Cyber Investing Summit 2018
May 15 2018, New York, USA
Cyber Investing Summit 2018
Video
Cryptocurrency Breach Protection Panel
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
108
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

About the talk

Topic: IT

All-star crypto-security panel reviews the urgency of securing both the individual and network value of digital currency

Share

How created many wealthy people around the world. 00:00 There still are skeptics. 00:02 But one thing that we've noticed as the value of cryptocurrencies keep on increasing is that the demand for safer options for storage of your crypto 00:02 currencies have only become more important with exchanges being hacked. 00:12 While it's maybe not being safe, 00:17 there's plenty of room for people to come up for that next layer to secure your crypto currencies. 00:18

We have some evangelists from around the world joining us for this final panel of the day, 00:24 which we're thrilled to have. 00:29 Whenever there miked up, they can 00:31 feel free to come on 00:33 down. 00:34 And 00:34 as as we notice that more and more people are deciding to keep on, 00:36 keep their crypto currencies in Hoddle. 00:41 As prices have been going up, 00:43 this 00:45 panel will give us some 00:45 on how to 00:48 suggestions 00:48 Sheetal your crypto 00:48 currency positions. 00:49 Microphone or lanyard? 01:41 Oh 01:41 my God. 01:45

The last panel today. 01:45 Hey everybody, how's it going? 01:49 Yeah, yeah. 01:52 Let's 01:52 get that blood going. 01:55 My name is Max 01:55 Keiser. 01:59 I I'm part 01:59 of the winner of the Crypto 02:01 lottery that happened in 2011, 02:03 started buying a dollar. 02:06 So. 02:07 Oh, that's right. 02:10 Now I have to do some work. 02:11 Well. 02:13 I'd like to do that work every now and then. 02:13 You know? 02:16 It's fun to meet all these people. 02:16 And uh, so this is a fantastic panel, 02:19 and I've lost already lost the program. 02:22

Does anyone copy the program? 02:25 Well, as you can tell myself in my gorgeous wife Stacy, 02:27 we have Heisenberg Capital. 02:30 You can find that on Twitter at Heisenberg cap and we have many, 02:30 many, many startup investments in this space. 02:37 And Jose Rodriguez we know from bit. 02:40 So is the largest exchange in Latin America now. 02:43 Uh, we met him when 02:47 they only had 02:48 one Bitcoin and now he 02:49 practically 02:51 owns a Venezuela. 02:52 Next we have 02:54 Elena very Nova. 02:55

She is the founder of trays or 02:56 anyone know Treasury probably have it razor the store your 02:59 Bitcoin and trays or into cold storage 03:03 give you keep it 03:06 on an exchange, 03:08 a you're dumb. 03:09 See, you're broke 03:10 with trays are solves all those problems, 03:12 trays or next we have heart edge. 03:15 Shawnee. 03:18 Who is? 03:18 I met him recently in Toronto with Poschel. 03:18 We're going to learn a lot more about how she was fantastic company and last but not least, 03:23 Jeremy Jeremy. 03:29

Jeremy Welch, who is the CEO of Casa Inc., 03:29 is another cold storage solution that is gaining incredible traction in the family office business now because family offices have this problem with that. 03:35 If somebody croaks, then with the private keys are. 03:47 All right now by being too blunt, 03:52 raise your hand. 03:55 If I'm being too blunt. 03:55 OK, OK, this is good. 03:58 Alright, so this is a discussion on Crypto currency breach protection. 04:00

So I guess 04:05 we can just get right into 04:06 it. 04:08 Is that a good idea? 04:08 Yes, I would like to get into this by showing a photo they supposed to go to the photo of how we do security in Crypto Land and Jeremy Welch 04:10 here of Casa knows this guy, 04:21 Jamison Lapies. 04:23 That's how he does security and it's no joke. 04:23 This is old school. 04:29 This. 04:29 You know maximized. 04:31

So we have heisenberg capital and just as investors like a lot of people in the audience or investors and looking for a where to put their 04:31 money. 04:42 And so we've been in Crypto currency Bitcoin. 04:42 It was only back then 2011 and I had. 04:45

Lots of Bitcoin on exchanges that used to exist and 04:48 disappeared or 04:51 somebody ran off 04:52 with all the Bitcoin you deposit and on the exchange or you lost it on some hard drive somewhere and it didn't really matter. 04:54 'cause you're like up $200 worth 200 Bitcoin. 05:02 Not too much whatever. 05:06 And then of course, 05:06 well. 05:09 Then there was only one exchange left and that was Mount Gokcen that exploded. 05:09 Somaxon. 05:15

I invested a lot in many exchanges like crack and shapeshift bit. 05:15 Max bit. 05:20 So we started to invest in what we personally needed as holders of Bitcoin and buyers and sellers. 05:20 And then and then 2017 happened and suddenly yeah, 05:29 Bitcoin hit 20,000 and you're looking through all your old hard drives. 05:33 Or like God damn it. 05:37

Where did I put all those Bitcoin and what happened to all that stuff and all their friends started walking around with guys that look like this, 05:39 and we're like, well, maybe we need to think about security. 05:48 And how do we secure all this stuff we have. 05:51 So this is the introduction to this panel because Max and I are investors and as well as TV presenters. 05:54 But we're interested in learning from these guys as well, 06:01 right? 06:04

So you mentioned Jeremy Law, 06:04 who is an adviser for Jamison Lock? 06:06 I'm thinking I got Jamie Diamond on the minds. 06:08 It's been consensus all week and hasn't gone to sleep yet. 06:11 So. 06:14 The fact that he's going to mess 06:14 up everybody's name. 06:17 So Jeremy well, 06:17 she's founder, CEO of Castle and Jamison Love is an advisor on on cost and in fact, 06:20 we also are investors in constant. 06:26 Yeah, so let's start off with Jeremy, 06:28 so I guess they have the four panel. 06:31

