>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018. Brought to you by Hosho. >> Okay, welcome back everyone. It's theCUBE live coverage here in Las Vegas for the first annual blockchain security conference. The brightest minds in the industry coming together, it's called HoshoCon, and it's presented by, and sponsored by Hosho. But it's not their event, it's an industry event. And we're here with the co-founder and president, Hartej Sawhney, who is theCUBE alumni. Great to see you. You guys are doing a great event. Thanks for coming on. >> Yeah, it's always good to see you, and I'm so glad theCUBE is here at HoshoCon. >> So you've talked with us many times, but recently in Toronto about this event. This is not your company's event. You guys are putting it together. You're holding it because there's no other conferences that do this, but it's not just you guys. You guys are bringing the industry brains together. >> Yeah, I mean, we see ourselves as being on the intersection of cybersecurity and blockchain. And (coughs) just getting over a cold, but not a lot of conferences are out there that have a open discussion about cyber security in the blockchain industry. And hundreds of millions of dollars are stolen from exchanges. And 10% of all the money in the ICO space has been lost or stolen. And there's simply not enough platforms for this to be discussed. So, we figured we'd start the first conference that solely focuses on being a blockchain security conference. We chose not to have any ICO pitch competition. And it feels like there's more and more typical blockchain conferences out there, but it's important to be home base for anyone who wants to affiliate themselves with cyber security and the blockchain industry. >> And the depth and breadth of security is changing. We are hearing talks with, unfortunately I won't be able to attend the sessions, we're interviewing people all day, but amazing talks. How to hack an exchange, all these new surface areas. I mean, people kind of generally know they're unsecure, but this growth going on. There's new things happening. This is exposing some of the security vulnerabilities. What is the hot topics in the talk tracks here at HoshoCon? >> We have Anand Prakash, who runs a company called AppSecure. He's one of the worlds best white hat hackers. Who has hacked into the likes of Linkedin, Facebook, Google, all the top names. And to have someone walk us through today, Anand Prakash said, "Here's how you hack into a crypto "currency exchange and here's how they actually did it." And to have a white hat hacker walk us through that, it opens up our eye balls as to how easy it actually was for a Japanese exchange to loose 500 million dollars. That's no small sum of money. And this industry is only going to survive if we together as a community come together and evaluate how was it that 500 million dollars got stolen? And how can we as a community of global lovers of bitcoin make sure that this does not happen moving forward? >> On that exchange hack, 500 million dollars in Japan, was that white hat done or was that black hat? >> It was black hat. Unfortunately the money's not been given back. >> So it's not given back. So that's a half a billion dollars? >> It's half a billion dollars stolen, yeah you know. How many industries are worth just about that much? >> Yes, you could feed a couple countries. This is legit, right? Obviously it's like total, you know, wild west if you want to call it. Stage coach robberies they got the mask on. No one knows who it is. This is real, this is absolutely real. What are you guys doing as an industry? What's happening here to prevent this? What are the key, you know hygiene or social, anti-social engineering? What are the key things that are going on that are solving this problem? >> So, every exchange needs to value security and get a penetration test. Every company needs to make sure that somebody at their company is in charge of their in house security practices. Most companies when you ask them, "Who's in charge of security?" They point their finger at the CTO. The CTO is in charge of architecting the software. You need to have somebody full time, in house taking care of the security. Ideally a CISO and if you can afford it, pay someone five to ten thousand dollars a month as a consultant to come in for a couple of months and take care of your in house security. These are basic things that, you know, surprisingly most bitcoin exchanges often times when they're hacked, they're hacked by a basic phishing attack. That one of your employees opened up the wrong email. They opened up a PDF and the hacker gained access to your computer and is now monitoring your keyboard strokes and stole millions of dollars. Or the exchange didn't get an actual penetration test of their exchange. Or exchanges are listing contracts that have not gone through a professional smart contract audit. These things are now, also we're seeing them service in regulation with central governments. And it seems that all the smaller island nations are spearheading the way in terms of writing clarity on regulation. In Malta, Bermuda, Gibraltar, all of them are trying to spearhead the way. I'm much more excited, to be honest, about some of the larger nations bringing clarity on regulation in the next two to three years. We all can't just move to a small island off the coast of Italy that is infamous for actually laundering money in the gaming space. Yes, now they're trying to bring clean clarity doing KYC and AML in Malta and write a actual regulation about security. And if you're domiciled in Malta and you're a exchange then you can only list a token that's been audited. It's wonderful but at the end of the day Malta is also a part of the EU and if the EU changes their mind, things can change Malta. I just feel like it shows the immaturity of the space. If very legitimate companies are all going to flee to small countries like Malta or to islands like Bermuda. Good on those island nations for being so pragmatic