 from the Hard Rock Hotel in Las Vegas. It's theCUBE, covering HoshoCon 2018. Brought to you by Hosho. Okay, welcome back, everyone. It's theCUBE live coverage here in Las Vegas for the first annual Blockchain Security Conference, the brightest minds in the industry coming together. It's called HoshoCon. It's presented by and sponsored by Hosho. And it's not their event, it's an industry event. We're here with the co-founder and president, Artej Sani, who's theCUBE alumni. Great to see you. You guys are doing a great event. Thanks for coming on. Yeah, it's always, always good to see you. And I'm so glad theCUBE is here at HoshoCon. So you talked with us many times, but recently in Toronto about this event. This is not your company's event. You guys are putting it together. You're holding it because there's no other conferences that do this, but it's not just you guys. You guys are bringing the industry brains together. Yeah, I mean, we see ourselves as being on the intersection of cybersecurity and blockchain. And it's getting over a cold. But not a lot of conferences are out there that have a open discussion about cybersecurity and the blockchain industry. And hundreds of millions of dollars are stolen from exchanges. And 10% of all the money in the ICO space has been lost or stolen. And there's simply not enough platforms for this to be discussed. So we figured we'd start the first conference that solely focuses on being a blockchain security conference. We chose not to have any ICO pitch competition. And it feels like there's more and more typical blockchain conferences out there, but it's important to be home base for anyone who wants to affiliate themselves with cybersecurity and the blockchain industry. And the depth and breadth of security is changing. We are hearing talks, which unfortunately aren't be able to attend the sessions with interviewing people all day. But the amazing talks, how to hack an exchange, all those new surface areas. People kind of generally know they're insecure, but there's growth going on. There's new things happening. This is exposing some of the security vulnerabilities. What is the hot topics in the top tracks here at HoShopCon? We have Anand Prakash who runs a company called AppSecure. He's one of the world's best whitehead hackers who has hacked into the likes of LinkedIn, Facebook, Google, all the top names. And to have someone walk us through today, Anand Prakash said, here's how you hack into a cryptocurrency exchange. And here's how they actually did it. And to have a whitehead hacker walk us through that, it opens up our eyeballs as to how easy it actually was for a Japanese exchange to lose $500 million. That's no small sum of money. And this industry is only going to survive if we together as a community come together and evaluate how was it that $500 million got stolen? And how can we as a community of global lovers of Bitcoin make sure that this does not happen moving forward? Is that on that exchange hack, $500 million in Japan? Was that white hat done? Or was that black hat? Was that done? It was black hat, unfortunately, the money's not been given back. It's not given back. So that's a half a billion dollars. It's half a billion dollars stolen. Yeah, and you know, how many industries are worth just about that much? Yeah, I mean it's good for a couple countries. This is legit, right? Obviously it's like total, you know, Wild West, if you want to call it, stagecoach robberies. We've got the maps on, no one knows who it is. This is real. This is absolutely real. What are you guys doing as an industry? What's happening here to prevent this? What are the key, you know, hygiene or social antisocial engineer? What are the key things that are going on that are solving this problem? So every exchange needs to value security and get a penetration test. Every company needs to make sure that somebody at their company is in charge of their in-house security practices. Most companies, when you ask them who's in charge of security, they point their finger at the CTO. The CTO is in charge of architecting the software. You need to have somebody full-time in-house taking care of the security, ideally a CISO. And if you can't afford it, pay someone five to $10,000 a month as a consultant to come in for a couple of months and take care of your in-house security. These are basic things. You know, surprisingly, most Bitcoin exchanges oftentimes when they're hacked, they're hacked by a basic phishing attack that one of your employees opened up the wrong email. They opened up a PDF and the hacker gained access to your computer and is now monitoring your keyboard strokes and stole millions of dollars. Or the exchange didn't get an actual penetration test of their exchange. Or exchanges are listing contracts that have not gone through a professional smart contract audit. And these things are now, also we're seeing them servicing regulation with central governments. And it seems that all the smaller island nations are spearheading the way in terms of writing clarity on regulation in Malta, Bermuda, Gibraltar, all of them are trying to spearhead the way. I'm much more excited to be honest about some of the larger nations bringing clarity on regulation in the next two to three years. We all can't just move to a small island off the coast of Italy that is infamous for actually laundering money in the gaming space. Yes, now they're trying to bring clean clarity doing KYC and AML in Malta and write actual regulation about security. And if you're domiciled in Malta and you're in exchange and you can only list a token that's been audited, it's wonderful. But at the end of the day, Malta is also a part of the EU and if the EU changes their mind, things can change in Malta. I just feel like it shows the immaturity of this space. If very legitimate companies are all going to flee to small countries like Malta or to islands like Bermuda, good on