>> From the Hard Rock Hotel in Las Vegas, It's theCUBE, covering HoshoCon 2018. Brought to you by Hosho. >> Okay, welcome back everyone. We're here for CUBE's live coverage here in Las Vegas for HoshoCon. This is the first industry conference where the smartest people in security are together talking about blockchain security. That's all they're talking about here. It's a bridge between multiple diverse communities from developers, white hat hackers, technologist, the business people all kind of coming together. This is theCUBE's coverage, I'm John, for our next guest Anand Prakash, who's the founder for AppSecure. He's also the number one bounty hunter in the world. He's hacked everything you could think of; exchanges, crypto exchanges, Facebook, Twitter, Uber. Welcome to theCUBE, thanks for joining me. >> Uh, thank you John. >> So, you've hacked a lot of people, so let's, before we get started, who have you hacked? You've hacked an exchange. >> Yeah. >> Exchanges plural? >> Most of the exchanges. >> Mostly the exchanges? >> Yeah, ICOs. >> ICOs? >> Yeah, and bunch of other MNCs. >> Twitter, Facebook? >> Twitter, Uber, Facebook, and then Tinder. Yeah. >> A lot. >> Yeah, a lot. I cannot say the name. >> You're the number one bounty hunter. Just to clarify you're a white hat hacker, which means you go out and you do a service for companies. And it's well known that Facebook has put bounties out there. So, you take them up on their offer, or-- >> Yeah, so basically companies say us, hack us, and we'll pay you. So, we go and try to hack their systems, and say this is how we are able to discover a vulnerability, and this is how it can be exploited against your users to steal data, to hack your systems. And then they basically say, this is how much we are going to pay you for this exploit. How did you get into this, how did you get started? >> So, it started with a simple Phishing hack in 2008. It was an Orkut phishing hack, and one of my friend telling me to hack his Orkut account. And I Googled, how to hack Orkut account, and I wasn't having any technical knowledge at that point of time. No coding, no knowledge, nothing. I just Googled it and found ten steps, and I followed that ten steps. Created a fake page, I sent it to my friend, and he basically clicked on it, and there it is, username and password. (laughs) >> He fell for the trap >> Definitely, >> right away. >> Yeah. >> So, quick Google kiddie script kind of thing going on there, which is cool. Okay, now you're doing it full-time, and it's interesting here, this is the top security conference. Those are big names up there, Andreas was giving keynote. But I was fascinated by your two discussion panels, or sessions. Yesterday you talked about hacking an exchange, and today it was about how to hack Facebook, Twitter, these guys as part of the bounties. This is fascinating because everyone's getting hacked. I mean you see the numbers. >> Yeah. >> I mean, half a billion dollars, 60 million here, 10 million. So, people are vulnerable and it's pretty easy. So, first question for you is how easy is it these days and how hard is it to protect yourself? >> So, the attacks, the technologies, and then attacks are getting more sophisticated, and hackers are trying newer and newer exploits. So, it's good for companies and descryptpexion just to employ ethical hackers, white hat hackers, and moodapentas, and bunch of other stuff to secure their assets. So, it's, you wouldn't say for companies not doing security, then it's very easy for someone like us to hack their systems, but there were companies doing Golden Security. They are already have an internal security team, external folks securing their systems, then it's difficult. But, it's not that difficult. Let's talk about your talk yesterday about the exchange. Take us through what you talked about there that got some rave reviews. How did you attack the exchange? What did you learn? Take us through some of the exchanges you hacked and how, and why the outcome? >> Yeah, so, we have been auditing bunch of ISOs and exchanges from past two months, and quite a good number. So, what we see is most of them, don't have security, basic security text in place. So I can log into anyone's account. They have a password screen on the UA, but I can simply type it in without, without no indication or alteration, I can just log into anyone's account, and then I can get fund's out of their system. Very similar to, one issue which we found in talk in sale, was we were able to see PIA information of all the users. All the passwords details and everything, who has done KYC. So, there are lot of information disclosures in the API. And the main thing which we hackers do is we try to test this systems manually instead of going more into an automated kind of approach, running some scanner to figure out sets of hues. So, scanners are, sorry. Scanners are obviously good, but they're not that much good in finding out all the logical loopholes. >> So, you manually go in there, brute force, kind of thing? >> Yeah, not exactly, not that brute forcing, >> Not brute force. >> but of our own ways of doing things, and there are lot of good bounty hunters or white hat hackers, who are better than me and who are doing things. So, it becomes more and more sophisticated. We don't know when you get hacked. >> So, when the bounties are out there, does Facebook just say, hey, go to town? Or they give you specific guidance, so, you just, they say go at us? What do you do? >> Yeah, so basically the publicist sends some kind of legal documentation around it, and some kind of scoping on the top targets to hack. And then, they basically publish their reward size, and everything, and the policy and everything around. And then we just go through it. We try to hack it and then we report it to their team, via channel, and then they fix it, and then they come back to us saying, this is how we fixed it and this is what the impact was, and this is how much we're going to pay you. >> And then they just they pay you. >> Yeah, my yesterday's talk was mainly focused on hacking these ICOs, and descryptpexion in the past. Some of the case studies which we have done in the past, and obviously we can't disclose customer names, but we directed some of the information, and showed them how we helped them. >> What should ICO's learn, what should exchanges learn from your experience? What's the walkaway for them? Besides being focused on security. What specifically do you share? >> Yeah, so to be very frank, I know few of the companies and bunch of companies who don't appreciate white hat hackers at all. So, these are ICOs and crypexinges. So, the first and foremost thing they should do is, if they are not having any internal, external, if they are having any internal security team right now, then they should go further back down the program to make sure people like us, or people like other white hat hackers, go and hack their systems and tell them ethically. >> How does a bounty, how does someone set that up? >> So, uh-- >> Have you helped people do that? >> Yeah, so, our company does that. We help them setting up a bug bounty program from scratch, and we manage it by our typewriting platforms, and we invite private, and we do it privately, and we invite ethical hackers to hack into their systems ethically. And then we do have arguments with bunch of them, and that's how they're going to secure. >> So, how does that work, they call you up on the phone? Or they send you an email? They send you a telegram? How do they get in touch with, the website? They do face-to-face with you? They have to do it electronically? What's the process? >> For the bounty hunting? >> Yeah, for setting up a bounty program. >> Yeah, for setting up a bounty program with our company, we basically get on Skype call with them, we explain them what is going to be their budget and everything. How good their security team is, and if they are not having any internal security team, what I know, then we never suggest them going for the bounty program because they may end up paying huge amount of money. (John laughs) So, then we basically sell our pen testing services to them, and say, this is, you should go out for a pen testing service first, and then you should go for a bounty