and forward thinking and for bringing legal clarity. I mean if I was in an exchange today, arguably yes you have to go to Malta if you want clarity on regulation and you don't want to be in the United States. Right now, Malta is your choice. I'm just personally a little bit much more excited about the next three years where, I make a joke to my co-founder and I say, "The suits are coming." That we look around these conferences and you don't see that many suits but the fortunate 500, many of them are either writing private blockchains, they're evaluating how they're going to leverage blockchain technology in their major businesses and they're going to leverage decentralized applications and tokenization for already running products that have millions of customers, that are already profitable and then when they get tokenized they're going to be up and running right away. So the next two to three years are going to be very interesting. From Hosho's perspective we've taken a big turn towards catering towards more publicly traded large sophisticated companies. We've partnered up with Telefonica. Telefonica is a Fortune 200 company. Its wonderful to be able to leverage that kind of a brand. To deal with major world wide entities that are publicly traded come to Telefonica and evaluate how they can leverage blockchain technology and get one bundled security package that includes Hosho, Rivets, and Telefonica. >> Yeah the Rivets solution is interesting. It's a hardware based solution. So the subscriber of the phone becomes the entity. It's really interesting and I think this points to new paradigms of security, which I want to get to in a second but I want to just unpack what you said about the small country, big country dynamic. Great for the small countries to be opportunistic. To be creative and capture this opportunity. But people want stability. They want clarity on regulations, yes, but also standards, technical standards. >> We can't all just move to the small country of Malta. >> Yeah I'll be in a plane the whole time. >> It just doesn't work. >> Yeah and by the way the game changes too. Whats the implications of say, Malta decides one day, "You know what?" "We're getting out, we're changing things." A company would have to move their domicile again. So it's a moving train, you don't know what you're going to get. It might be stable now but it's not a scalable opportunity. >> Yeah, people have families and they want to stay where they are. Simple as that. We have large countries that have a strong crypto community that's growing and let's see how they pan out. Singapore seems like a likely next candidate. You have Korea. I would argue to say that the worlds first decentralized application that will be massively adopted will be in Korea. Korea is going to be the place where we have the worlds first decentralized application launched with mass adoption, a paradigm shift. The kind of shift where you forgot what it was like before you used Gmail regularly. >> Yeah, total, total infrastructure change. Alright so I got to ask you the hallway conversation question. Obviously you're very popular here. It's you event, you're sponsoring with the community. I see you talking to a lot of people at the VIP dinner last night. What are some of the hallway conversations that you're having? A lot of interesting people here from diverse backgrounds, in security, technology, some policy, some regulatory, some business, and legal, but really bright minds. What's the hallway conversation like? What are you talking about? >> We're talking about how all of us are going to survive crypto winter that we just entered. We've entered a time where fund raising has become extremely difficult. A lot of funds are simply bleeding. They lost a lot of money and they're not cutting checks right now. So the companies that are going to survive and stick around through this crypto winter, they're making a strong statement and they're going to be the ones that are going to stick around. And a lot of them are here at this conference at HoshoCon. And it amazing to have discussions to see what are the problems that fellow founders are facing? Building companies that will survive this crypto winter. Another thing has been just what are we going to do as a community to self-regulate? Are we going to create self-regulatory organizations? Are we going to let another Moody's get created? What is our viewpoint on regulation in the space overall, right? We love Max Keiser. His viewpoint on regulation is very extreme where he believes bitcoin is a self-regulatory technology. And on the other hand we have people saying, "No, we need to quickly move to regulate the space. "Work with central banks, work with central governments, "and write out the regulations." That's been lot of the hallway conversation. And a lot of other ones that have been really intriguing to me has been people talking about what are things that they have done within their company to protect their employees. Because the reality is in the crypto currency space every single employee of a major company in this industry is a target by naturally being in this industry. And this includes you. We are all naturally targets. And it's not about how much bitcoin you have maybe its about how much bitcoin someone thinks you have. And all of a sudden you become a target. And we need to think about things like our physical security. So some of the more interesting conversations I've been having with people have been around, along the lines of what are you doing to protect you and your family in regards to your physical security? On top of that your online presences. >> So ransoms, people getting kidnapped and or extorted. These kinds of physical pressures? >> Yeah, like ShapeShift has a lot of great stories. Michael Perklin from, the CIS of ShapeShift is here. You should totally talk to him and get him on theCUBE. Michael Perklin has a long list of war stories that ShapeShift has been through. Some of them they went through before he was actually