“Note to self: if you’re going to write code to do fraud, make it messy and unreadable to reduce the chances it’s later put in front of a jury as evidence.”
But fraudsters need to work with their code too… it’s hard to maintain an obfuscated codebase
Looks like the developer in question had to be agile when it came to doing further frauds, so having a clean, easy-to-understand codebase was important.
I know this comment was mostly intended to just be humorous, but I think that at the heart it is really the truth. This was not a carefully planned scam, but one that grew into fraud gradually. No doubt they hoped that they would be able to remove this little hack at some point in the future, in which case having this code be clearly identifiable would be highly desirable.
This boggles my mind. If criminals don’t take the time to make sure their systems and processes are well put together, their enterprise will fail. The level of self awareness and yet total lack of remorse needed to write well-written code to perpetrate fraud is just nuts to me.
Clearly the Right Solution is doing the checks that turn your code into fraud as an inject-able library. That way your code is tested but so is your fraud, by a smaller group.
It should be noted that no ethically-trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would instead require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter.
By all accounts everyone involved in FTX was conventionally intelligent (i.e. tested well on various metrics designed to measure what most people consider “intelligence”.) So if SBF is convicted, at least one “intelligent” criminal will be known.
The programmer in question, Wang, has also been indicted but pleaded guilty and agreed to cooperate. I don’t know much about US criminal law in this case, but even if SBF walks, Wang will be convicted, so there’s one almost guaranteed “intelligent” criminal.
They may score well on IQ tests but they definitely acted dumbly (probably because of overconfidence).
Accounts of the situation also seem to indicate that SBF acted very dumb on multiple occasions. It looks like the situation was too big to handle for him. If he acted smartly, he would definitely still be a billionaire today.
So I still consider him as dumb as being caught was totally preventable if he had been rationale.
(now, it indicates that dumbness/intelligence is not a one-dimensional scale. It also involves managing your emotion, anticipating emotions from others, etc)
Another example is Elon Musk, which seems to have been totally smart in the past but went berserk (could not rationally handle fame and fortune and entered a stupidity spiral loop were he has to do even more stupid thnigs in order to justify that the previous actions were not totally stupid. Donald Trump is probably another case were he entered the presidential race only as a publicity stunt for his TV show and became elected so started to believe in his own persona)
It cites passages about SBF’s upbringing and earlier career which to my mind at least adheres to the conventional view of an intelligent person:
bored at school because was not intellectually challenging
could hold his own in conversations with his parents and their peers (his parents were law professors at Stanford)
accepted to MIT
worked at Jane Street
played bughouse chess
Now, the review also notes that the book paints SBF as an amoral person with zero consideration for other people’s lives, but that is not incompatible with conventional views of intelligence either.
I don’t consider Lewis’s hagiography to be a reliable source. As for being accepted to MIT and working at Jane St, it seems rather presumptuous to say most people accept that as a measure of intelligence, rather than privilege.
Among the maxims on Lord Naoshige’s wall there was this one: ‘Matters of great concern should be treated lightly.’ …Among one’s affairs there should not be more than two or three matters of what one would call great concern. If these are deliberated upon during ordinary times, they can be understood.
“Deliberated upon during ordinary times” is key, here. It means: think deeply about matters of great importance in advance, so your decision making on the spot will be easier.
This is some of the best advice I’ve ever read, and has helped me weather exceptional crises particularly well.
I can’t help but think this may all have turned out differently if the engineers involved had followed a similar practice.
for SURE, and I fully co-sign this advice. I like to say that if you don’t do your moral thinking in advance, the big, high-impact decisions don’t feel like big decisions at all, they feel like one more work item to get through on a Friday afternoon before going home for the weekend.
It’s surprisingly easy for a culture to turn toxic / dangerous / criminal in small increments, such that each individual increment can be rationalised.
I’d guess this is the way most good people turn bad. They don’t wake up one morning and decide “time to join the dark side of the force!”. Rather they wake up one morning and realise, to their horror, that it happened without them ever really noticing it.
