Ask HN: How did FTX not fail technically first?
A lot of articles mentions FTX development team consisting of 10-25 developers. In the Bloomberg documentary it says they all lived together. In court Gary Wang has also been showcased as one of the primary developers.
How did the FTX platform not fail technically? How were they able to build a trading platform that people were happy with and could support all the transactions?
In the court presentation screenshot of code from GitHub is shown. How has the source code not been leaked with such a small team?
The incentive to infiltrate a trading platform is enormous. Without dedicated security team and air tight deployment, I would have estimated that a technical failure would have been much higher than fraud.
There are examples like WhatsApp and Instagram where a small team made some big, but those were not integrating with money, which leaves a lot more room for error. A image or message not send or save, no big deal. A trade on a trading platform lost? Trust immediately lost and never recovered. Of course I don't know. This is just pure speculation. But perhaps it's just not that hard to build a trading platform with just a couple of (very good) developers? Not having separated large teams also has its benefits. Keep everything as simple as possible reduces complexity, which could make it more safe as well. I think you are right, but security teams is for when things does not go as expected. Like Opensea had insider trading but they were not nearly as big as FTX, everyone knew FTX. Opensea is “just” a marketplace, not even near a live trading platform. But there will probably be more information about it the next 10 years heh. > security teams is for when things does not go as expected. That's an unexpected view. Security teams are experts in security and help application developers think of ways the product could be exploited. Security teams run pen tests and bug bounty programs. Security teams manage compliance. Separation of duties is a critical part of building a secure system, and you can't have separation of duties properly if app developers do it all. Don't think of a security team a punishment for when things didn't go as expected, but a good security team can help increase velocity and confidence and security all at the same time. Yes, that is also what I meant :) But with 10-25 developers I do not think they had what we both think are essential. Vault of Satoshi was a great exchange that I think had like only 2 developers (though far less customers / features). I don't see anything about FTX that exceeds what 25 good developers could do. We know they saved money by not having a compliance department. It's documented that FTX would occasionally eat financial losses and shift them to Alameda to get them off the balance sheet. FTX was also "very easy to steal from" according to the book. I think it is also possible to build, but for a trading platform you have no room for mistake. Production being down and you could be liable for positions not be sold. Maybe that is were a lot of the money went. But what would you calculate the risk for one of the 25 developers being extorted? The benefits would easily be millions of dollars. It's called professional integrity. Maybe the concept is foreign to you. Although what with the fraud maybe that doesn't apply in this case. If anything it sounds largeish to do good work at a good clip for a focused product, depending on who you include (eg qa, management, etc people). What did they do that couldn't be done with ~5 devs? Yes, correctly, but that does not prevent extorting one of the developers and have that person help commit trading fraud or theft. Of course it is possible to do extortion in every sector, but no sector has companies that valuable in such short time. The companies usually sign NDAs with employees. Why wouldn’t that work? Also, 20 developers lived together in the same building? Interesting! Perhaps it was. But with SBF as the fall guy for those behind it, we will never know. The fall guy ? But he was the conspiracy's mastermind and main beneficiary :s Yeah, but during the trial it was not even hinted at that the platform was the problem for the lost money. He was hardly a fall guy.