hired as a CISO. And ShapeShift would've also not been hacked of millions of dollars if they had brought on a CISO earlier such as Michael Perklin. I believe they had hired him as a consultant. Did not renew the contract, got hacked, and brought him on as CISO. And he was like, "If you had continued working with me "I would of, this would of been avoided." And that's really-- >> It's foolish. >> One other thing I've seen with ShapeShift actually is online you'll notice that all the employees of ShapeShift, their last names are not online. So on the website it says, their chief marketing officers name is Emily, it says "Emily Shape Shift". And their badges at conferences also says "Emily Shape Shift". These are interesting things to learn from other companies that this is what you're doing to protect your employees from them being hacked. It's very interesting for us to all exchange notes-- >> Shoot I'm out there, (mumbles) everywhere pretty much online. >> Well I'm out there as well. We just got to protect ourselves and we got to think about things like our physical security. People feel uncomfortable thinking about their physical security. They think that, "Oh no we're in America, "we'll just call the cops." What about when we travel? What about when you and I are in a village in Thailand hanging out? We are microorganisms and when microorganisms are hungry they'll do what ever it takes to eat. So if they smell abundance, you and I are in trouble. >> Yeah, we got to be careful. And this is something that you really got to worry about because there's been tons of war stories. Now ultimately when you get back down to the wallet, it's one of the things we've been talking a lot this morning on, with Rivets, was on about the notion of how hard it is for mainstream to use tokens. Where's my private key? This has always been the crypto problem, even with private key encryption. >> Yeah, or should we build a multi-sig wallet to store your tokens in a secure manner? People have been asking us for a long time, Crypto funds, ICO's, "How do we store our tokens!" And our problem was that A, we've either hacked into the other wallets that are available and we saw that they're insecure or the UI and UX completely sucks. So we said lets build our own and so we built our own. >> Are you open sourcing that, is that-- >> No, we're going to be, this is going to be a unique multi-sig wallet that we release, it's not. You're open sourcing the actual code of the wallet or else it's not going to be considered legitimate. >> Yeah, it's good, it's a goldmine. >> It's a profitable venture. >> And that's going to be 100% bullet proof? >> It's going to be very secure. >> Let's talk about Meadow Suite. >> So, we came to a point where our engineers needed better tooling to find security vulnerabilities in smart contracts. And what is available, Truffle, is weak and slow. And so we built Meadow Suite. We built in a long list of tools and a full suite of tooling that we believe are going to be used by a long list of people that are building on the Ethereum blockchain. Including a lot of our competitors. And so we've open sourced it and we're excited for people to check out Meadow Suite. It's on GitHub and our engineers have put a lot of time and effort into it. We even have our own logo for it. >> And the goal is to automate things, make it easier? What's the main, main initial goals? >> I would say, long story short, is to find security vulnerabilities in smart contracts and to build tooling around that. And to effectively build and find vulnerabilities in smart contracts. >> So they build it into their development process natively? >> Correct. >> Alright Hartej great to have you on and hey congratulations for putting on this event. I know we've talked about >> Awesome to be here. it in the past, it actually happened. It's the first inaugural one. >> We had this vision and I'm glad it came through. We had a great global events team. Gabriel Shepherd, and Ryan Shewchuk, and Brad Horspool, and Michelle Yon. And like they've put on conference's the size of Southwest by Southwest. And our vision is, look we're not in the events business. And we're a cyber security business at the end of the day. But we found it necessary that there has to be a conference where there's a platform for people to talk about cyber security intersecting with the blockchain industry. There's got to be a platform for someone to get on stage and say, "Hey here's lessons that "we learned from getting hacked" And if this industry is going to survive, this topic needs to survive. And the brands that want to affiliate themselves with blockchain security and that want to be apart of the discussion. This will be a go to conference every single year. We're going to keep doing it and I look forward to having you at every single one, coming. >> It's been great. And you know what's key is having reputable people working together in a community, building an open community, sharing data, sharing best practices, and having candid conversations. >> Yep, it's the only way to get someone as epic as Andreas Antonopoulos to your conference. I mean my co-founder and I have been looking up to Andreas for so long. Watching videos of Andreas. Watching videos of Max Keiser, Stacy Herbert. To have them here is really just truly remarkable and I'm grateful, I'm honored, I'm touched. I'm touched to have you here. I miss David Vellante, I wish he was here. >> He's in San Francisco, he says hi. He was going to fly in tonight but-- >> He texted me. >> He did, okay. >> Hartej it's great to see you. >> Great to see you >> Congratulations. as well. thank you. >> Great event. Okay we're here live with theCUBe coverage for HoshoCon 2018, the first inaugural security conference on blockchain. Industry leaders coming together. The brilliant, bright minds of the industry working out the solutions, trying to pedal faster. Better security, check it out HoshoCon.com. I'm John Furrier stay with us for more coverage after this short break. (techno music)