It's kind of introduced there where they are their product, 06:33 so we begin with Jeremy so. 06:38 Sure. 06:40 So 06:40 Casa is the best personal key system on the planet and we were talking about managing personal cryptographic keys. 06:40 We are focused entirely on the high net worth individual and family office market today. 06:47

Although we are developing products for a much broader group, 06:53 we actually make use of the treasure products and other hardware wallets and we built a multisignature system to allow you to have multiple people sign off on transactions. 06:57 Keep track of all of those, 07:07 but you can hold the money. 07:09 A person you don't have to hold it on an exchange. 07:10

It is a cold wallet, 07:14 but it is customized in a way where you can have these multiple sign offs from different people in your office. 07:15 Different family members, etc. 07:22 Quickly. 07:22 I'll move along but just a business model is 07:25 subscription 07:28 correct it is. 07:29 It is so it's $10,000 a year and it is a subscription 07:29 model and the market is 07:33 half a million or not. 07:35 Is your target 07:36 market? 07:37 Let's now speak with artash over at the whole show 07:37 so just. 07:41

Introduce 07:41 when she was all about. 07:42 Yeah, so hi. 07:44 My name is Hartej Sawhney. 07:44 I'm a cofounder Hosho.IO. 07:44 Hosho the word itself means security in Japanese. 07:44 I found that by going to Google translate and typing in the word guarantee and if you type in English to Japanese the word hosho shows up and then 07:52 it says to receive a sense of security and then I called about 15 Japanese friends instead PO Show and they were like. 08:02

Why are you saying things to me please? 08:09 What does this mean? 08:12 And eventually I came to conclusion. 08:12 This word mean security and. 08:16 Our vision was that someone is to focus on Blockchain Security and so all my cofounder background is in both in Tekken cyber security and Hosho shows the global 08:19 leader in blockchain security. 08:28 We started with technical audits of smart contracts. 08:28

We saw that more and more people are going to be writing smart contracts on an array of Blockchains. 08:33 We're agnostic to any Blockchain, 08:39 Private or public and someone needs to do a technical audit, 08:40 a line by line code review of this smart contract to make sure it does what the white paper or the source of truth says it's supposed to do. 08:44

And to make sure that there's no security vulnerabilities, 08:52 we publish a report and placed a cryptographic sign of approval on the actual code. 08:55 And if that code is changed, 09:01 we ask for a re audit. 09:02 And so we published his audit reports and share them with investors and exchanges. 09:04 Exchanges are the ones who actually read line by line or auto reports. 09:09

The most investors want to scroll to the bottom 09:13 and say is it done 09:16 just like a Good Housekeeping 09:17 seal of approval? 09:19 Rating agencies like Moody's or SMP or somebody comes along that we 09:19 want to beat movies to the punch on 09:24 this one. 09:26 Right? 09:26 So that would be one of your kind of competition. 09:26 Somebody? 09:30 We're defining what it means to be the Deloye Dorben of this space. 09:31

We've added penetration testing were doing penetration testing of exchanges, 09:35 wallets, websites, building, institutional grade and Multisig Wallet for Bitcoin Ethereum. 09:40 We built a Telegram bot to find phishing scams, 09:46 hosting bug bounties, anything cyber security and Blockchain. 09:49 We're 09:53 trying to dominate this space. 09:53 OK, let's go to Elena Renova so tell us a little bit about. 09:55 Trays or 09:59 answer to she labs. 10:00

So first of all, I'm I'm a business developer, 10:03 an advisor been working in the financial in Fintech area for over 15 years now. 10:07 In 2010, I got into Bitcoin and then cofounded social apps, 10:13 which is a company dedicated to innovations in this space. 10:18 So social apps is behind, 10:23 maybe 3 or 2 or 3 pivotal changes in the space. 10:25 The first was the first Bitcoin Mining Pool. 10:29 It was launched by my business partner in 2010. 10:33

Then we launched coin map don't work. 10:37 That was the first map where you could find merchants that accepted Bitcoin. 10:40 And then 2013, we actually started a project to create a hardware wallet that was not present as a way to allow people without any computer skills to manage their 10:46 bitcoins in a safe and easy user friendly 10:59 way, right? 11:02 So 11:02 in some degree, kind of in the same space as Jeremy. 11:03

In terms of 11:07 hardware wallets, 11:08 a little bit 11:10 someone, they complement 11:11 each other. 11:13 They will get into using hardware bullets as the key provider. 11:14 So basically work right? 11:19 So Castle is the interface that does prepared all these multi signature transactions and the processes. 11:19 While the user has his treasure and he signs the actual approval of the transaction. 11:29 Movie stars 11:35 a woman. 11:36 OK, so last but not least 11:36 we. 11:39

I have Jose Rodriguez over a pit so so it's the biggest exchange in line America now. 11:39 What's the update 11:45 right now we have over half a million customers, 11:46 mostly Mexican and we have. 11:50 We started as a Bitcoin exchange versus Mexican pestles. 11:52 Right now we have 9 order books. 11:55 We have Bitcoin, Ethereum, ripple, 11:58 Bitcoin, cash and Litecoin and we are adding gear C20, 12:00 tokens, Maná Golem through USD and that's. 12:04

And we've been we opened in 2014, 12:07 we've been working for over 4 years and what we're developing right now is different products that customers have asked for. 12:09 We just launch our debit card, 12:16 so you'll be able to spend any cryptocurrency or Mexican pestle anywhere in the world. 12:18 Because that is something that right now you have to wait for someone to accept your bitcoins or Etherium Repple or any crypto currencies for them to accept payments. 12:23

