Reminds me back at a certain large travel website I worked at, someone left the debug promo codes enabled in prod...
Eventually someone found the "5000off" code, and posted it to Slickdeals.
We had alarms for bookings that lost us money (especially with bundled flights), so it was found relatively quickly, but around 30 people had used it already...
Except SBF was just massive fraud, not a whoopsie doopsie.
At a certain shoe online retailer I worked at, we had a hard limit on the maximum discount, and it was built into the code. Not configurable, and not overridable. There were a lot of problems with that codebase, and some of those problems probably led to that particular solution, but I liked it.
For codebases with deployment modes, best practice may be to have a test process defined in your CI/CD to run when you spin-up prod that verifies all non-prod features are fully disabled.
WELCOME10, WELCOME20, etc also work a good amount of the time. A lot of the sign up for our mailing list and get a discount promo codes match up to WELCOME plus the percentage off.
Interestingly, while some are quoting a "single line of code", the article is actually using some even stranger information:
> "Mr. Wang created this back door by inserting a single number into millions of lines of code [emphasis mine] for the exchange, creating a line of credit from FTX to Alameda, to which customers did not consent," [FTX lawyer Andrew Dietderich] added. "And we know the size of that line of credit. It was $65 billion."
$65B seems oddly specific - could it be that they just set the liquidation limit for Alameda's account to 65,535 (max 16bit unsigned int), in millions of dollars?
Reading between the lines (and pattern matching), my interpretation is it’s likely a line that prevents balances going below zero. The number was an account number which was exempted from that particular check.
The $65B figure probably leads somewhere else and sounds like it would be counting bitcoins which peaked at over $65k per coin.
If there was some other limit that prevented his balance from falling below -$1M BTC, then Alameda “had access to” over $65B in credit (in October 2021)
Not quite the worst use for floats, bad though that would be.
I've received a few SMSes over the pandemic that used a float for their caller ID.
Not sure why the German Federal government chose to identify itself as "+4.4786E+11" when welcoming me into the country (actually me switching my UK SIM card to no-longer-Airplane-mode) and telling me to quarantine and test.
I recently recieved an email from Phillips (re CPAP recall) which said "In the meantime, your device registration confirmation
number is 2.02xxxxE+15." [some digits obscurred by me, although they dropped some of the trailing digits].
Maybe some specific accounts were hard-coded to have credit lines of certain amounts, and they just changed the one for Alameda from 0 (or whatever) to 65 billion.
Not uncommon for a startup to hack features into code directly before there's a db column and frontend to support updating values through an admin interface.
we're also basing a lot off a reporter's interpretation. Inserting a value into the database by hand would probably have similar effects and still be "programming".
This reminds of the book Dark Forest in the series 3 body problem
Spoiler Alert : In this book, a character invents a way to impart any belief into your mind. So if you read "water is poisonous" while in the MRI-type machine, your brain will completely believe that water is poisonous. The intention was for people to believe that they can win against the technologically superior aliens.
But the character made a one character change (+ to -) to modify the machine to make a person believe the opposite. So "humans will 100% win against aliens" became "humans will 100% lose against aliens"
Every once in a while I read about some wanna be criminal mastermind that got his idea for a crime from some TV show.
Maybe everything is feeding on itself and that's what the singularity actually is, humanity disappearing up its own butthole.
Logic as follows:
A) Truth is stranger than fiction.
- Golden age of streaming begets insatiable thirst for content.
3) An army of writers bangs out every ludicrous plot line imaginable.
◅ Quibi raises $2,000,000,000 to target youngsters with 10-minute quibisoides
• Movies with talking raccoons fighting space gods smash box office records
*) An AI trained on a billion monkeys with typewriters more efficiently hallucinates imagery than humans deemed possible. Prompt generated raccoons sweep oscars.
> SBF commits a 1 line change to FTX that results in 65 jillion dodge boondoggle
Somewhere a hackernews reader cackles manically in the darkness of night as he (or she!) conceives of hooking up Chat GPT to news feeds for soft real time true crime drama content generation for Netflix whilst waving goodbye to the last remnants of what was left of their sanity reading this bullshit instead of going to bed its 3am already what are you doing your brain is fried~~
(゚ヮ゚) A16Z invests the GDP of a small country to buy marketshare.
A Quaranteeny views a 10 second Quibi ad on TikTok for SBF: The Musical based on the novel "Git Push by SapphireAI" and gets inspired to drop out of high school and run for president.
President Comanche is sworn into office, January 20, 2029.
Yup, President Comanche timeline is in a film posing as a comedy, but which is actually a time-shifted documentary with the value of T unknown (and definitely not the stated value)...
