We’ll get to FTX eventually, but first, let’s look at Celsius.
Much of this post comes from the Celsius bankruptcy filing here. Celsius was a crypto lending firm founded in 2018. Their primary product was called an Earn account. Customers would deposit crypto asses with Celsius in exchange for rewards. Customers could also borrow against their crypto assets.
Celsius would move assets from bridge wallets tied to a customer to aggregator wallets from which it would invest and make loans. Think of this as similar to cash in a bank. If I deposit $100 it does not sit in an envelope with my name on it waiting for me to withdraw. It is comingled, loaned, etc. There is no way to trace my $100 through the bank, there is just a ledger entry that I’m owed $100 by the bank when I ask for it. (For clarity, each type of cryptocurrency, like Bitcoin or Ethereum, had its own aggregator wallet, like aggregating dollars and Euros in separate accounts.)
Later, US regulators pressured Celsius to change its business model under the theory that the Earn product was a security that should be regulated. As a result, Celsius launched its Custody program for US customers. Custody accounts were not eligible for rewards and would not be transferred, sold, loaned, etc. The custody model was supposed to be closer to a digital safe deposit box.
Because of the regulatory pressure (and their own procrastination), Celsius moved fast to launch Custody accounts and they broke things. A lot of things, Heck everything. Part of this speed run included:
Relying on manual reconciliations of crypto assets without robust controls. If you’ve ever tried to reconcile a bank account where bank deposits were aggregated but the individual checks for that deposit were listed in the accounting system, you understand how ugly this can be. Now multiply that times thousands.
Creating a 3rd product, Withhold accounts, for states where they weren’t licensed for their Custody accounts. The Withhold accounts had no terms of service.
Not creating separate wallets for Withhold accounts and not otherwise separating the funds.
To fund the Custody accounts, Celsius transferred crypto assets from the main or aggregator wallets, but they did not have a process to separate new deposits. Deposits continued to come into the aggregator wallets.
Celsius’s Custody program did not automatically balance the number of coins reflected in Custody accounts to the number of coins held in aggregated Custody wallets. This is essentially making sure the value and currency type in the big custody envelope matches the ledger of all customers. Celsius had to manually reconcile those balances. Celsius performed this reconciliation 53 times during the 83-day period between April 20, 2022 (when it first reconciled the Custody wallet holdings to the Custody accounts) and July 12, 2022 (the day before Celsius filed for bankruptcy). There were no defined rules or policies to guide this process. Finally, Celcius would move money into and out of custody wallets if reconciliations showed a shortfall or overage.
In May 2022, Celsius experienced significant withdrawals leading to a liquidity crisis. They responded by pausing withdrawals. Oddly, because of the speed with which they implemented these products, they had no way to pause deposits, and they kept coming in. As a result, despite a “pause” customer balances still weren’t static. Ultimately Celsius determined that they did not have the capital to fund continued withdrawals or they would take significant losses unwinding positions to fund withdrawals. Remember that Celsius loaned money on cryptocurrencies. Ultimately, Celsius declared bankruptcy.
Essentially, Celsius was a run on the bank. With longer-term loans funded by shorter-term deposits, if enough people decide to withdraw, there isn’t enough to pay them because cash is still tied up in loans. But under the hood, the story of Celsius is a story of missing controls. Missing controls to the point that Celsius was never really sure what they had. Missing controls to the point that they appear to have materially misled customers about how Custody and Withhold accounts were actually managed. A couple of quotes that illustrate this:
Mr. Koprivica summarized management’s message to the product development team as: “[G]o back to blackboard, do the minimum of all minimums, this may be manual for the start, involve less developers, lets discuss deadlines.”
…there was no “common understanding” of the concept of custody between team members with a “finance background”and those without…Celsius did not consider creating a Custody wallet for each Custody customer. In fact, Mr. Noy did not recall that idea ever being suggested.
…there was no “common understanding” of the concept of custody between team members with a “finance background”and those without…Celsius did not consider creating a Custody wallet for each Custody customer. In fact, Mr. Noy did not recall that idea ever being suggested.
– US BANKRUPTCY FILING SOUTHERN DISTRICT OF NEW YORK – CELSIUS NETWORK LLC, 11/19/22
Also, Celsius made the decision to initially overfund Custody wallets by 10% as a buffer against mistakes. As a result:
Because of the manner in which Celsius initially funded the Custody wallets—most notably the intentional overfunding—on April 15, 2022, no Custody wallet held exactly the number of coins that were supposed to be a part of the Custody program.
Custody wallet movement and reconciliation process
For Celsius, the reconciliation of Custody accounts wasn’t a mitigating control but the process itself. The reconciliation determined the amount rather than confirming the amount.
Turning to Withhold accounts, Celsius never separately identified Withhold accounts or funds in management reporting. Withhold funds remained in the main accounts available for any use Celsius saw fit. This is contradictory to communication with customers which encouraged them to withdraw these coins (Celsius no longer had a license for the state where those customers lived) and that the coins would be maintained until withdrawn.
When a company tells customers that they aren’t going to loan, sell, or do anything else with their funds, they have a right to rely on that. The company has a fiduciary responsibility to appropriately manage customer assets. Tone at the top continues to be important and fraud at the top of organizations continues to be the most expensive.
Matt Levine of Bloomberg likes to say that crypto keeps rediscovering all the mistakes of banking and finance at an accelerated rate. I agree. I would add that if the crypto community wants the world to quit treating crypto as play money, they should stop managing it like play money.
What are the lessons here?
Controls matter – Like what we are seeing at FTX, there were few if any controls at Celsius.
Process and infrastructure matter too. Just as the control should match the risk, processes, and infrastructure need to be up to the task. Just as we wouldn’t consider a manual quarterly review of a high-value, high-volume bank account to be adequate, we shouldn’t consider a manual reconciliation against thousands of customers a reasonable, repeatable process.
The tone at the top still matters. As much as this is a process failure, it’s also an ethical failure to properly manage customer funds.
Update 2023.02.10: The final bankruptcy report has been released. It’s available here. Honestly, it’s even worse than what I’ve described. It’s ineptitude up and down the organization. It is, however, a heck of a read.
Update 2023.02.16: While FTX gets the press, Celsius is the current story that keeps giving. The latest is that it may not be possible to determine Celsius’ intercompany balances without an army of forensic accountants because more than 7,000 intercompany transactions were never recorded. People like to hate on accountants, but accountants record stuff. Even when it’s recorded wrong, it gets written down, and that is way easier to fix. “Let’s start a complex business maintaining customer money worldwide and not write much down” is not a business model. When people start calling Celsius a fraud from the beginning its because of things like this.