With this, you can pay anywhere where you have visa or MasterCard in the world, 12:33 so you'll be able to. 12:37 OK, we are opening an institutional sales part in which will be doing OTC training more oriented to more traditional investors. 12:39 And well we use technology similar to what has been discussed here to keep safe all the funds because people some people call us or some people see us as 12:48 their banks. 12:58

So there are people that do not take their money out of it. 12:58 So anytime so they have their pesos there they have their crypto currencies there and the CSS S are actually better. 13:03 Although we're 13:11 not it back 13:12 alright. 13:13 So to get back to my point earlier about exchanges, 13:13 exchanges going back to the Mount Mount catastrophe E of 2014 and there's been many subsequent and problem before and after. 13:18 So what is you? 13:27

It's often said that the exchanges are the weakest link in the whole cryptospace you guys are doing an excellent job. 13:27 An have many problems, but how do you? 13:37 What's 13:39 your approach to security? 13:40 Yeah 13:40 so up till now the our risk area has started doing some research and have found that over 70% 13:42 of exchanges all around the world have been packed at least once. 13:49 Fortunately up till now we haven't been hacked, 13:53 but every day we were at Target every day. 13:56

There are fishing there is social engineering. 13:59 There's people trying to penetrate the even our or communication channels, 14:03 anything that they want for them to get access to the funds. 14:08 So as we have all this custody of the funds, 14:12 we have to have various different procedures and technologies that like the ones that I think to hear cold storage. 14:15 We have an intermediate storage. 14:23

There also has been just passed Fintech Moines, 14:25 Mexico, which is I think the first thing in law in the world. 14:28 So besides our security and internal security and audit San or record some processes that we. 14:32 We started working as a ultra regulated financial institution. 14:39 Although we weren't one because we were looking at law was something that was going to happen. 14:43 Besides all, the Crypto security. 14:49

Also in the theater and pestle security, 14:51 we're going to be having process of security sensor creation of fun, 14:53 similar to stock growth group 14:57 for example. 14:59 OK, so just 14:59 a follow-up to that you mentioned regulation 15:01 and regulate tours. 15:03 Do you see at 15:05 this stage of the game? 15:05 Do you see regulators as coming in as a positive? 15:07 In other words, they are bringing some. 15:10 Some some ways for you to exist in an otherwise pretty wild 15:12 world. 15:16

Or is the attitude 15:16 still of that kind 15:17 of Cypherpunk? 15:18 All regulators are not welcome type of thought that most most of the lawsuit 15:18 protect the custom 15:24 because customer had problems and they didn't know where to go or we have financial institution or a regular company over custody company so they didn't know where to go. 15:25 So there's going to be. 15:35 There's a lot in the law about protecting the actual customer. 15:36

There are also some things that they want to audit us. 15:40 Yes, if we were in Spanish institutions. 15:43 So now we are going to report for example to the Mexican Mexican IRS to the Mexican SEC. 15:46 So they're going to look at their processes are going to go inside the company would like if we're opening stock quote for example. 15:51 So part of it is the law is. 15:59

To start a little friendly so for us also to know how we're gonna, 16:01 we're going to communicate and how we're going to do business. 16:05 For example, with already regulated entities. 16:09 So entity. 16:12 So something very funny that happen is after they pass a law. 16:12 We had problems opening bank account before hand after the law passes. 16:16 Magically we had like 20 looking for business because it's a big business. 16:20

We are managing all this people's money and all the companies would like for like they're 16:24 regulated. 16:29 We've got similar regulation so you guys can do business. 16:29 So on the regulation front Jeremy, 16:33 what are you regulatory challenges in terms of security and regulation and how those 2 intersect to keep it on the security theme? 16:36

Sure, 16:45 so we are unique 16:45 compared to some other companies in this space because we do put the onus of managing most of the keys back on the user. 16:46 That is the way that Bitcoin was originally designed was for you to manage your keys directly and we rely on bitcoins security. 16:55 And using Multi Sig which is built into Bitcoin, 17:04 it's just really hard to use yourself manually. 17:07 So the way we think about regulation is we're not a custodian. 17:09

It's a non custodial solution. 17:13 You're holding the funds yourself. 17:15 A lot of the existing custody laws don't apply to us. 17:17 We're effectively software provider to the end user, 17:20 but we do provide a single key that is an account recovery key that if you have that you can use in combination. 17:24 Are systems of 3 of 5, 17:31 which means you need 3 signatures out of a total 5 keys. 17:32 So we're providing support to the end user but not full control full custody. 17:35

The end user is actually the one that's custody in the asset and so we are in a unique position around the regulatory side. 17:40 But the reason why we're doing that is specifically because it's actually the most secure. 17:47 If you attack and exchange directly, 17:54 I would not want to be in the situation of bitmex of any other exchange in the space. 17:55 It's very hard to manage security around the centralized exchange. 18:00 You do a phenomenal job. 18:04

It takes one attack and you've got a lot of the private keys there. 18:05 So by spreading and holding your at least your long term funds. 18:09 If you want to do active trading, 18:12 it's great to be an exchange, 18:14 but for your long term funds you want to hold them off line. 18:15 You want to hold them in your full control. 18:19

Actually I want to go to that in a bit about Bitfinex because in you know the normal space of banking industry, 18:21 they have a Deposit Insurance and basically the US. 18:29 The 18:32 entire police force an FBI to go after culprits for them. 18:33 Bitfinex did come up 18:37 with an interesting solution when they were hacked but will get into that in bed. 18:38 I want to talk to her attention Elena 1st and I'm going to go back to the OG original sort of Bitcoin before. 18:43

Any sort of security before cold wallets? 18:51 Really? 18:54 I mean you could do a cold wallet if you had. 18:54 You know if you were technically proficient but tell us the story about how you were had slush pool, 18:58 you have the mining mining. 19:05 What happened to the hack that led you to develop by that time? 19:07 It was wrong by 19:11 Slush. 19:12 Uh, the problem there was he was social seizing such who was using a server house in France. 19:12