The most unbelievable part of it is that the president would actually admit he didn't know what he was doing (and actually want to fix a situation out of genuine care) rather then double down and just have the protagonist killed in order to maintain control over whatever was left.
Or that Brawndo wouldn't have carried out a character assassination (or a genuine one) to keep sales rising for another quarter.
> "uh-oh, sphaghettio"s becomes a pretty tough legal defense.
I guess if a jury is involved you don't need a legal defense, you just need to confuse the jury to the point where they can't agree on the facts. "uh-oh spaghettios" has probably worked at least once, especially if computers are involved.
maybe. but there are underhanded code contests that are about submitting code that contains purposeful bugs but that aren't easily detected, and if detected, look like genuine mistakes (like off by one errors etc) rather than deliberate malicious code
Doesn't look like it: I mean sure, the entire system was many LOC, but in this case it appears accounts had automatic limits set as variables that could be overridden.
-- ""Mr. Wang created this back door by inserting a single number into millions of lines of code for the exchange, creating a line of credit from FTX to Alameda, to which customers did not consent," - guessing it was probably a flag? --
I don't see it mentioned in the article but is SBF still doing the "dumb blonde" act as though this were all an unintended accident or have his lawyers gotten him to tighten his lip?
You would think if you were raised by Stanford law professors, you would know the importance of staying silent and not incriminating yourself (especially on record). But I guess SBF has a superiority complex and thinks he can evade punishment if he can manipulate the right people.
“Dumb blonde” is not useful and such a silly stretch…I don’t think this was a good choice for a description of his actions and weakens the potential impact of your comment considerably.
I'd probably go with a phrase more like "innocent idiot" than dumb blonde. It even has alliteration, rolls off the tongue nicely in the courtroom for a jury.
Yes. It's surprising how dumb this whole scam was. Had nothing to do with cryptocurrency technology. It was straight theft of customer assets. Then they lost the money they stole. Probably because they were trying to double-down and win back previous trading losses.
Most crypto scams are better run than this. They get people to buy some crap asset, take a slice of the profits, the asset tanks, and the promoters keep their cut. Axie Infinity and Yuga Labs come to mind.
It seems insane that they'd let the limit be that high ($65B) but it's really quite reasonable when you look at it from the POV of already performing fraudulent activities. Once you're in the $100M-$500M range of theft, do you really care, does it really register morally/ethically (to the thief), if you bump that up to $65B?
Have they punished the total number of customer deposits? They keep saying they found $x billion in assets. But no mention of the liabilities or the delta between the two.
But seriously, I would love to know too. It really could be as simple as allowing a certain account "unlimited" credit, as the article suggests. I only have reservations since it seems like a bit of a game of telephone and sometimes journalists go for the sensational vs simple.
The first comparison is checking the ID so the rightful owner has access. The second comparison (unless it's been edited since you posted your comment) is checking the username against 'sbf'.
SBF may have made mistakes or even committed fraud, but it is concerning that bankruptcy attorney does not seem to focus on recovering the value of the assets.
If FTX US was liquid, this action has brought down another company...
I thought Matt Levine's take in Wednesday's Money Stuff was insightful:
> If you go around talking up the value of the FTX’s business and its tokens, you might be able to talk someone into paying a lot of money for them; maybe not now but perhaps in November. If you go around talking down the value of FTX — if you make statements about how poorly it was run and how much fraud it did — then that value will tend to zero, and you won’t be able to sell it.
> At some level Bankman-Fried is surely right that if he had remained CEO of FTX, instead of stepping down and being replaced by Ray, he would have had a better chance — though still quite slim — of selling FTX’s business and tokens for more money, and thus raising more money for FTX’s customers. If you want to sell that business, you have to say that it’s good.
> It’s just that, you know, if FTX was a fraud, he would have been getting that money for customers by doing more fraud? Like if Ray is right that FTX was a fraudulent mess, then he shouldn’t be trying to sell it to investors for a lot of money, since that would itself be fraud.
I assume they’re being honest about the value of the company. They’re not “lowering” it. The company is worth whatever a potential buyer is willing to pay for it. And whatever that number is, I can’t imagine it’s meaningfully different from “$0”.
I’m talking about the brand and the technology, not the assets that need to be distributed to creditors.
The alternative here is if the lawyers found the back door, and decided to keep it secret. That’s not ethical IMO.
Eventually someone found the "5000off" code, and posted it to Slickdeals.
We had alarms for bookings that lost us money (especially with bundled flights), so it was found relatively quickly, but around 30 people had used it already...
Except SBF was just massive fraud, not a whoopsie doopsie.