program. >> Because they could be paying way too much in bounties. >> Yeah, yeah. >> Yeah, 'cause they don't know what their exposure is. So, you do some advisory, consulting, get them set up, help them scale up their security practice basically. >> Yes, yes, yes. Their entire security team. >> So what was the questions at the sessions? What were some of the things the audience was asking you? Did any good questions come out that you were surprised by, or you expected? >> No, so, all of, so, for the very first talk, about the hacking the crypexion and all, all of them were surprised. They thought putting up a two-factor authentication, or something like that, makes their account secure. But it's not like that. (both laughing) We hack on the APIs. So, it's very, very, very super easy for us most of the time. >> So, the APIs are where the vulnerabilities are? >> Yeah. >> Mainly. >> The APIs, the URLs. >> Yeah. So, you guys use cloud computing at all? Do you use extra resource? I saw a bunch of stories out there about quantum computers, and that makes things better on the encryption side. What's your thoughts on all that, and hubbub? >> Yeah, so mainly we use anomaly intercepting proxy to intercept these calls, which are going on a straight to PS outputting, out of our own SSLP, 'cause the safety we get, and then trusting it. So, we try to plane to the APIs and them doing stuff. We don't need a big, high-end machine to hack into services. >> Gotcha, so you're dealing with them in the wire transmission. So, what do you, tell me about the conference here, what of some of the hallway conversations you've had? What's your observation? The folks that could not make it here, what's it like? What's the vibe like? What's it like here? >> So, they missed lot of things. (both laughing) And um, it was first Blockchain Security Conference, and I've been flying from all over doing the art, to just attend this conference. I was here one month back for Defcon and Black Hat, and for some other hacking event. >> So, you wanted to come here? >> Yeah. >> Yeah, I meet a lot of cool people here. I met so many great people. >> I planned it out even before Defcon Black Hat. (laughs) >> Okay, go 'head. >> I had to go to Hosho. (giggles) >> I think this is an important event 'cause I think it's like a new kind of black hat. Because it's a new culture, new architecture. Blockchain's super important, there's a lot of interest. And there's a lot of immature companies out there that are building fast, and they need to ramp up. And they're getting ICO money, which is like going public, so, it's like being grown-up before you're grown-up. And you got to get there faster. And I mean, that seems to be, do you agree with that? >> Um, yeah, definitely so. A lot of people love putting money into ICOs then what if they go tag, then people don't know about security that much, so, it's a big-- >> So, what are you excited about? Stepping back from the bounty hunter that you are, as you look at the tech industry, security, and blockchain in general, what are you most excited about? What are you working on? >> So, frankly saying, so, I'm looking forward to hack, articulately hack more and more exchanges, and uh, I believe none of them should die the legal tag, but, that's where most of the money is going to be in the future. So, that's the most interesting thing. Blockchain security is the most-- >> Yeah, that's where the money is. >> Yeah, yeah, yeah. >> The modern day bank robbery. It's happening. Global, modern, bank robbery. (Anand laughs) Andreas is right, by the way. (Anand giggles) He talked about that today. It's not like the old machine gun, give me the teller way. Give me your cash drawer, on, it's-- >> That was a very nice talk. >> It's other people from other banks with licenses. >> Yup. >> The new bank robbers. Well, thanks for coming on theCUBE, sharing your story, appreciate it. >> Thank you. >> Great to have you on. >> Thank you for inviting me. >> You're a real big celebrity in the space, and your work's awesome, and love the fact that you're ethically hacking. >> Yeah, by the way, I'm not the world's number one bounty hunter. I'm just-- >> Number two. >> Not number two, maybe, there are lot people out there. >> You're up there. >> I'm just learning and-- >> We could do a whole special or a Netflix series on the bounty hunting. >> Yeah, yeah. (laughs) >> And follow you around. (both laughing) And now, thanks for coming out, appreciate it. >> Thank you. >> Good to see you. >> Good to see-- >> All right. More CUBE coverage after this short break, stay with us. Here, live, in HoshoCon. First security conference around Blockchain. I'm John Furrier, thanks for watching. (upbeat techno music)

from the Hard Rock Hotel in Las Vegas it's the cube recovering no joke on 2018 brought to you by Osho okay welcome back everyone we're here live here at hosts show con in Las Vegas the first security conference for blockchain its inaugural event and we're here with Gabriel Shepherd VP of strategy at Global Strike for host show they're the hosts of the event although it's an industry conference for the entire community all coming together Gabriel thanks for coming on and spend the time yeah thanks for having me thanks for you know supporting the event and we appreciate your team coming out and covering what we're trying to build here well we think it's super important now so you guys are doing a great service for the industry and stepping up and put in the event together and so props to you guys thank you this is not a hosts show sales like conference you guys aren't selling anything you're doing the service for the community so props to you guys in the team great stuff and we know this is a kernel of all the smartest people and its really an industry event so it shows in the session so appreciate that yes we think it's important because you know we see a lot of trends the queue has a unique advantage in how we cover hundreds of events and yeah so we get to go we see a horizontal observation space from the industry and when you have formation like this with the community this is important you guys have up leveled the conversation focused the conversation around blockchain where security is the top-level conversation that's it no I feel pitches right so for the folks watch and this is really one of those events where it's not a huge number of people here like the thousands and thousands of other blockchain shows that make money off events this is about community and around getting the conversations and having substantive conversations so great job so for the folks watching the content agenda is super awesome host show con-com you go browse it but give us some color commentary on some of the types of speakers here the diversity yeah I think I think the first thing that we wanted to accomplish was with Hojo Khan was we we wanted to put front and center the conversations that were not taking place at other events there are plenty of platforms and opportunities for companies early-stage companies to go pitch there are other great conference organizers that do events and have their own wheelhouse but what we wanted to do was put together a conference that was focused around a type of conference that we ourselves would want to attend as a cybersecurity firm and you know after traveling the world I mean you know you you and artesia spoke many times and hosho has sponsored quite a few events around the world after attending by the end of 2018 will attended something like a hundred plus events in some capacity and so it was clear to us early on that companies weren't our conferences weren't going to focus on security or at least put them on the main stage where I believed that they should be at least with all the hacks happening so what we wanted to do was bring together thought leadership with respect to security technical leadership with respect to developers and security engineers and we wanted to bridge those two what I mean by that is we wanted thought leadership that could get executives to start the non-technical people so start thinking about security in the larger format and how it's applicable to their company but what we also wanted to do is we wanted to connect these non-technical people with the technical people in an intimate