Uh, where the employees of the server house figured out that there's actually a bit coin mining pool running on their servers. 19:22 Wow, and that's what happened at that time I think it was a couple of 1000 bitcoins that were gone and slash. 19:31 Luckily at the time was able to cover it from his own pocket. 19:39 But that's something that you may not see or expect from the service that you're using. 19:44

So I'm quite only other spectrum of the opinion to when it comes to regulation. 19:51 If I if I may come shortly back to the topic. 19:56 As I worked for insurance companies and banks previously to Bitcoin, 20:00 I've gone through a lot of extremely regulated topics and implemented a lot of new regulation and and you know Directives too protective customer. 20:06

The result of all these all these endeavour to protect the customer was that the entire market hold it for one year or 2 years because they've been implementing all 20:17 these new regulations. 20:30 An in the end, 20:30 the customer was there to sign like instead of 8 papers, 20:33 30 papers and get SWAT, 20:38 they didn't really so. 20:39 The entire regulation is just to like clean your hands and say we've done our best to protect the customer. 20:39

The insurance that any company would have is always limited to a certain amount, 20:49 so it doesn't cover your Crypto. 20:56 and I want to see the insurance companies that are able to. 20:58 Just, you know calculate the risk. 21:03 For Crypto, this up and down with the value so you can ensure you know 500 million worth of Bitcoin that tomorrow. 21:06 Maybe a billing. 21:15 So Bitcoin was designed as private money. 21:15 And if you follow the original design, 21:21 you're safe. 21:24

So custom doesn't great. 21:24 Casa just distributes the risk towards the end user and the risk is tackled on the on the side of the end user by hardware wallet. 21:27 And that's that's the way I in my opinion, 21:37 most of the company should follow in this space to be saved themselves. 21:40 I like it back to like a Clint Eastwood from clinics was entire career is based on. 21:45 Economic individual economic sovereignty. 21:52

When you have your goals and you had to carry and he had to protect it and you had, 21:52 it was just you out there on the West. 21:57 And you just had to. 21:59 Basically look like Jamison lock the gun walking around. 22:00 So that's what it is. 22:04 Hard work, especially once it substantial amounts of money. 22:05 It's it's kind of stressful to think like I just want to put 22:09 the something for their clinician with there was Humphrey Bogart and the treasure of Sierra Madre. 22:13

Share about 22:19 Remember, in 22:20 the 22:21 cold. 22:21 end, it all 22:21 blows away Castle or they would 22:22 have kept their moral 22:24 that as long as 22:25 I kept the seed, 22:26 that's another level of the security, 22:27 but now I want to move to hard tests on it because This is another, 22:30 you know, cut 267 years later and bitcoins well over $1000 and it's become a big multi billion dollar industry. 22:34 And then we saw the eruption of all these smart contracts. 22:41

Ethereum is the second biggest coin in the world and everybody knows about that. 22:45 You might not have heard of the Dow when this was the smart contract. 22:50 The first distributed autonomous organization, 22:55 and it was supposed to be the code is law. 22:58 It doesn't matter what else. 23:00 There are no regulators here, 23:02 there's nobody who crying too. 23:04 The code is law. 23:06 And then, 23:06 well, somebody figured out how to make that code. 23:08

Give them all the money drain that all the ether and. 23:12 The solution was a hard fork after that, 23:16 but tell us about how how it's evolved since the Dow the whole smart contract space. 23:18 So 23:24 basically we saw an insane number of companies start to write smart contracts for the take advantage of the fund raising mechanism. 23:24

That is an ICO and so everyone started rushing to figure out that if we can avoid Silicon Valley and going up and down sand Hill Rd, 23:32 there's this thing called an ICO. 23:40 You have to take advantage of a decentralized application. 23:43 Invent a reason to have a token. 23:46

There's this blockchain called ethereum blockchain called Ethereum has a new language called solidity and so now you're trying to hire engineers that can code in this new language called 23:48 solidity engineers. 23:59 Unless side note here engineers who know how to code really well on solidity are too rich to get out 23:59 of bed. 24:06 That's a big problem. 24:06

That's another part of the 24:08 security is now if you find cyber security experts have a QA mindset, 24:10 they don't know solidity at all and the learning curve is kind of high. 24:14 And we rush in the ICO space at the rush of smart contracts that we were then auditing were written by basically X web developers, 24:18 even for very sophisticated projects. 24:26 Who raised millions and millions and millions of dollars? 24:29

And many of these projects go onto then be listed on exchanges. 24:32 And many of these exchanges at that time, 24:37 at least prematurely were not checking to see if they've been audited, 24:39 at least in Asia. 24:44 This is still happening a lot more than I think it should be. 24:44 Exchanges Blaineley just not checking for an auditing report or now I know today we had a meeting with an exchange. 24:49 Hello be who said, You know we're auditing the contracts ourselves. 24:55

We would love to give you some of the work we're drowning and we like shut down that Department. 24:59 This is all we do. 25:05 We have a team of Def Con Def Con's the best white hackers conference and black hackers hackers conference in the world and it happens in Vegas and were based 25:06 in Vegas with about 40 employees and we just keep recruiting and pulling them in from def con. 25:14

All these badge winners, 25:20 but you bring up a really important point is that there are thousands of coins and projects. 25:21 The tokens now and there's like a handful of Engineers. 25:27 An none of these projects are secure. 25:31 The reason why Bitcoin is so secure is because of all the Smart Devs and engineers that work on it and keep it secure in the minors. 25:33 And So what do you feel about that is there? 25:42 Is there enough security? 25:45

