-interactive, argument of knowledge. Translation: cryptographic proof that allows one party to prove it possesses certain information without revealing that information.
Third party audited PoRL. As above, but conducted by an independent 3rd party.
Non-custodial exchange. This last option wasn’t included in the Coinbase article, though Vitalik alluded to it in his. In a perfect world, all exchanges would be non-custodial and we wouldn’t have to trust any outside party with our funds or our privacy. Strong wallet recovery options would exist in the case of user error. However, this is an idealistic future that may never exist.
There’s so much more that we could cover here, and I’m sure we will in future Triple Entry issues.
The Water Cooler
Things worth talking about at the office water cooler…if you 1) talk to people, 2) still work in an office, and 3) have a water cooler.
Other Significant Findings
Circle, creator of the stablecoin USDC, added support for Apple Pay, which means iPhone users can now make crypto payments in Apple Pay using USDC. This is mostly exciting news for crypto-native businesses, who now have a way to connect with a) the crypto dabblers who happen to use Apple Pay and b) the Apple Pay users who have no idea what crypto even is. This may also encourage traditional businesses that accept Apple Pay to start thinking about adopting digital currency.
Featured Funding Find: Matter Labs Closes Series C
Matter Labs created zkSync, a form of zero-knowledge roll-up offering cheaper and faster transactions than the main Ethereum blockchain. Everything they build is open source and centered around the goal of “accelerat[ing] the mass adoption of crypto for personal sovereignty.”
This latest round of funding sets Matter Labs up to launch first-party projects on their own zkSync, as well as fund third-party ecosystem projects built by other teams and develop their education and tutorial arm.
Matter Labs’ commitment to open source is a foundational aspect of their ethos. Their next milestone as a company is fully open sourcing zkSync 2.0. Not only will this be a first-of-its-kind move (no other ZK-rollup has been fully open sourced), but it factors heavily into their mission as a company. The hope is that open sourcing their technology will position its core innovation of the zero-knowledge prover as the gold standard for the ecosystem.
The hits keep coming, by which we mean every single meme we’ve seen coming out of this FTX debacle has been a hit.
Like what you’re reading? All of this can be yours.
As a subscriber, you’ll receive our bi-weekly newsletter, Triple Entry, plus occasional industry insights, web3 webinar invites, and announcements of new global domination initiatives product launches.
If it’s not your style, you can unsubscribe at any time.
Big news! Multisig is joining forces with Bitwave, the leading crypto accounting software! The acquisition was announced live on stage at Enterprise Digital Asset Summit (EDAS) 2023. We’re excited to reinforce our shared commitment to empower, inform, and educate accounting and finance professionals everywhere!