those island nations for being so pragmatic and forward thinking and for bringing legal clarity. I mean, if I was in exchange today, arguably, yes, you have to go to Malta if you want clarity on regulation and you don't want to be in the United States. Right now, Malta is your choice. I'm just personally a little bit much more excited about the next three years where I make a joke to my co-founder and I say the suits are coming. But we look around these conferences and you don't see them in these suits but the Fortune 500, many of them are either writing private blockchains, they're evaluating how they're going to leverage blockchain technology in their major businesses and they're going to leverage decentralized applications and tokenization for already running products that have millions of customers that are already profitable and then when they get tokenized, they're going to be up and running right away and so the next two to three years are going to be very interesting. From Hosho's perspective, we've taken a big turn towards catering towards more publicly traded, large, sophisticated companies. We've partnered up with Telefonica. Telefonica is a Fortune 200 company and it's wonderful to be able to leverage that kind of a brand to deal with major worldwide entities that are publicly traded, come to Telefonica and evaluate how they can leverage blockchain technology and get one bundled security package that includes Hosho, Rivets, and Telefonica. Yeah, the Rivets solution is interesting. It's a hardware based solution so the subscriber and the phone becomes the entity. It's really interesting this points to new paradigms of security which I want to get to in a second but I want to just unpack what you said about the small country, big country dynamic. Great for the small country to be opportunistic to be creative and capture this opportunity but people want stability. They want clarity on regulations, yes but also standards, technical standards as well. We can't all just move to the small country of multi. No, I'll be able to play the whole time. It just doesn't work. Yeah, and by the way, the game changes too. So, what's the implications of say multi-size one day? You know what, we're changing things. A company will have to move their domicile again so it's a moving train. You don't know what you're going to get. This might be stable now but it's not a scalable opportunity. Yeah, people have families and they want to stay where they are. Simple as that. We have large countries that have a strong crypto community that's growing and let's see how they pan out. Singapore seems like a likely next candidate. You have Korea, I would argue to say that the world's first decentralized application that will be massively adopted will be in Korea. Korea is going to be the place where we have the world's first decentralized application launched with mass adoption, a paradigm shift. The kind of shift where you forgot what it was like before you use Gmail regularly. Yeah, yeah, total infrastructure change. All right, so I got to ask you the hallway conversation question. I'll say you're very popular here. It's your event, you're sponsoring with the community. I see you talking to a lot of people. I had the VIP dinner last night. What are some of the hallway conversations that you're having? A lot of interesting people here from diverse backgrounds, insecurity, technology, some policy, some regulatory, some business and legal. But Luke, bright minds. What's the hallway conversation like? What are you talking about? We're talking about how all of us are going to survive crypto winter that we've just entered. We've entered this time where fundraising has become extremely difficult. A lot of funds are simply bleeding. They lost a lot of money and they're not cutting checks right now. So the companies that are going to survive and stick around through this crypto winter, they're making a strong statement. They're going to be the ones that are going to stick around. And a lot of them are here at this conference at Hoseokon. And it's amazing to have discussions to see what are the problems that fellow founders are facing, building companies that will survive this crypto winter. Another thing has been just what are we going to do as a community to self-regulate? Are we going to create self-regulatory organizations? Are we going to let another Moody's get created? What is our viewpoint on regulation in this space overall, right? We love Max Kaiser. His viewpoint on regulation is very extreme where he believes Bitcoin is a self-regulatory technology. And on the other hand, we have people saying, no, we need to quickly move to regulate this space, work with central banks, work with central governments and write out the regulations. That's been a lot of the hallway conversation. And a lot of other ones that have been really intriguing to me has been people talking about what are things that they have done within their company to protect their employees. Because the reality is in the cryptocurrency space, every single employee of a major company in this industry is a target by naturally being in this industry. And this includes you, that we are all naturally targets. And it's not about how much Bitcoin you have, maybe it's about how much Bitcoin someone thinks you have. And all of a sudden you become a target and we have to think about things like our physical security. So some of the more interesting conversations I've been having with people have been around the long lines of what are you doing to protect you and your family in regards to your physical security? On top of that, your online presence. So ransom, people getting kidnapped and or extorted, these kinds of physical pressures? ShapeShift has a lot of great stories. Michael Perklin from the CIS of ShapeShift is here. You should totally talk to him and get him on theCUBE. Michael Perklin has a long list of war stories