Are there enough engineers to keep these tokens secure. 25:45 There's a need for academies to be built there that's literally every major company that I talked to this week is consensus week. 25:50 So I'm in an abundance of communicating with my fellow colleagues who have all the same problems. 25:58 Everyone saying we can't hire fast enough and every single engineering team is essentially building in-house academies for us. 26:04

How does 26:11 an investor even like who are these people investing? 26:12 Is there any sort of rating systems even know who the tech team is on the project. 26:15 I mean from our perspective, 26:20 we are building an API where you can look up the name of an ICO and transparently get a link to the audio report building. 26:22

The API is not the hard part is getting other auditing firms that give us the data and right now before we didn't get to that we're trying to define 26:28 between a couple of cyber security firms. 26:36 What is a smart contract audit? 26:38 Because what we consider not is not other people consider an audit and you have someone in someone's basement saying why contributed to Ethereums Blockchain and I want to audit 26:40 the code and What is an audit? 26:50

And so there's some clarity needed and so to piggyback on Watt. 26:51 Elena was saying in my personal opinion regulation, 26:55 at least where I look at it is I think rules are better than no rules. 26:59 So Russia is a great example. 27:03 Russia is not made any clarity on what is it law and what is not law. 27:05 There's not one Russian ICO that has happened by Russians that they're still in Moscow or Saint Petersburg. 27:09

They all took a one way flight soon as that money hated trees are they haven't been bad, 27:16 I go to conferences there, 27:22 they're inviting me to the work. 27:23 Called Blockchain Summit and it's like where are the Russian ico's like the list of people that I know and they're like 27:25 he left along time ago. 27:33 Very good accident and I think is 27:34 that if Russia were to make it clear on, 27:36 maybe they were to say we have these Russian exchanges. 27:39

If you want to list on these exchanges, 27:43 the smart contracts must be audited, 27:45 and here's the firms that we think are legit cyber security firms. 27:47 This is what Malta and Gibraltar were talking those governments there probably. 27:51 Will be the 1st that we speak to about this type of a regulation like this is a type of regulations that I'm OK with. 27:56 Yes now did 28:03 you have something else to do? 28:04

It's it's 28:05 confusing and it's problematic that were coming from a world of web developers to wear. 28:06 Facebook had this mantra of move fast and break stuff that was the mantra of their engineering team is move as fast as you can hack as fast as you 28:11 can, will just fix it as we go along when you're dealing with people's life savings and their trading money, 28:19 you can't do that 28:25 and Smart contracts hack. 28:26 It's not data is actual money. 28:26 Money gets stolen. 28:29

And when you're talking to publicly traded companies now that's the biggest tie that's turned in this history of smart contracts. 28:29 Long story short is now we're seeing it shift. 28:38

We're seeing sophisticated, publicly traded companies say we want to write functional, 28:40 smart contracts that cut out white collar middle men and about 10 million dollars will flow through this smart contract every 24 hours and the stakes are really different or 28:45 pricing models are really different and one security vulnerability. 28:54 Money gets stolen, not just data. 28:58

When Home Depot's point of sale system got hacked into, 29:00 I don't think anyone gave his ship now. 29:04 Now when is one smart contract gets hacked? 29:07 You're going to have 29:10 everyone saying we lost money. 29:11 Yeah, I know and then extends over to the Internet of things. 29:13 Just last week I caught my refrigerator stealing for my coffee maker really bad unplugging both. 29:17 Now there are 29:24 2 other topics relating to security. 29:25 I'd like to talk. 29:27 About. 29:27

Is you know after you died securing your assets for those who will inherit the assets? 29:29 A good friend of ours, 29:34 Matthew Melon, just recently passed away. 29:36 He was. 29:38 He was from a very wealthy banking family, 29:38 but he also became his own a billionaire in his own right from investing in ripple. 29:41 He died in Cancun and you know there were many stories about his family trying to find out where he put his ripple and they knew we had a billion 29:47 dollars worth. 29:56

And where is it and trying to. 29:56 Find it. 29:59 Casa has some sort of solution for that in particular, 29:59 correct? 30:02 Sure? 30:02 Sure. 30:02 So one of the problems 30:04 in this space is if you are managing your keys, 30:05 you're doing it frequently on a device like a treasure, 30:08 and these devices have been built to hold one key you generate. 30:11

One key you can generate several public keys off of that and then you can generate a series of addresses beyond that, 30:15 but it's down to a single device. 30:21 The devices are built to be small and have a single single private key for strong security reasons right. 30:23 But the doing something like Multisig is not built into the system. 30:30 And if you want to do if you want to do end of life. 30:34

If you want to transfer funds, 30:37 you have to share the passcode you have to share the information on that device with someone you know. 30:39 Say it could be a lawyer. 30:45 It could be a family member and then that that in turn presents its own security vulnerabilities. 30:47 Because now that person whoever you share the information with around your single key could be attacked themselves. 30:53 There's also incentive if it's a lot of the hacks that have happened. 31:00

Have intern. 31:04 We found out become there. 31:04 They've been inside jobs, so there are these pressures to where do you want to put it? 31:07 Do you want to put the pressure on your lawyer? 31:13 If he knows that you have a billion dollars in ripple and he's the only other person in the world that knows the passcode to that and then he happened 31:16 to tell another family 31:26 member and someone else finds 31:28 out it's. 31:30

Complicated is the Wild West, 31:30 so the way we approach this is using multi sig. 31:32 We are one key Holder of the 5 keys. 31:35 An we will have a validation process where we check. 31:37 You can come in and bring a spouse or lawyer or whoever it is and in end of life process process is very similar to how it bank hands over 31:41 the contents of a safety deposit box. 31:49 We will proceed the same way, 31:51 except we're handing over a private key. 31:53