setting where they could learn think about the brain power that we have in this hotel for hosho Khan you've got the minds of Andre Assante innopolis Diego's LDR of RSK Michael berkland of shape-shift josub Kuan of hosho we've got Ron stone from c4 you've got an on Prakash a world-class white hat bug bounty hunter consider what he's top-5 bug bounty hunter for our top top bug bounty hunter for Facebook five years in a row the the level of the calibre of technical talent in this building has the potential to solve problems that Enterprise has been trying to solve individually for years but those conversations don't take place in earnest with the non-technical people and so the idea behind hoshikawa was to bridge those to provide education that's what we're doing things like workshops sure we have keynotes and panels but we also have the ability to teach non-technical people how to enable two-factor authentication how to set up PGP for your email how to set up your hardware wallet these things aren't these conversations are not the bridge is a clearly established we interview people from on the compliance side all the way down to custodial services which again the diversity is not a group think events just giving them more props here because I think you guys did a great job worthy of promotion because you not only bridge the communities together you're bringing people in cross functionally colonizing and the asset test for me is simple the groupthink event is when everyone's kind of rah rah each other I know this conditions we got Andre is saying hey if you put database substitute database for blockchain and it reads well it's not a real revolutionary thing and oh all you custodian services you're screwed I mean so you have perspectives on both side that's right and there's contentious conversation that's right and that to me proves it and as well as the sessions are highly attended or we don't want it we don't want a panel of everybody in agreeance because we know that's not reality i mean that you you bring up the issue of curse of custody a prime example is we had a great talk a four-person panel led by Joe Kelly who's the CEO of Unchained Capital he had a panel with traditional equities custodian Paul pooi from edge wallet Joseph Kwon is the CEO of hosho and there was clear differences of opinion with respect to custody and it got a little contentious but isn't that the point yeah it's to have these conversations in earnest and let's put them out in the public on what's right and what's wrong for the community and let the community to decide the best way forward that's the best is exactly what you want to do I gotta ask you what are the big surprises for you what have you learned what's the big reveal for you that you've super surprised you or are things you expected what were some of the things that went on here yeah I think the biggest surprise to me was the positive feedback that we received you know I understand that we know people maybe looked at how shock on year one and said hosho like they're a cybersecurity firm what are they doing running a conference right but my background is a you know I've produced conferences I have a former employee of South by Southwest I believe a big an experience and so when we started to put this together we thought we knew we would make mistakes and we certainly made mistakes with respect to programming and schedule and just things that we had didn't think about attention to detail but we had plans far in that the mistakes were mitigated that they weren't exposed to the public right there behind the scenes fires that kind like a wedding or a party but no one actually really notices sure we put them out behind the scenes nobody that the our guests don't notice and that was my biggest concern I'm pleasantly surprised at the positive feedback we've yet to get any negative feedback publicly on Twitter telegram anecdotally individually people now they made just being nice to my face but I feel good about what the response that we've got it's been good vibes here so I gotta ask you well sure the DJ's were great last night good experience yeah experience and knowledge and and networking has been a theme to correct I lost him the networking dynamics I saw a lot of people I had I had ran to some people I met for the first time we've had great outreach that with the queue was integrated in people very friendly talked about the networking and that's been going on here yeah I mean this panels are great I'd love to hear from from panels and solo presentations but a lot of work gets done in the hallways and we have a saying in the conference business hallway hustlers right the ones that are hustling in the hallways are those early stage entrepreneurs or trying to close deals trying to figure out how to get in front of the right person serendipitously are at the bar at the same time as somebody they want to meet that is to me conference 101 that is the stuff I grew up on and so we wanted to make sure that we were encouraging those interactions through traffic flow so you'll notice that they're strategically the content rooms are strategically placed so that when you're changing rooms people are forced to cross interact with each other because they're forced to bump into each other and if you look at the programming we purposefully to our demise to be honest year one put a lot of programming that was conflicted with each other we made people make a decision about what talk they wanted to go to because there were two really compelling people at the same time or 10 minutes off yeah and so you had to make a decision vote with your feet you got to vote with your feet and and and from a conference perspective we call that FOMO right we want our guests to FOMO not because we want them to miss a particular talk but because we want them to be so overwhelmed with content and opportunity with networking that they when they walk away they've had a good experience they're fulfilled but they they think I got to go back here too because that thing I missed I'm not gonna miss this yeah we will point out to you guys made a good call on film all the session everything so everything's gonna be online we'll help guys do that yep so the video is gonna be available for everyone to look on demand you also had some good broadcast here we had a couple shows the cubes been here your mobile mention the DJs yeah yeah so good stuff so okay hallway conversations our lobby con as we call it when people hang up a lot on it's always good hallway con so what Gabriel in your mind as you walked around what was some of the hallway culture that you overheard and and that you thought were interesting and what hall would cartridges were you personally involved in the personal conversations I was involved with is why isn't somebody not this station why someone not Gardens but I will tell you i from what I heard from from conference attendees the conversations that I heard taking place were and I hope Jonathan doesn't mind but Jonathan Nelson from hack fund spoke on our main stage and I hope he doesn't mind me speaking out of turn but he came to me said this is one of the best run blockchain conferences I've ever been to and to have somebody like Jonathan say that who has done hundreds of talks and thousands was really meaningful but but what was more important is to talk to him and him feel comfortable enough to sit down with me and just talk generally that's the vibe we want for every attendant we want you to feel comfortable meeting with people in the hallway who you've never met and be vulnerable from a security perspective you know Michael Turpin for example sitting down and talking proactively about being the AT&T hack great these are opportunities for people to really talk about what's happened and be vulnerable and have the opportunity to educate us all how to get better as an industry you know the other thing I want to get your thoughts on is obviously the program's been phenomenal in the content side thank you but community is really important to us we're of a community model to q you guys care about the community aspect of this and as a real event you want to have an ongoing year after year and hopefully it'll get bigger I think it will basically our results we're seeing talk about