 from the Hard Rock Hotel in Las Vegas. It's theCUBE, covering HoshoCon 2018, brought to you by Hosho. Hello everyone, welcome back to theCUBE's special live coverage here in Las Vegas for the first ever Blockchain Security Conference, really discussing security as an industry. It's called HoshoCon, put on by Hosho. We're here with the co-founder and CEO of Hosho and some main supporters of sponsoring this project for our event, HoshoCon. We have Yosem Kwan, who's the CEO and co-founder. Good to see you. Good to see you, good to be here. Hey, thanks for putting this on. I interviewed Hartej, your co-founder in Toronto at the Futures Conference. We had many great conversations on theCUBE. But when we talked about HoshoCon, this conference, he really wanted to do it as an industry conference, not as just a Hosho event. This is really key to you guys' culture here at Hosho, your company. Take a minute to explain the event, why this event, why the format, and that is open. So, I mean, basically, we've been to just so many events over the, I think we've done like 80 events this year. And the topic of conversation is around investing, it's around ICOs, it's around all these things. And security touches all of those. And I just feel like, and we all felt in, the other security companies felt it too, that it just wasn't a topic that was discussed in great enough depth, especially given the increasing amounts of hacks and theft and all these problems that relate directly to security. And I just feel like it's really important for us as an industry to discuss what security practices are good, what should be done, how you should do them, what resources are available to companies to learn more about security, and what resources don't exist and need to be developed. That needs to be done in a collaborative way. Well, congratulations and props to you guys for really sponsoring this and taking the leadership role in the industry, but again, you guys are humble and it's a good way to do it, is to have these conversations. So, thank you for doing that, appreciate it, and thanks for having theCUBE here, we really appreciate it. The question I want to ask you is, I've noticed a trend here, first of all, a lot of smart people here. So it's like a, it's not a massive, no ICO pitch competition, this is really down and dirty security. Yeah. Okay, black hat, white hat, but it's kind of an inner culture vibe, it's the community coming together. But also two kind of tracks are developing this, the crypto security, and then there's cyber security threads coming out, because you said it's touching on all these points. And you're hearing, even hearing a little bit of IoT and hardware we had Rivets on earlier, the CEO, Steven Sprague. So a lot of different solutions, a lot of different opportunities, a lot of different vulnerabilities. Can you explain the landscape of how the players are here, what are they coming from? What's your background? Yeah, absolutely. I mean, like there are definitely a lot of brilliant minds here, and that was one of the goals of Hoshokan is to bring people that are of all different, it parts of the industry, whether they're lawyers or they're information security experts, or they're regulators, or they're just developers, bring them all into the same room, and to kind of discuss these problems that plague all of us, and a developer is going to have a much different perspective and solution than a lawyer, but those things can work together and the problems might still be the same. And so we've been in the industry for just like, even though Hoshokan is a young company, the people that are on our team, myself, I got into Bitcoin eight years ago, like we just have this network of people that are in the industry, have seen the kind of like cyclic nature of a gigantic influx of people come in, these problems arise where entrepreneurs are really focused on growing, getting traction, and then they focus less on their security, it goes to the wayside, and then these big hacks happen, and then the industry kind of smartens up and everything starts getting a little bit closer to what seems maybe safe or approachable for a growth trajectory, and then another gigantic influx happens, and then the same thing. And so what we really need to do is when that next big influx happens, is to have standards in place to have things that an entrepreneur can just turn to and be like, okay, this is what I need to do if I want to be considered credible in this industry, and I want to protect my users and my investors. Can you talk about some of the top conversations that are going on here? Because I think that's a great point. People want legitimacy, they want solutions that work, that are credible, and then maintain kind of, I won't say enterprise grade, but a commercial grade reliable so that people can focus on building up their companies and or preparing for the growth. What is some of the top conversations? A lot of it's just all learning about what other people do, like even like with rivets, like we're putting, they're using the trusted execution space on like, what's already on billions of devices, and basically letting people know that that space exists on this hardware and that they can be used for all these different purposes to validate data going in. And there's been conversations around custody. I think I was on a panel earlier today about custody and basically the way I felt like it left off in the conclusion was that there is a long way to go on custody, but it is incredibly crucial. Big institutional players that want to enter the markets and want to put their money into a regulated custodian, it's difficult to do so, even with registered custodians existing because the limitations that they have in understanding the technology and being able to provide support for all the different digital assets that exist. So we're reporting this morning the SEC here in the US has tightened the noose on the ICO funded startups. I think the story originated out of decrypt media, but essentially this SEC, the Securities Exchange Commission is cracking down and they're going back and saying, you got to refund some of that money because of violations. That's one regulatory thing, but there's also, there's software that writes these smart contracts. You guys are in that business. The software is software money. Security is critical. How stable is this becoming in your mind? What's the to-do items? How should a company who wants to either use the ICO process or and or use token economics to fuel their business model, they got to be secure on the business front. Yeah. So basically smart contracts were so new when we first got into it that people just didn't know how to develop securely in them. And so there were just like critical mistakes being made all over the place. We've seen over the last year a lot of improvement on that front. More libraries are being developed and people are writing consistently more secure contracts. But now what we're seeing is contracts are getting increasingly complex. And with additional complexity, because it's software, there's room for more problems. And I think that it's going to be an interesting challenge going forward. There's things like formal verification. I think that has a huge place in the future regarding smart contracts, but there's a lot of tools that need to be developed. That's one of the things that we worked on and we're really excited about is Meadow Suite because that's software that lets you develop smart contracts. We built it intentionally with security analysis in mind and then we made it more full-featured to become a development tool for writing