You would then store another key and a safety deposit box. 31:56 You potentially store one at home. 31:59 And it's safer to share the information around one of your private keys. 32:02 Since you have multiple. 32:06 And if the person say your lawyer tried to leave with a single key of the total 5, 32:06 they wouldn't be able to 32:14 take anything. 32:15 What happens when, 32:15 for example, your company 32:18 seizes dixies? 32:19

Well in that case, because there are 4 total keys that the users hold, 32:20 they can still get app full access to their funds. 32:25 But it is true that the end of life process. 32:29 And the way we've currently designed it does require that the company stays in business. 32:32 So that is one of the reasons why we built the business model around a yearly subscription fee. 32:36 And we're driving a real business 32:41 around them. 32:43

So just quickly if I may 32:43 recommend just just hijacked 32:47 the whole 32:51 panel, go ahead. 32:52 There's 32:52 a new book of 32:55 Pella. 32:56 Yep crypto inheritance 32:56 specifically about this topic, she's a lawyer. 32:58 She's been in the Bitcoin and Crypto Space getting very early on and she's done a lot of publishing and she consults companies, 33:01 funds and so on exactly the processes how to secure their crypto wealth for these occasions. 33:10

So it's a It's a quite a tiny book I strongly recommend. 33:16 OK, yeah, I probably 33:21 do some questions. 33:22 I think that's just quickly on the Asko thank you mentioned cold while it's there at the exchange. 33:22 What's the protocol? 33:30 So if you 33:30 can even say 33:33 because you might be divulging secure cancer, 33:34 it's like 33:37 a Bolt in 33:38 a bank. 33:39 You don't want most of your money. 33:39

In the cashier's hand, you want what you will need for a day or 2 days in cashier's hands or probably and your branches. 33:42 So what we do 33:52 is most of the funds have a process to delay 33:53 the transfer of funds and to keep him safe and to keep them offline. 33:57 So we have like 3 intermediate. 34:03 Volts there. 34:05 So we have what is called normally their hot wallet. 34:05 You normally get thrown in 24 hours while you only users. 34:09

Then we have another intermediate one in which we could access and 24 less than 24 hours funds and transferred from one to another and we have the cold wallet 34:13 in which you security similar to the one described in which various participants have to accept the transaction and it's delayed. 34:22 So you 34:30 know on any given day, 34:30 a maximum exposure. 34:32 Sorry maximum exposure on any given day. 34:32 You know? 34:35 Yeah, we did you get insurance 34:35 on that? 34:38

We are working with insurance companies. 34:38 We haven't had been able to filing the nutrients coming properly. 34:41 Yeah, that's something 34:46 that we want. 34:47 It's probably not coming but lately, 34:48 but obvious about the regulators out there. 34:50 I take it I I am and I worked 34:53 for insurance companies for 10 years, 34:55 so your concept of individual sovereignty strongly advocating for that. 34:58 That's exactly what Bitcoin is designed for. 35:02 An. 35:05

Finally, something where we don't actually need to be baby seat by banks by other companies and we don't need to trust them and then be disappointed all over 35:05 all over again. 35:16 It's great to use services. 35:16 Such as exchanges. 35:19 But I would say just use the exchange to make the transaction take off your money and keep it safe. 35:19 However, the exchanges still 35:26 get hacked. 35:28 They have. 35:28 They do end up having to transfer money. 35:28 We've seen that in the last year. 35:32

The 500 million dollars in Nam stolen from one Japanese exchange and they happen to have like 500 million dollars in cash on hand to pay off everybody and then 35:34 bitfinex. 35:43

I wanted to talk about that in terms of rather than having insurance they came up with and quite innovative solution when they maybe you remember Jose, 35:43 how much they actually had 35:52 schools. 70 million 35:54 dollars that they stole from B Phoenix and they created a token to repay customers with future with future incomes. 35:55 An in less than a year, 36:02 they recreate to all of their users and handsome. 36:04

I 36:07 mean this bitfinex like all these exchanges, 36:07 by the way, are pulling in so much money. 36:10 Bitfinex pays dividends all the time like they're just wreaking it in, 36:12 so they every time 36:17 their code changes. 36:18 There's room for vulnerability and their code changes at each exchange on a daily basis and so someone. 36:18

Has to have a white hat approach, 36:25 which is what we do now and we said let's get a group of a dozen engineers to try to hack the exchange like a traditional hacker would, 36:27 at least quarterly. 36:34 If not, 36:34 let's find a way to monitor the code daily. 36:36 So now we've had this is an alarm to 36:38 wake up. 36:40 You just slept through that. 36:40 I literally must 36:44 have set that on some plane 36:45 like wake up. 36:48 Anyways, what 36:49 we're talking about? 36:50 White hacking 36:50 the exchanges. 36:52

Yeah, we've been building a software platform 36:52 and Alan monitor 36:56 their code in the daily basis. 36:57 'cause groups of exchange are saying well, 36:58 could you actually monitor code on a daily basis? 37:01 Is that even possible? 37:04 So we're inching towards that, 37:04 but I mean, we're also finding exchanges or putting Fluff Volume in terms of fake volume that they're putting on. 37:07

How much is being traded and they have all kinds of security holes that exchanges that need to be. 37:14 As an every time we interact with an exchange, 37:20 but realize that there's 37:23 so lucky they haven't been hacked. 37:25 It the root problem 37:28 here though, 37:29 when the problem 37:30 here is, he's 37:32 not just the servers of those exchanges being hit, 37:33 but it's more of a systemic level. 37:36

So the entire Internet is just a huge black hole where things disappear in are being re routed in just like couple days ago, 37:39 Kevin Mitnick has demonstrated how to break a second factor authentication. 37:48 So there's a lot of people thinking that they're so safe that they're using the username password and one time passport. 37:54 You know this little like Google Auth or something and it's possible to bypass that to get to 38:02 hijack this session. 38:08