the community impact because what you're really talking about there is community that's right well I mean Vegas we talk about there's multiple communities right regionally post-show is a Vegas based company we're born here we close I think forty some employees all based here in Las Vegas which is our home so the first thing that we did with respect to community as we created a local local price if you're a Nevada resident we didn't want you to have to invest a significant amount of money to come to something in your own town the second thing we did is we've invited the local Vegas Bitcoin meet up in aetherium meet ups to come and partake and not only participate but contribute to the content and opening day in fact there was so much influx of people from those meetups it wasn't official it wasn't like a program where we had actually a VTEC set up I thought I was gonna be like a meet-up there were so many people that attended we had to on the fly provide AV because we were overwhelmed with the amount of people that showed up so that's a regional community but with respect to the community from blockchain community what we wanted to do is make sure we brought people of all ethnicities all countries we have 26 countries represented in the first blockchain security conference and you had some big-name celebrities here yeah Neil Kittleson Max Keiser you go mama Anan Prakash Yakov Prensky a layer from your side pop popcorn kochenko has some big names yeah I'll see andreas yes here keynoting yeah I'm Michel parkland andreas Diego Zaldivar I mean these lena katina Viren OVA I mean these are big names yeah these big names okay what so so what's your takeaway of you as you know my takeaway is that there's a there's a yearning for this type of event my takeaway is that we're doing something right we have the luxury as hosho and that we're not an events company people think that might be a disadvantage to run a confident you're not a cotton vent company I think it's an advantage yeah because it holds my feet to the fire yeah much closer than an event organiser who doesn't have a company reputation and brand to protect hosho as you know has a good brand in the cybersecurity world with respect to blockchain we don't have the luxury of throwing a poor event giving you a bad experience because that would tarnish house of but also your in the community so you're gonna have direct feedback that's right the other thing too I will say I'm gonna go to a lot of events and there are people who are in the business of doing events and they have a profit motive that's right so they'll know lanyards are all monetize everything is monetized yeah and that sometimes takes away from the community aspect correct and I think you guys did a good job of you know not being profligate on the events you want to yeah a little bit of cash but you didn't / yeah / focus on money-making finding people right for the cash you really needed about the content yeah and the experience for and with the community and I think that's a formula that people want yeah I would like to see the model I would like to see the model changed over time if I'm being honest a majority of crypto conferences today are paid to play so a lot of the content you're getting this sponsored so I'm okay with that but I think it should be delineated between con disclose your disclosure you don't want water down the country but but the conference circuit and crypto is not ready for that it hasn't rest in my opinion hasn't reached that level of maturation yet like I told you I I'm a former South by Southwest guy that like my belief is you create the content and the sponsors will come I don't I don't begrudge conference organizers for for for sponsoring out events because they're really really expensive a cost per attend to manage demand to this hype out there yeah hundreds of dollars per attendee I get it I understand why they do it but what I would like to see is the model change over time whereas as we get more sophisticated as a technology space we should also grow as a vent and conference circuit as well what I mean by that is let's change the model that eventually someday it's free for all attendees to come and those conferences and the costs associated with them are subsidized by companies that want access to the people that are tending them it sounds like an upstream open source project sure how open source became so popular you don't screw with the upstream yep but you have downstream opportunities so if you create a nice upstream model yep that's the cube philosophy as well we totally agree with you and I think you guys are onto something pioneering with the event I think you're motivated to do it the community needs it yeah I think that's ultimately the self governing aspect of it I think you're off to something really good co-creation yeah I'll see we believe in that and the results speak for themselves congratulations thank you so much I appreciate you guys coming here and investing your time and I hope that all our staff has been accommodated and the hard rock is treated you well you guys been great very friendly but I think again you know outside of you guys is a great company and great brand and you guys and speaks for itself and the results this is an important event I agreed because of the timing because of this focus its crypto its crypto revolution its cybersecurity and FinTech all kind of coming together through huge global demand I mean we haven't gotten into IOT and supply chain yeah all the hacks going on with China and these things being reported this is serious business is a lot on the line a lot and you guys having a clear focus on that is really a service business Thank You staff doing it alright our cube coverage here in Las Vegas for host Joe Kahn this is the first conference of its kind where security is front and center it is the conference for security and blockchain bringing the worlds together building the bridges and building the community bridges as well we love that that's our belief as well as the cube coverage here in Vegas tigress more after this short break

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HOSHO CON 2018. Brought to you by HOSHO. >> Hello everyone, welcome back to theCUBE special live coverage here in Las Vegas for the first ever, Blockchain Security Conference. Really discussing security as an industry, it's called HOSHO CON, put on by HOSHO. We're here with the Co-Founder and CEO of HOSHO and main supporters of sponsoring this project or event HOSHO CON. We have Yo Sub Kwon, who is the CEO and Co-Founder. Good to see you. >> Good to see you, good to be here. Hey thanks for putting this on. I've interviewed Hartej, your Co-founder, in Toronto the Futures conference. We've had many great conversations on theCUBE. But when we talked about HOSHO CON, this conference, he really wanted to do it as an industry conference. Not as just a HOSHO event. >> (Yo agrees) >> This is really key to you guys culture here at HOSHO your company. >> Yeah. >> Take a minute and explain the event. Why this event? Why the format? And that it is open? >> I mean basically, you know, like we've been to just so many events over the, like I think we've done like 80 events this year, and the topic of conversation is, you know, around investing, it's around ICO's, it's around all these things and security touches all of those and I just feel like, and we all felt it and like the other security companies felt it too, that it just wasn't a topic that was discussed in great enough depth especially given the increasing amounts of hacks and theft and all these problems that relate directly to security. And I just feel like it's really important for us as an industry to discuss, you know, what security practices are good? What should be done? How you should do them? What resources are available to companies to learn more about security? And what resources don't exist and need to be developed? And that needs to be done in a collaborative way. Well congratulations and props to you guys for really sponsoring this and taking the leadership role in the industry but again you guys are humble and it's a good way to do it. Is to have these conversations. So thank you for doing that, appreciate it and thanks for having theCUBE here. We