I love how they have exactly one type annotation in the code. Like they were trying to make the code safe but saw the 65 billion fraud limit and gave up.
I believe mypy can infer that update_public_insurance_fund() has a return type of None, so technically only _get_change() requires an annotation to declare its return type.
I love the contrast between the “invest in the decentralized transparent secure blockchain cryptoassets” and their insurance fund made of a random number, infinite money flag in the database, and the real money tracked in his secret excel spreadsheet.
Next they should check how the Tether fund is going
Not sure we should be concerned about Tether. Could they have also invented the allow_negative technology? It seems like a pretty powerful insight into the fundamental nature of finance, free trade, and - dare I say - mathematics itself.
If it was something arbitrary, you’d think that this whole idea of a “financial instrument” was built on a grifter’s slight of hand.
Tether is a fully centralized privately operating money printer, and the dollar backing that is the basis for the coin is entirely “trust us, we have the money”.
It makes sense that it would be derived from 65535. But what explains the 0.000006 deviation from 65356? Could it be related to how real in Postgres has 6 decimals of precision?
It’s weird how it’s off by almost a round multiple of 0.000006:
It makes sense to me to cleanly implement and document financial fraud. If the fraud doesn’t cause the business assets to implode and you have enough funds to cover the eventual fines, you should be good to go. Do it long enough and the government will bail you out if something goes wrong.
“Note to self: if you’re going to write code to do fraud, make it messy and unreadable to reduce the chances it’s later put in front of a jury as evidence.”
But fraudsters need to work with their code too… it’s hard to maintain an obfuscated codebase
Looks like the developer in question had to be agile when it came to doing further frauds, so having a clean, easy-to-understand codebase was important.
I know this comment was mostly intended to just be humorous, but I think that at the heart it is really the truth. This was not a carefully planned scam, but one that grew into fraud gradually. No doubt they hoped that they would be able to remove this little hack at some point in the future, in which case having this code be clearly identifiable would be highly desirable.
I think you are too generous; this wasn’t “oops we’re doing fraud”, it’s a group of people who intended to do fraud learning on the job.
This is surprisingly funny 🤣
This boggles my mind. If criminals don’t take the time to make sure their systems and processes are well put together, their enterprise will fail. The level of self awareness and yet total lack of remorse needed to write well-written code to perpetrate fraud is just nuts to me.
Clearly the Right Solution is doing the checks that turn your code into fraud as an inject-able library. That way your code is tested but so is your fraud, by a smaller group.
The canonical form of this is:
The point is that criminals that take the time are not caught.
I’m always astonished at how stupid most criminals are. But this is a sample bias. You never hear about intelligent criminals.
By all accounts everyone involved in FTX was conventionally intelligent (i.e. tested well on various metrics designed to measure what most people consider “intelligence”.) So if SBF is convicted, at least one “intelligent” criminal will be known.
The programmer in question, Wang, has also been indicted but pleaded guilty and agreed to cooperate. I don’t know much about US criminal law in this case, but even if SBF walks, Wang will be convicted, so there’s one almost guaranteed “intelligent” criminal.
They may score well on IQ tests but they definitely acted dumbly (probably because of overconfidence).
Accounts of the situation also seem to indicate that SBF acted very dumb on multiple occasions. It looks like the situation was too big to handle for him. If he acted smartly, he would definitely still be a billionaire today.
So I still consider him as dumb as being caught was totally preventable if he had been rationale.
(now, it indicates that dumbness/intelligence is not a one-dimensional scale. It also involves managing your emotion, anticipating emotions from others, etc)
Another example is Elon Musk, which seems to have been totally smart in the past but went berserk (could not rationally handle fame and fortune and entered a stupidity spiral loop were he has to do even more stupid thnigs in order to justify that the previous actions were not totally stupid. Donald Trump is probably another case were he entered the presidential race only as a publicity stunt for his TV show and became elected so started to believe in his own persona)
I think “intelligent” is the wrong word. “Sophisticated” is more precise.
