Coindesk published a report on July 26th on the Bybit case. Bybit brought a case against Ho Kai Xin, claiming that in breach of her employment contract, she abused her position to transfer over 4.2 million USDT (stablecoin issued by Tether) to addresses owned and controlled by her. Ho also transferred a quantity of fiat currency to her own bank account.
It may be unbelievable to people hearing this news. However, Elven, as a professional financial management system for crypto, observed a huge gap between business success and financial management failure. In our clients' cases, disorganized wallet, account and management problems are very common. As a result, we provided professional financial management platform and consulting services. Therefore, we will analyze and summarize the case itself and the practical solutions to it.
There are three details worthy to be discussed:
Detail 1: Bybit's cryptocurrency payroll information is managed by an Excel spreadsheet in terms of quantity and objects.
Ms. Ho maintained a Microsoft Excel spreadsheet that recorded the cash and cryptocurrency payments due to ByBit employees each month (the latter is referred to as the "cryptocurrency Excel file").
ByBit's employees could, and did, frequently change their assigned addresses by communicating new addresses to Ms. Ho, who would then update the Cryptocurrency Excel file.
According to the experience of Elven's previous clients, most of them used to record the contact information of employees and the corresponding payable amount through Excel sheets before using Elven, which could easily lead to errors even in the absence of evil motives and made the financial staff need to check several times before they could carry out the payroll activities with peace of mind.
Detail2: The management of Excel sheets does not have a reliable audit process
Only Ms. Ho was able to update the cryptocurrency Excel files and only she had access to them, except for the need to submit the cryptocurrency Excel files to her direct supervisor, Casandra Teo, for approval each month.
A problem with the use of Excel spreadsheets is that the history of changes is not recorded, so Ms. Ho is able to edit them without leaving any trace, and there is no mechanism for cross-checking the approval flow, and Ms. Ho's supervisors have no way of knowing the accuracy of the list of releases and the amounts from a separate source of information. The result is that the cost of doing evil is extremely low. This is why some of our clients (CEOs and CFOs) would personally spend time and effort compiling payroll lists rather than handing them over to their finance staff.
Detail 3: Problems are not detected until a long time after they occur
On September 7, 2022, ByBit discovered that eight unusual cryptocurrency payments had occurred between May 31 and August 31, 2022
These unusual transactions were compiled into an Excel spreadsheet (the "Reconciliation Excel File"), and Ms. Ho needs to explain the discrepancies.
As a rule of thumb, anomalies in business activities such as large fund transfers and suspicious transaction targets will be exposed to the management team within a short period of time, but in this case, it took three months for Bybit to realize that a problem existed and the mechanism for discovering the problem continued to be through the checking of excel files. In a worst-case scenario, assuming that the person doing the reconciliations was complicit with Ms. Ho, it would be nearly impossible for Bybit to detect this significant financial loss. There was a similar situation with previous clients working with Elven, who, after importing their transaction records into Elven's financial system, found that certain expenses were recorded in the Excel sheet in a way that differed significantly from the system's records, and almost all of them fed back that there had been a 'miss-recording' in the Excel file or 'Wrong Record', 'Over Record', etc.
It is indeed surprising that Bybit, a leading exchange organization in the industry, had such a huge asset theft, and fortunately most of the assets were eventually recovered. So taking 'payroll' as an example, what can web3 companies do from the financial management process of a traditional business?
Elven, as a professional financial management system for crypto assets, provides a combination of platform and consulting services for the current common problems of wallet chaos, account chaos and management chaos in web3 companies. By integrating data sources such as on-chain wallets, exchanges and CSVs, users can manage transaction records and counterparties, and the platform will monitor suspicious transactions. Once users have finished categorizing and tagging their transaction records, Elven generates six statements (including the traditional balance sheet, income statement, and cash flow statement, as well as the significant position statement, restrictions of crypto assets, and roll forward of crypto assets as required by the US Accounting Standards Board) in accordance with the latest accounting standards. The six statements are updated daily in real-time, enabling clients to stay on top of their financial situation on a daily basis.