really appreciate it. The question I want to ask you is: I've noticed a trend here, first of all a lot of smart people here, so it's like, it's not a massive, no IPO, ICO pitch competitions, this is really down and dirty security. >> Yeah. >> Okay, black hat, white hat but it's kind of a intercultural vibe it's the community. >> Yeah. >> Coming together. But also two kind of tracks are developing there's the crypto security and then there's cyber security threats coming up. Because you said it's touching on all these points. And you're hearing, even hearing a little bit of IOT and hardware, we had Rivetz on earlier the CEO Steven Sprague so a lot of different solutions and a lot of different opportunities, a lot of different vulnerabilities. Can you explain the landscape of how the players are here, where are they coming from? >> Okay, yeah. >> What's their backgrounds? >> Absolutely I mean there are definitely, a lot of brilliant minds here and that was one of the goals of HOSHO CON is to bring people that are of all different, you know, parts of the industry whether they're, they're layers or they're information security experts or they're, you now, regulators or they're it just, developers bring them all into the same room and to kind of discuss these problems that you know, plague all of us and you know a developer's going to have a much different perspective and solution than a lawyer and but those thing can work together and the problems might still be the same. And so we've been in the industry for just like, even though HOSHO's a young company, the people that are on our team, myself, I've been in, I got into Bitcoin eight years ago, like we just have this network of people that are in the industry, have seen the kind of like cyclic nature of, you know, like a gigantic influx of people come in, these problems arise where, you know, entrepreneurs are like really focused on like growing, getting traction and then they focus less on their security, it goes to the wayside and then these big hacks happen and then the industry kind of smartens up and everything you know starts getting a little bit closer to what seems you know maybe safe or like approachable for a growth trajectory and then another gigantic influx happens and then the same thing. And so what we really need to do is like when that next big influx happens is to have standards in place to have things that an entrepreneur can just turn to and be like: "Okay, this is what I need to do "if I want to be considered credible in this industry "and I want to protect my users and my investors." >> Can you talk about some of the top conversations that are going on here, because I think that's a great point? People want you know legitimacy, they want solutions that work, that are credible and then maintain kind of, I won't say enterprise grade, but commercial grade reliable so that people can focus on building up their companies and or preparing for the growth. What is some of the top conversations? >> A lot of it's just learning about what other people do, like even with like Rivetz, we're putting, they're using the trust executions based on like what's already on billions of devices and you know basically letting people know that that space exists on this hardware and that they can be used for all these different purposes to validate you know data going in. And, you know, there's been conversations around custody. I was on a panel earlier today about custody and basically the way I felt like it left off and the conclusion was that there is a long way to go on custody but it is incredibly crucial. Big institutional players that want to enter the markets and want to put their money into a regulated custodian they're, it's difficult to do so even with registered custodian's existing because the limitations that they have in understanding the technology and being able to provide support for all the different digital assets that exist. >> So we're reporting this morning the SEC herein the US has tightened the noose on the ICO-funded startups. I think the story originated out of Decrypt Media but essentially the SEC, Securities and Exchange Commission, is cracking down and they're going back and saying: "You got to refund some of that money." >> Yeah. >> Because of violations. That's one regulatory thing but there's also, there's software that writes these smart contracts. You guys are in that business. The software is software money, security is critical. How stable is this becoming in your mind? What's the to do items? How should a company who want's to either use the ICO process or and or use token economics to fuel their business model they got to be secure on the business front? >> Yeah. So basically smart contracts were so new when we first got in to it that people just didn't know how to develop securely in them and so there were just critical mistakes being made all over the place. We've seen over the last year a lot of improvement on that front, more libraries are being developed and people are writing consistently more secure contracts. But now what we're seeing is contracts are getting increasingly complex and with additional complexity, because it's software there's room for, you know more problems and I think that it's going to, it's going to be an interesting challenge going forward, there's thing like formal verification I think that has a huge place in the future regarding smart contracts but it's there's a lot of tools that need to be developed that's one of the things that we worked on and we're really excited about is Meadow Suite because that's software that let's you develop smart contracts. We built it intentionally with security analysis in mind and then we made it more full featured to become a development tool for writing smart contracts and developing a protocols. And so I think the more of those type of things that you see come out that bring it more to feature parity to what software developers are used to if they're say building a web application it makes it a lot easier to adhere to good practices and write secure code. >> And also kind a not have to do manual audits? >> Yeah. >> I mean at the end of the day you want to get to some sort of automation. >> Absolutely. >> Framework. >> I mean we've already automated a lot of the things that we do. But and there's still a lot left to do but we know that there is a lot left that can be automated and we hope that eventually the tools are just put into developers hands were they can do most of that work themselves. >> Yo Sub take your CEO hat off from HOSHO for a minute put your industry hat on. >> Okay. >> What are some of the names here that, and conversations, topics that you find interesting personally? >> Okay, I mean. >> (John laughs) >> A lot of people that we brought here are like our friends, we know them right? And so like I was talking to. >> Your kind of celebrities. >> I was talking with like TokenMarket earlier and like, you know, we're partners with them and they really, they're really great guys and like some of the stuff that they are trying to do and you know just listening to what other companies are trying to do with like security tokens that seem to be the thing that really moving forward. And I'm kind of fascinated like, we try to stay agnostic you know like when we're like looking at all these different technologies. But then like someone explains something to you and you're awe man that's really cool. >> Yeah. (both laughs) >> And there's some good minds here. What's the coolest thing you've seen so far? >> Well I've been locked in, I've been locked behind doors in a lot of meetings so far but the, let's see, I think what Unchained Capital is working on is really sweet. They basically, I mean like I think their business model makes a lot of sense. Like basically they hold your crypto's so you maintain exposure to it and then they'll issue you a loan. They can like turn around a loan like in 24 hous, you just hand then a bunch of Bitcoin and then they'll just give you cash and then you can you know you have that cash and then you still maintain exposure through crypto if you pay it all back you get your crypto back. (laughs) >> So it's collateralized crypto? >> Exactly I mean like that makes perfect sense to me. Like you know it's just