Intelligent is the right word. They are intelligent, but not wise.
citation needed
Sam Bankman-Fried’s IQ is reported to be 130. He was deeply embedded the Rationalist/Effective Altruism movement, where IQ is basically a fetish.
I wasn’t aware of that reporting. Is it reliable?
Here’s a review of Lewis’ book Going Infinite about SBF and FTX. It’s written by someone in SBF’s milieu (Rationalism and Effective Altruism):
https://thezvi.substack.com/p/book-review-going-infinite
It cites passages about SBF’s upbringing and earlier career which to my mind at least adheres to the conventional view of an intelligent person:
Now, the review also notes that the book paints SBF as an amoral person with zero consideration for other people’s lives, but that is not incompatible with conventional views of intelligence either.
I don’t consider Lewis’s hagiography to be a reliable source. As for being accepted to MIT and working at Jane St, it seems rather presumptuous to say most people accept that as a measure of intelligence, rather than privilege.
Even better: every code has bugs. Just maybe accidentally don’t add a unit test for an edge case you found in rounding.
I’m waiting for when it comes out at trial that they were doing the Office Space/Superman scam.
But why bother with fractions of pennies, when you can just take customer funds directly?
Financial innovation!
Nah, basic economies of scale.
Some advice from the Hagakure:
“Deliberated upon during ordinary times” is key, here. It means: think deeply about matters of great importance in advance, so your decision making on the spot will be easier.
This is some of the best advice I’ve ever read, and has helped me weather exceptional crises particularly well.
I can’t help but think this may all have turned out differently if the engineers involved had followed a similar practice.
for SURE, and I fully co-sign this advice. I like to say that if you don’t do your moral thinking in advance, the big, high-impact decisions don’t feel like big decisions at all, they feel like one more work item to get through on a Friday afternoon before going home for the weekend.
https://web.archive.org/web/20090430082450/https://rentzsch.com/notes/imNotGoingToHellFor35Cents is a blog post I think about a lot.
…deliberating… fraud??
Yeah.
It’s surprisingly easy for a culture to turn toxic / dangerous / criminal in small increments, such that each individual increment can be rationalised.
https://en.m.wikipedia.org/wiki/Normalization_of_deviance
I’d guess this is the way most good people turn bad. They don’t wake up one morning and decide “time to join the dark side of the force!”. Rather they wake up one morning and realise, to their horror, that it happened without them ever really noticing it.
I love how they have exactly one type annotation in the code. Like they were trying to make the code safe but saw the 65 billion fraud limit and gave up.
I believe mypy can infer that
update_public_insurance_fund()has a return type ofNone, so technically only_get_change()requires an annotation to declare its return type.The original return type was
BigFraudNumberbut luckily they caught it in code review or they might be in trouble today.MAXINT exists for a reason.
I love the contrast between the “invest in the decentralized transparent secure blockchain cryptoassets” and their insurance fund made of a random number, infinite money flag in the database, and the real money tracked in his secret excel spreadsheet.
Next they should check how the Tether fund is going
Not sure we should be concerned about Tether. Could they have also invented the
allow_negativetechnology? It seems like a pretty powerful insight into the fundamental nature of finance, free trade, and - dare I say - mathematics itself.If it was something arbitrary, you’d think that this whole idea of a “financial instrument” was built on a grifter’s slight of hand.
Tether is a fully centralized privately operating money printer, and the dollar backing that is the basis for the coin is entirely “trust us, we have the money”.
It makes sense that it would be derived from 65535. But what explains the 0.000006 deviation from 65356? Could it be related to how
realin Postgres has 6 decimals of precision?It’s weird how it’s off by almost a round multiple of 0.000006:
It makes sense to me to cleanly implement and document financial fraud. If the fraud doesn’t cause the business assets to implode and you have enough funds to cover the eventual fines, you should be good to go. Do it long enough and the government will bail you out if something goes wrong.