An login and 38:08 just withdraw because there's always some human somewhere that is socially 38:10 engineered, whether it's on porting phones we've had. 38:15 We had a friend. 38:19 Actually this is not public, 38:19 but who the person is. 38:22 But they had like over 10 million dollars stolen from a Bitcoin. 38:24 Some crypto that had over 10 million dollars stolen about 2 three weeks ago and it was social engineering. 38:28

Their Phone had been ported even though they had told the Phone company to lock it down. 38:35 We had were investors and bit pay and they they were socially engineered. 38:40 They got three of the four partners to sign off on sending $2,000,000 worth of Bitcoin to somebody who was a high valued client and it wasn't the client an. 38:45 So is your security 38:54 in cyber security are reminded that humans are always your weakest link. 38:56

Usually we had a recent case of the spear phishing attack where a woman at this company is has a dog that she puts into competitions and the entire company 39:01 has social media profiles that were watched by the hacker and figured out that via Twitter this one employee is obsessed with dog competitions, 39:12 dog walking, dancing competitions or something. 39:22 And count 39:25 dance. 39:26

I don't know something with dogs and competitions 39:26 and so essentially the hacker made a fake website for this dog dancing competition near her 39:30 house. 39:37 The employee 39:37 was emailed 39:39 to PDF. 39:40 The employees signed up instantly, 39:40 super pumped and from that point forward the hacker can see each keystroke and the entire screen on computer within 24 hours. 39:43 A hacker breached in and still about $16,000,000 in Bitcoin. 39:52

And it's like humans are your weakness and that's what needs to be real evidence 39:56 to that. 40:01 There is definitely some organized crime that's infiltrated some of the telco companies. 40:01 It's not. 40:06 So yeah, there are transport, 40:07 your Phone number 40:08 to another. 40:09 just 40:11 That's 40:11 by making a Phone 40:11 right, 40:12 call. 40:12 So I 40:12 got with another cyber security 40:12 firm. 40:14 We've 40:14 narrowed down that there's definitely 'cause some logs are being wiped. 40:15

Some people are having their numbers ported 40:19 they 40:22 and 40:22 go 40:22 then 40:22 back and 40:22 when 40:23 do 40:23 a check internally they're seeing that some logs are wiped or there's some other things happening. 40:23 It's the only way that it could be happening is if it's an inside job. 40:28 But I want to point out that the root problem here is that one of the benefits of Bitcoin in of these other currencies is the transactions are irreversible. 40:32

You cannot reverse the transaction once it's happened. 40:42 That's different than our current Fiat system. 40:45 You cannot ensure Bitcoin or it's arguable whether you can ensure Bitcoin. 40:48 Once a transaction happens because there's no way to reverse it. 40:53 You have to find the person that has that address. 40:56 To recover those specific funds or you have to pay it out of your own pocket. 40:59 It's 41:04 all you humans 41:05 fault. 41:06 It's 41:06 completely 41:08 traceable. 41:09

For example, there have been people there are dumb enough to use visual to try to commit crimes. 41:09 So we have their IDs. 41:17 We have their IPS where they have all their information we have. 41:19 From what type of device they use. 41:23 We have all this information and there was this public case about someone that decided to kidnap a person and to ask for ransom in Bitcoin. 41:26 So this guy was actually one 41:36 of our customers. 41:38

And he 41:40 sent a test to 41:41 the ransom wallet from his 41:43 bitter. 41:46 So we had 41:46 all his information, 41:49 so in less than a week all him and all his 41:50 team were in gym 41:53 and now he's 41:54 working for JP Morgan. 41:55 America 41:55 is a great country like that? 41:57 Well, 41:59 I mean, do we 41:59 do a couple? 42:00 Of course 42:00 the organizer of this couple 42:02 of questions. 42:04 If you have 42:04 any questions or third Chardonnay backpacks. 42:08 Oh 42:15 OK, yes. 42:16 Sharding smart 42:32 contracts. 42:33 He wants to handle that. 42:33

Yes, it's futuristic. 42:36 It's put in the same category right now 42:36 is almost automated. 42:40 Smart contract auditing. 42:40 We're just not there yet right now where we are. 42:43 Is building automated tooling to find vulnerabilities and The thing is blockchains are relatively secure. 42:46 The business logic written develop on it is usually not it's the flaws we usually find are usually not even security flaws, 42:53 their logic flaws. 43:02

More recently, 43:02 someone's white white paper said they're going to allocate a billion tokens and the actual smart contract only allocated 400 million. 43:04 We forgot about 600 million tokens and so for now we just need to find ways to build automated tooling. 43:12 So when we find a vulnerability finding the same vulnerabilities faster and faster and faster and a couple of years, 43:18 it'll be pretty close to being automated. 43:25

It's debatable about the sharding topic. 43:27 I would go as far to say to that from our perspective and storing money long term. 43:30 That is, we're looking at Athyrium and we're looking at other smart contract based systems and implementing those. 43:35 We're actually avoiding smart contracts altogether. 43:42 We are looking at doing pushing for implementation of Multisig Direct Indiana theory in which is not implemented in Ethereum today. 43:45

But there's a case where you could have the logic perfect in a smart contract, 43:54 but you could have some other bug in the virtual machine and the ethereum virtual machine that could cause this logically perfect code. 43:59 Perfectly buttoned up to still have some flawed where you could extract some funds. 44:09 This is true 44:14 and we've seen this happen. 44:15 So it is that's 44:17 not being discussed enough today. 44:18

Smart contracts are amazing and there's a lot of interesting tech that's going to be built with them. 44:20 But people need to pay more attention one to just auditing them generally and then two thinking about which functions they want to have on smart contract in which functions 44:26 they want to have totally off that need to be much more secure. 44:35 Question. 44:40 No questions asked. 44:40 No, 44:40 don't ask. 44:45 I think 44:45 she's going to ask about the dog dancing. 44:46