like as long as you can liquidate that crypto and Bitcoin or Ethereum like those are big enough markets now where you can easily liquidate. Well that's awesome. Thanks for putting on this event and I want to get back to HOSHO. How's business going? You're the CEO, Commander in Chief, what's going on with the company? How's things going? >> Yeah. >> Quick update. >> Well everything's crazy right, like we're moving quickly and the next steps are Asia. We really want to basically penetrate those markets. Only, we don't have as much coverage there as we would like but having spent some time there earlier this year doing some reconnaissance it's a crazy, crazy space over there. There's a lot of action happening, there's a lot of adoption. People are really enthusiastic about it but security almost seems like six months to a year behind North America and Europe as far as what exchanges are requiring, what investors are demanding of their portfolio companies. And so I think that now that they've had such major hacks happen over the last six months they're starting to realize. >> Major hacks talking about 60 Million. I mean I heard numbers up to 300 plus million. >> Yeah. >> I mean these are it's not like five dollars out of your wallet. >> Yeah. >> This is massive. >> Like over a billion dollars has been stolen in some capacity and like it's been pretty crazy yeah, so. >> Where's the big vulnerability? Exchanges, is it the DApps, where's the holes? >> They're all over the place but the biggest numbers definitely come from exchanges. Exchanges just need to be far more responsible and just, I feel like a lot of it is just negligence. They're growing so quickly that they don't pay attention to, you know, putting resources into educating their staff on really simple security practices. You know things like phishing and social engineering, like things that were good security practices still are good security practices. And a lot of those attacks are not even anything like some new exploit of a new technology it's the same kind of thing of like phishing, social engineering, sims swapping, you know, poor user access control, bad passwords. >> I mean the basics. >> Yeah. >> But this is what growth does to you you've point earlier. As more people start feeling growth there's more exposure service area wise. >> Yeah. >> New dynamics are kicking in. >> Well I'm starting to see new exchanges that are popping up that are you know taking security very seriously and the way they're treating it is that is their differentiator but in my mind like security shouldn't be a differentiator. Everybody should. >> (John laughs) >> If you're an exchange and you're holding massive amounts of other people's assets you should take security very seriously. That should just be a default, a standard. >> You have to be differentiating strategy with security it's not, it doesn't make sense. >> Marketing 101 you shouldn't be different, it should be standard. (both laughs) >> I mean if that's the state of the art, this is the problem. This highlights the problem. >> It does yeah. >> Alright so what's, what's the future for this event? How do you guys see this unfolding? Obviously this is the first inaugural event here HOSHO CON, How do you see it evolving? >> I think a lot of conversations should hopefully spur from this and we want to make this a yearly event. So we're definitely going to take a lot of the feedback from people that attended and see what they want, what they really enjoyed, what they really want to talk about. And even I think, a lot, since we're recoding all of the talks we'll be putting them up online at some point and I think it'd be really good to see like what the transition is like next year from like, where we were in some of these problems and addressing those problems you know a year from now. Like I think that will be really exciting. >> You guys are expanding in Europe, HOSHO good job with that. Who's the kind of clientele that you guys have? Is it ICO's? Is it companies? It is enterprise? Who are your target customers? >> So we have a lot of companies that are ICO's for sure. We have more exchanges and protocols joining those ranks. And then we are trying to move into enterprise as well. We made a partnership with Telefónica and developed a partnership with them to be able to sell to more enterprise clients and what they need. >> And what's your value proposition that you guys are offering? >> We are, well, we do smart contract audits, we do penetration testing. Those are things that a lot of companies in this space need. And then also we've been helping with security architecture and cryptocurrency assessments. >> And tooling, tools for development. >> And tooling, yeah we're trying to do our part. I mean we can't and won't do it alone but we try to develop things that, if we develop anything that's useful from a security perspective, we try and make it available for everyone. >> Yo Sub thanks for coming on theCUBE, appreciate your time and congratulations, it's a great event. >> Thank you. >> HOSHO CON sponsored by HOSHO and other's in the industry, it's an industry event, it's not just their company, it's their friends all coming together to solve the major problems with security, making it standard, making it safe and supporting the growth with the community. It's theCUBE covering live here in Vegas. I'm John Furrier stay with us for more CUBE coverage after this short break. (upbeat electronic music)

>> Live, from Toronto Canada, it's the CUBE! Covering Blockchain Futurist Conference 2018. Brought to you by the CUBE. >> Hello everyone and welcome back. This is the CUBE's exclusive coverage here in Toronto for the Blockchain Futurist Conference, we're here all week. Yesterday we were at the Global Cloud and Blockchain Summit put on by DigitalBits and the community, here is the big show around thought leadership around the future of blockchain and where it's going. Certainly token economics is the hottest thing with blockchain, although the markets are down the market is not down when it comes to building things. I'm John Furrier with Dave Vellante, here with CUBE alumni and special guest Hartej Sawhney who is the founder of Hosho doing a lot of work on security space and they have a conference coming up that the CUBE will be broadcasting live at, HoshoCon this coming fall, it's in October I believe, welcome to the CUBE. >> Thank you so much for having me. >> Always great to see you man. >> What's the date of the event, real quick, what's the date on your event? >> It's October 9th to the 11th, Hard Rock Hotel & Casino, we rented out the entire property, we want everyone only to bump into the people that we're inviting and they're coming. And the focus is blockchain security. We attend over 130 conferences a year, and there's never enough conversation about blockchain security, so we figured, y'know, Defcon is still pure cybersecurity, Devcon from Ethereum is more for Ethereum developers only, and every other conference is more of a traditional blockchain conference with ICO pitch competitions. We figured we're not going to do that, and we're going to try to combine the worlds, a Defcon meets Devcon vibe, and have hackers welcome, have white hat hackers host a bug bounty, invite bright minds in the space like Max Keiser and Stacy Herbert, the founder of the Trezor wallet, RSA, y'know we've even invited everyone from our competitors to everyone in the media, to everyone that are leading the blockchain whole space. >> That's the way to run an event with community, congratulations. Mark your calendar we've got HoshoCon coming up in October. Hartej, I want to ask you, I know Dave wants to ask you your trip around the world kind of questions, but I want to get your take on something we're seeing emerging, and I know you've been talking about, I want to get your thoughts and reaction and vision on: we're starting to see the world, the losers go out of the market, and certainly prices are down on the coins, and the coins are a lot of tokens out there, >> Too many damn tokens! (laughing) >> The losers are the only ones who borrowed money to buy bitcoin. >> (laughs) Someone shorted bitcoin. >> That's it. >> But there's now an emphasis on builders and there's always been an entrepreneurial market