that ShapeShift has been through. Some of them they went through before he was actually hired as a CISO. And ShapeShift would have also not been hacked of millions of dollars if they had brought on a CISO earlier, such as Michael Perklin. I believe they had hired him as a consultant, did not renew the contract, got hacked, and then brought him on a CISO. And he was like, if you had continued working with me, I would have, this would have been avoided. And that's really- It's foolish. One little thing I've seen with ShapeShift actually is online, you'll notice that all employees of ShapeShift, their last names are not online. So on the website it says, their chief marketing officer's name is Emily, it says Emily ShapeShift. And their badges at conferences also say Emily ShapeShift. And these are interesting things to learn from other companies that this is what you're doing to protect your employees from them being hacked. And it's very interesting for us to all exchange notes. Shoot, I'm out there. Four years everywhere, yeah. Pretty much online. I'm out there as well. We just got to protect ourselves. And we got to think about things like our physical security. People feel uncomfortable thinking about their physical security. They think that, oh no, we're in America, we'll just call the cops. What about when we travel? What about when you and I are in a village in Thailand hanging out? We are microorganisms, and when microorganisms are hungry, they will do whatever it takes to eat. So if they smell abundance, you and I are in trouble. We got to be careful. And this is something that we really got to worry about because there's been tons of war stories. Now ultimately when you get back down to the wall, it's one of the things we've been talking a lot this morning on with Rivets was on about the notion of how hard it is for mainstream to use tokens. Where's my private key? This has always been the crypto problem, even with private key encryption. Also we built a multi-sig wallet to store your tokens in a secure manner. People have been asking us for a long time. Crypto funds, ICOs, how do we store our tokens? And our problem was that A, we've either hacked into and other wallets are available and we saw that they're insecure or the UI and UX completely sucks. So we said, let's build our own. And so we built our own. Are you open sourcing that as that? No, no, we're going to be, this is going to be a unique multi-sig wallet that we release, it's not. You're open sourcing the actual code of the wallet, or else it's not going to be considered legitimate. Yeah, it's good. But it's a profitable venture. But it's going to be 100% bulletproof. It's going to be very secure. Talk about Meadow Suite. So we came to a point where our engineers needed better tooling to find security vulnerabilities in smart contracts. And what is available truffle is weak and slow. And so we built Meadow Suite, we built a long list of tools and a full suite of tooling that we believe are going to be used by a long list of people that are building on the Ethereum blockchain, including a lot of our competitors. And so we've open sourced it and we're excited for people to check out Meadow Suite. It's on GitHub and our engineers have put a lot of time and effort into it. We even have our own logo. And the goals automate things, make it easier. What's the main initial goal? I would say a long story short is to find security vulnerabilities in smart contracts and to build tooling around that and to effectively build and find vulnerabilities in smart contracts. To build into their development process natively. Correct. All right, Harchash, great to have you on. And hey, congratulations for putting on this event. I know we talked about it the best. It actually happened. It's the first inaugural one. I mean, we had this vision and I'm glad it came through. We had a great global events team, Gabriel Shepard and Ryan Shuchuck and Brad Horspool and Michelle Yan. And like they've put on conferences the size of South by Southwest. And our vision is, look, we're not in the events business and we're a cybersecurity business at the end of the day. But we found it necessary that there has to be a conference where there's a platform for people to talk about cybersecurity intersecting with the blockchain industry. There's got to be a platform for someone to get on stage and say, hey, here's a lesson, lessons that we learned from getting hacked. And if this industry is going to survive, this topic needs to survive. And the brands that want to affiliate themselves with blockchain security and that want to be a part of the discussion, this will be a go-to conference every single year. We're going to keep doing it. And I look forward to having you with every single one coming. It's been great. And you know, it's key is having reputable people working together in a community, building an open community, sharing data, sharing best practices and having candid conversations. Yeah, it's the only way to get someone as epic as Andreas Antonopoulos to your conference. I mean, my co-founder and I have been looking up to Andreas for so long, watching videos of Andreas, watching videos of Max Kaiser, Stacey Herbert. To have them here is really just truly remarkable and I'm grateful, I'm honored, I'm touched. I'm touched to have you here. I miss Dave Vellante, I wish he was here. He's in San Francisco. He says hi, he was going to fly in tonight. He texted me. He did, okay. Our Ted, it's great to see you. Great to see you as well. Congratulations, great event. Okay, we're here live with the CUBE coverage for Ho ShowCon 2018. The first inaugural security conference around blockchain industry leaders coming together. The brilliant, bright minds of the industry working out the solutions, trying to peddle faster, better security, check it out, HoShowCon.com. I'm John Furrier, stay with us for more coverage after this short break.