smart contracts and developing on protocols. And so I think the more of those type of things that you see come out that bring it more to feature parity to what software developers are used to if they were, say, building a web application, it makes it a lot easier to adhere to good practices and write secure code. And also kind of not have to do manual audits. I mean, at the end of the day, you want to get to some sort of automation. Absolutely, yeah. I mean, we've already automated a lot of the things that we do, and there's still a lot left to do, but we know that there is a lot left that can be automated. And we hope that eventually the tools are just put into developers' hands where they can do most of that work themselves. As I take your CEO hat off from, I'll show it for a minute, put your industry hat on. Okay. What are some of the names here that, and conversations, topics that you find interesting, personally? Okay. I mean, a lot of the people that we brought here are like our friends. We know them, right? We're kind of celebrities. I was talking with Token Market earlier, and we're partners with them, and they're really great guys, and some of the stuff that they're trying to do, and just listening to what other companies are trying to do with security tokens, that seems to be the thing that's really moving forward. And I'm kind of fascinated. We try to stay agnostic, when we're looking at all these different technologies, but then sometimes someone explains something to you, and you're just like, oh man, that's really cool. And there's some good minds here. What's the coolest thing you've seen so far? Well, I've been locked in, I've been locked behind doors in a lot of meetings so far, but the, let's say, I think what Unchained Capital is working on is really sweet. They basically, I mean like, well, I just think their business model makes a lot of sense. Like, basically they just hold your crypto, so you maintain exposure to it, and then they'll issue you a loan, and they can like turn around a loan like in 24 hours. You just like hand them a bunch of Bitcoin, and then they'll just give you cash, and then you can, you know, you have that cash, and then you still maintain exposure to crypto, if you pay it all back, you get your crypto back. So it's collateralized. Yeah, exactly. And I mean, like, that makes perfect sense to me. Like, you know, it's just like, as long as you can liquidate that crypto and Bitcoin, Ethereum, like those are big enough markets now where you can easily liquidate it. Well, that's awesome. Well, thanks for putting on this event, and I want to get back to Ho Show. How's business going? You're the CEO, Commander-in-Chief. What's going on with the company? How's things going? Yeah, I mean, well, everything's crazy, right? Like, we're moving quickly, and the next steps are Asia. We really want to basically penetrate those markets. Only, we don't have as much coverage there as we would like, but having spent some time there earlier this year doing some reconnaissance, it's a crazy, crazy space over there. There's a lot of action happening. There's a lot of adoption. People are really enthusiastic about it, but security almost seems like six months to a year behind North America and Europe as far as what exchanges are requiring, what investors are like demanding of their portfolio companies, and so I think that now that they've had such major hacks happen over the last six months, they're starting to realize, you know. Major hacks, talking about 60 million. I mean, I heard numbers up at 300 plus million. Yeah. I mean, these are, it's not like $5 out of your wallet. Yeah, yeah, like over a billion dollars. Yeah, has been, yeah, stolen in some capacity and like, it's been pretty crazy, yeah. So I think- Where's the big vulnerability? The exchanges, is it the DApps? Where's the holes? They're all over the place, but the biggest numbers definitely come from exchanges. Exchanges just need to be far more responsible and I feel like a lot of it is just negligence. They're growing so quickly that they don't pay attention to, you know, putting resources into educating their staff on really simple security practices, you know, things like phishing and social engineering, like, things that were good security practices still are good security practices and a lot of those attacks are not even anything like some new exploit of a new technology. It's the same kind of thing of like phishing, social engineering, sim swapping, you know, poor user access control, bad passwords. I mean, the basics. Yeah. What growth does to you, to your point earlier, as more people start feeling growth, as more exposure surface area-wise, new dynamics are kicking in. Well, I'm starting to see new exchanges that are popping up that are, you know, taking security very seriously and the way they're treating it is that is their differentiator, but in my mind, like, security shouldn't be a differentiator. Everybody should, you know, like, if you're an exchange and you're holding massive amounts of other people's assets, you should take security very seriously. That should just be a default, a standard. Yeah, you have to be differentiating strategy with security. It doesn't make sense. Marketing 101, you shouldn't be different. It should be standard. Well, I mean, if that's the state of the art, this is the problem. This highlights the problem. It does, Sam. All right, so what's the future for this event? How do you guys see this unfolding? Obviously, it's the first inaugural event here, Hoshokon. How do you see it evolving? I think a lot of conversations should hopefully spur from this, and we want to make this a yearly event, so we're definitely going to take a lot of the feedback from people that attended and see what they really enjoyed, what they really want to talk about. And even, I think, since we're recording all of the talks, we'll be putting them up online at some point, and I think it'd be really good to see what the transition is next year from where we were in some of these problems and addressing those problems a year from now. I think that will be really exciting. You guys are spanning in Europe. Hoshokon, good job with that. Who's the kind of clientele you guys have? Is it ICOs, is it companies, is it enterprises? Who are your target customers? So we have a lot of companies that are ICOs for sure. We have more exchanges and protocols joining those ranks, and then we are trying to move into enterprises as well. We made a partnership with Telefonica and developed a partnership with them to be able to sell to more enterprise clients and what they need. And what's your value proposition that you guys are offering? We do smart contract audits. We do penetration testing. Those are things that a lot of companies in this space need. And then also we've been helping with security architecture and cryptocurrency risk assessments. And tools for developers. And tooling, yeah, we're trying to do our part. I mean, we can't and won't do it alone, but we try to develop things that, if we develop anything that's useful from a security perspective, we try to make it available for everyone. So thanks for coming on theCUBE. Appreciate your time and congratulations. It was a great event. Thank you. Sponsored by Hosho and others in the industry. It's an industry event. It's not just their company. It's their friends all coming together to solve the major problems, with our security, making it standard, making it safe, and supporting the growth with the community. This is theCUBE covering live here in Vegas. I'm John Furrier. Stay with us for more CUBE coverage after this short break.