here, alpha entrepreneurs are coming into the space you're starting to see engineers really building great stuff, there's an emphasis on builders, not just the quick hit ponies. >> Yep. >> So your thoughts on that trend. >> It's during the down-market that you can really focus on building real businesses that solve problems, that have some sort of foresight into how they're going to make real money with a product that's built and tested, and maybe even enterprise grade. And I also think that the future of fundraising is going to be security tokens, and we don't really have a viable security exchange available yet, but giving away actual equity in your business through a security token is something very exciting for sophisticated investors to participate in this future tokenized economy. >> But you're talking about real equity, not just percentage of coin. >> Yeah, y'know, actual equity in the business, but in the form of a security token. I think that's the future of fundraising to some extent. >> Is that a dual sort of vector, two vectors there, one is the value of the token itself and the equity that you get, right? >> Correct, I mean you're basically getting equity in the company, securitized in token form, and then maybe a platform like Securitize or Polymath, the security exchanges that are coming out, will list them. And so I think during the down-markets, when prices are down, again I said before the joke but it's also the truth: the only people losing in this market are the ones who borrowed to buy bitcoin. The people who believe in the technology remain to ignore the price more or less. And if you're focused on building a company this is the time to focus on building a real business. A lot of times in an up-market you think you see a business opportunity just because of the amount of money surely available to be thrown at any project, you can ICO just about any idea and get a couple a million dollars to work on it, not as easy during a down-market so you're starting to take a step back, and ask yourself questions like how do we hit $20,000 of monthly recurring revenue? And that shouldn't be such a crazy thing to ask. When you go to Silicon Valley, unless you're two-time exited, or went to Stanford, or you were an early employee at Facebook, you're not getting your first million dollar check for 15 or 20 percent of your business, even, until you make 20, 25K monthly recurring revenue. I say this on stage at a lot of my keynotes, and I feel like some people glaze their eyes over like, "obviously I know that", the majority are running an ICO where they are nowhere close to making 20K monthly recurring and when you say what's your project they go, "well, our latest traction is that we've closed about "1.5 million in our private pre-sale." That's not traction, you don't have a product built. You raised money. >> And that's a dotcom bubble dynamic where the milestone of fundraising was the traction and that really had nothing to do with building a viable business. And the benefit of blockchain is to do things differently, but achieve the same outcome, either more efficient or faster, in a new way, whether it's starting a company or achieving success. >> Yep, but at the same time, blockchain technology is relatively immature for some products to go, at least for the Fortune 500 today, for them to take a blockchain product out of R&D to the mainstream isn't going to happen right now. Right now the Fortune 500 is investing into blockchain tech but it's in R&D, and they're quickly training their employees to understand what is a smart contract?, who is Nick Szabo?, when did he come up with this word smart contracts? I was just privy to seeing some training information for multiple Fortune 500 companies training their employees on what are smart contracts. Stuff that we read four or five years ago from Nick Szabo's essays is now hitting what I would consider the mainstream, which is mid-level talent, VP-level talent at Fortune 500 companies, who know that this is the next wave. And so when we're thinking about fundraising it's the companies who raise enough money are going to be able to survive the storm, right? In this down-market, if you raised enough money in your ICO, for this vision that you have that's going to be revolutionary, a lot of times I read an ICO's white paper and all I can think is well I hope this happens, because if it does that's crazy. But the question is, did they raise enough money to survive? So that's kind of another reason why people are raising more money than they need. Do people need $100 million to do the project? I don't know. >> It's an arm's race. >> But they need to last 10 years to make this vision come true. >> Hey, so, I want to ask you about your whirlwind tour. And I want to ask in the context of something we've talked about before. You've mentioned on the CUBE that Solidity, very complex, there's a lot of bugs and a lot of security flaws as a result in some of the code. A lot of the code. You're seeing people now try to develop tooling to open up blockchain development to Java programmers, for example, which probably exacerbates the problem. So, in that context, what are you seeing around the world, what are you seeing in terms of the awareness of that problem, and how are you helping solve it? >> So, starting with Fortune 500 companies, they have floors on floors around the world full of Java engineers. Full Stack Engineers who, of course, know Java, they know C#, and they're prepared to build in this language. And so this is why I think IBM's Hyperledger went in that direction. This is why even some people have taken the Ethereum virtual machine and tried to completely rebuild it and rewrite it into functional programming languages like Clojure and Scala. Just so it's more accessible and you can do more with the functional programming language. Very few lines of code are equivalent to hundreds of lines of code in linear languages, and in functional programming languages things are concurrent and linear and you're able to build large-scale enterprise-grade solutions with very small lines of code. So I'm personally excited, I think, about seeing different types of blockchains cater more towards Fortune 500 companies being able to take advantage, right off the bat, of rooms full of Java engineers. The turn to teaching of Solidity, it's been difficult, at least from the cybersecurity perspective we're not looking for someone who's a software engineer who can teach themselves Solidity really fast. We're looking for a cybersecurity, QA-minded, quality-assurance mindset, someone who has an OPSEC mindset to learn Solidity and then audit code with the cybersecurity mindset. And we've found that to be easier than an engineer who knows Java to learn Solidity. Education is hard, we have a global shortage of qualified engineers in this space. >> So cybersecurity is a good cross-over bridge to Solidity. Skills matters. >> If you're in cybersecurity and you're a full sec engineer you can learn just about any language like anyone else. >> The key is to start at the core. >> The key is to have a QA mindset, to have the mindset of actually doing quality assurance, on code and finding vulnerabilities. >> Not as an afterthought, but as a fundamental component of the development process. >> I could be a good engineer and make an app like Angry Birds, upload it, and even before uploading it I'll get it audited by some third party professional, and once it's uploaded I can fix the bugs as we go and release another version. Most smart contracts that have money behind them are written to be irreversible. So if they get hacked, money gets stolen. >> Yeah, that's real. >> And so the mindset is shifting because of this space. >> Alright, so on your tour, paint a picture, what did you see? >> First of all, how many cities, how long? Give us the stats. >> I just did about 80 days and I hit 10 countries. Most of it was between Europe and Asia. I'll start with saying that, right now, there's a race amongst smaller nations, like Malta, Bermuda, Belarus, Panama, the island nations, where they're racing to say that "we have clarity on regulation when it comes to "the blockchain cryptocurrency industries," and this is a big deal, I'd say, mainly for cryptocurrency