She seemed very interested. 44:49 Registration 44:51 is closed. 44:52 I am. 44:54 On the West Coast. 44:54 Basically, do you have any advice? 45:03 I don't 45:16 call him. 45:17 I live 45:17 in Nevada. 45:18 I've thought about this. 45:18 Tokenized casinos is really exciting, 45:20 but will the federal government let this happen? 45:22 And not really sure we haven't even. 45:25 Yes, 45:29 we know that we're 45:29 closer. 45:31 The Moapa and we know many. 45:31

We've been talking to the Mafia reservation about the future of doing a tokenized casino and tokenizing casinos. 45:33 Pretty exciting. 45:41 That's cool. 45:41 By the way it is happening already and everything 45:41 already. 45:46 One of the first things I would advise them is just start easy and lightweight and for example allow payouts in Crypto. 45:46 Right? 45:55 So it's easier for the people. 45:55 Not so like if you 45:58 want to know right 45:59 now what's happening? 46:00 Just here's my wallet. 46:01

Thank you and leave to leave. 46:01 The casino waits a couple of millions if you just want in your property. 46:04 That would be a way to start. 46:09 And uh maybe then talk nice to the casinos itself and allowed to bed in Cryptol 46:11 today. 46:16 All we have is the D Hotel in downtown Las Vegas has a Bitcoin ATM and now we have a lot more casinos that have Bitcoin ATMs and their 46:16 gift shops let you pay in Bitcoin. 46:26 That's as far as we've gotten in Las Vegas. 46:28

Nothing further than that. 46:31 I think if that intersection ever happens, 46:31 not sure, it'll it'll happen in the United States and non Indian territories for a long long. 46:37 Will Supreme Court just 46:42 opened up sports better in the US on lines points online sports betting. 46:44 So they're making a move that way, 46:48 you know, as an economy as a country collapses, 46:50 they make legal things like gambling and stuff and prostitution. 46:52

There's 46:56 a company called 46:56 Blitz predict that's in Vegas that does it aggregates all the odds from Augur and Gnosis and then let you place one sports bet on one 46:57 platform. 47:05 Yeah, so when you say your clients, 47:05 what kind of what you 47:09 represent your consultants. 47:10 Like. 47:14 Specialized cybersyn lighters that you can trust. 47:14 Or whatever your situation. 47:19 So we have operations. 47:19 And we tried. 47:28 Yeah, see iOS. 47:28 23. 47:40 Right. 47:40 Has. 47:40

So we're going 47:40 with the concept 48:02 that if they went to see a automatically 48:03 trust worth, 48:06 well that there's 48:07 a debate right there. 48:09 I think any other questions. 48:09 Now that's fine. 48:13 Yes. 48:13 Yes Sir. 48:13 Visor. 48:16 Yes. 48:17 Question for all the. 48:18 This is a question for all the panelists, 48:18 and I'm curious to listen to her dates. 48:23 Answer as well. 48:26 Is there a sock for any high net worth individual who is an investor in Crypto currency, 48:26 stock or stock? 48:34

So security operations center where I just get alerts on what's what's being accessed or what's being anomaly? 48:34 No, we are 48:43 building heavy notifications. 48:44 That's part of the product is anytime. 48:44 There's a signature anytime. 48:49 Especially there's a request around like our key being requested access. 48:49 I think that's one of the things that is challenging right now around Multisig and around. 48:56

Even just watching the addresses that you know that you have funds on. 49:01 Unless your key is plugged in with a lot of the current solutions, 49:06 you're not seeing the address, 49:10 so there there's a lot. 49:13 There's heavy room in in doing that. 49:14 Lots of 49:17 improvements. 49:17 Have you seen? 49:17 Have you seen demand for something like that. 49:17 Have you seen demand for something like that? 49:22

Demand 49:24 demand demand for 49:25 that for security 49:26 solutions 49:28 built for cryptocurrency investors, 49:29 I predict it. 49:32 It's coming and institutional 49:32 players will want that. 49:35 I haven't seen the demand object just yet. 49:35 It's not. 49:42 The dust hasn't settled. 49:42 Well, we're 49:45 about to wrap up and please follow us on Facebook 49:46 and give us a like. 49:49

If you like what you saw in this pattern queer, 49:50 you'll do it again and will come to your 49:54 community and do the 49:57 panel for you in your home. 49:58 Small. 50:00 Some point or athyrium or one of the most exciting to cryptocurrencies out there called sugar, 50:00 which will be hearing 50:07 a lot more. 50:08 But 50:08 there's also Spain coin. 50:09 So by the 50:09 way, yeah, is cocktail hour. 50:13 Usually Maximus not go in 50:16 living in Europe. 50:18

Cackle comments for the website

Buy this talk

Access to the talk “Cryptocurrency Breach Protection Panel”
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Cyber Investing Summit 2018”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT”?

You might be interested in videos from this event

September 28 2018
Moscow
16
122
app store, apps, development, google play, mobile, soft

Similar talks

Parisa Tabriz
Director of Engineering at Google
Available
In cart
Free
Free
Free
Free
Free
Free
Tamar Nachmany
Senior Engineer at Glossier
Available
In cart
Free
Free
Free
Free
Free
Free
Kevin Ball
Engineering at Humu
Willian Martins
JavaScript Formatter at Netflix
Shawn Wang
Account Executive at CircleCI
Lin Clark
Prinicipal Research Engineer at Mozilla
Till Schneidereit
Senior Research Engineering Manager, Developer Technologies at Mozilla
Available
In cart
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk “Cryptocurrency Breach Protection Panel”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
505 conferences
19653 speakers
7164 hours of content