exchanges, that are fleeing and navigating global regulation. Like in India, Unocoin's bank has been shutdown by the RBI. And they're going up against the RBI and the central government of India because, as an exchange, their banks have been shut down. And they're being forced to navigate waters and unique waves around the world globally. You have people like the world's biggest exchange, at least by volume today is Binance. Binance has relocated 100 people to the island of Malta. For a small island nation that's still technically a part of the European Union, they've made significant progress on bringing clarity on what is legal and what is not, eventually they're saying they want to have a crypto-bank, they want to help you go from IPO to ICO from the Maltese stock exchange. Similarly also Gibraltar, and there's a law firm out there, Hassans, which is like the best law firm in Gibraltar, and they have really led the way on helping the regulators in Gibraltar bring clarity. Both Gibraltar and Malta, what's similar between them is they've been home to online gambling companies. So a lot of online casinos have been in both of their markets. >> They understand. >> They've been very innovative, in many different ways. And so even conversations with the regulators in both Malta and Gibraltar, you can hear their maturity, they understand what a smart contract is. They understand how important it is to have a smart contract audited. They already understand that every exchange in their jurisdiction has to go through regular penetration testing. That if this exchange changes its code that the code opens it up to vulnerabilities, and is the exchange going through penetration testing? So the smaller nations are moving fast. >> But they're operationalizing it faster, and it's the opportunity for them is the upside. >> My only fear is that they're still small nations, and maybe not what they want to hear but it's the truth. Operating in larger nations like the United States, Canada, Germany, even Japan, Korea, we need to see clarity in much larger nations and I think that's something that's exciting that's going to happen possibly after we have the blueprint laid out by places like Malta and Gibraltar and Bermuda. >> And what's the Wild West look like, or Wild East if you will in Asia, a lot of activity, it's a free-for-all, but there's so much energy both on the money-making side and on the capital formation side and the entrepreneurial side. Lay that out, what's that look like? >> By far the most exciting thing in Asia was Korea, Seoul, out of all the Asian tiger countries today, in August 2018, Seoul, Korea has a lot of blockchain action going on right now. It feels like you're in the future, there's actually physical buildings that say Blockchain Academy, and Blockchain Building and Bitcoin Labs, you feel like you're in 2028! (laughs) And today it's 2018. You have a lot of syndication going on, some of it illegal, it's illegal if you give a guarantee to the investor you're going to see some sort of return, as a guarantee. It's not illegal if you're putting together accredited investors who are willing to do KYC and AML and be interested in investing a couple of hundred ETH in a project. So, I would say today a lot of ICOs are flocking to Korea to do a quick fundraising round because a lot of successful syndication is happening there. Second to Korea, I would say, is a battle between Singapore and Hong Kong. They're both very interesting, It's the one place where you can find people who speak English, but also all four of the languages of the tiger nations: Japanese, Mandarin, Cantonese, Korean, all in one place in Hong Kong and Singapore. But Singapore, you still can't get a bank account as an ICO. So they're bringing clarity on regulation and saying you can come here and you can get a lawyer and you can incorporate, but an ICO still has trouble getting a bank account. Hong Kong is simply closer in proximity to China, and China has a lot of ICOs that cannot raise money from Chinese citizens. So they can raise from anybody that's not Chinese, and they don't even have a white paper, a website, or even anybody in-house that can speak English. So they're lacking English materials, English websites, and people in their company that can communicate with the rest of the world in other languages other than Mandarin or Cantonese. And that's a problem that can be solved and bridges need to be built. People are looking in China for people to build that bridge, there's a lot of action going on in Hong Kong for that reason since even though technically it's a part of China it's still not a part of China, it's a tricky gray line. >> Right, in Japan a lot going on but it's still, it's Japan, it's kind of insulated. >> The Japanese government hasn't provided clarity on regulation yet. Just like in India we're waiting for September 11th for some clarity on regulation, same way in Japan, I don't know the exact date but we don't have enough clarity on regulation. I'm seeing good projects pop up in Korea, we're even doing some audits for some projects out of Japan, but we see them at other conferences outside of Japan as well. Coming up in Singapore is consensus, I'm hoping that Singapore will turn into a better place for quality conferences, but I'm not seeing a lot of quality action out of Singapore itself. Y'know, who's based in Singapore? Lots of family funds, lots of new exchanges, lots of big crypto advisory funds have offices there, but core ICOs, there was still a higher number of them in Korea, even in Japan, even. I'm not sure about the comparison between Japan and Singapore, but there is definitely a lot more in Korea. >> What about Switzerland, do you have any visibility there? Did you visit Switzerland? >> I was Zug, I was in Crypto Valley, visited Crypto Valley labs... >> What feels best for you? >> I don't know, Mother Earth! (laughs) >> All of the above. >> The point of bitcoin is for us to start being able to treat this earth as one, and as you navigate through the crypto circuit one thing as that is becoming more visible is the power of China partnering up with the Middle East and building a One Belt, One Road initiative. I feel like One Belt, One Road ties right into the future of crypto, and it's opening up the power of markets like the Philippines, Thailand, Malaysia, Singapore. >> What Gabriel's doing in the Caribbean with Barbados. >> Gabriel from Bit, yeah. >> Yeah, Bit, he's bringing them all together. >> Yeah, I mean the island nations are open arms to companies, and I think they will attract a lot of American companies for sure. >> So you're seeing certainly more, in some pockets, more advanced regulatory climates, outside of the United States, and the talent pool is substantial. >> So then, when it comes to talent pools, I believe it was in global commits for the language of Python, China is just on the verge of surpassing the United States, and there's a lot of just global breakthroughs happening, there's a large number of Full Stack engineers at a very high level in countries like China, India, Ukraine. These are three countries that I think are outliers in that a Full Stack Engineer, at the highest level in a country like India or Ukraine for example, would cost a company between $2,000 to $5,000 a month, to employ full time, in a country where they likely won't take stock to work for your company. >> Fifteen years ago those countries were outsource, "hey, outsource some cheap labor," no, now they're product teams or engineers, they're really building value. >> They're building their own things, in-house. >> And the power of new markets are opening up as you said, this is huge, huge. OK, Hartej, thanks so much for coming on, I know you got to go, you got your event October 9th to 11th in Las Vegas, Blockchain Security Conference. >> The CUBE will be there. >> I look forward to having you there. >> You guys are the leader in Blockchain security, congratulations, hosho.io, check it out. Hosho.io, October 9th, mark your calendars. The CUBE, we are live here in Toronto, for the Blockchain Futurist Conference, with our good friend, CUBE alumni Hartej. I'm John Furrier, Dave Vellante, be right back with more live coverage from the Untraceable event here in Toronto, after this short break.