live from Las Vegas it's the cube covering IBM think 2018 brought to you by IBM hello everyone welcome back to the cube coverage here at IBM think 2018 in Las Vegas Nevada the Mandalay Bay it's a cubes exclusive covers three days of wall-to-wall interviews thought leaders experts entrepreneurs people making an impact and our next guest artists ani who's the co-founder of hosh io h OS h o de Ojo kayo advisor at the pink sky capital he's a cube alumni a walk in off the streets cuz he lives in Las Vegas but very instrumentals are connected to this community because of his pioneering work in in crypto blockchain and the future of money architects great to see you thanks for coming by thank you for having me it's good to be back on the cube great second time and second time yeah only couple we just saw each other the Bahamas the first security token conference yeah I bike on I I be on IBM's really big on supply chain this is their visitor old school you know generations of providing software for businesses b2b and now blockchains their big thing but blockchains yeah pretty straightforward yeah you know you get efficiencies but they're not talking about token economics because they talk about something execs here they're like well that implies the general public in their world thinks cryptocurrency they think Bitcoin so I want to connect the networks together our network IBM's network your network because the melting pot of this trend is really about blockchain cryptocurrency in the sense of the value around tokens and how tokens can be harnessed to capture the values I want to get your perspective as these worlds collide so I think that IBM is doing a great job by spearheading a blockchain movement and they're very they're focusing on the fortune 500 and the key with Fortune 500 companies right now is that they have rooms full of Java developers Java engineers and aetherium is the protocol right now that is most commonly found the majority of icos and token generation events that have occurred to date have all been on etherium x' network and etherium is the most and they found in blockchain however the etherium blockchain the language to build and launch token generation events on aetherium you have to write in a language called solidity and solidity is a new language and iBM has made a smart move by doing everything in Java and JavaScript similar to a lot of the new block chains that are aiming to compete with aetherium and the key distinction just to kind of put it out there when I get your reaction to and get some commentary around is IBM is not competing with public block chains they're looking at a in a different way they're saying hey you know you can have I guess private blockchains I mean it's not a really a dirty word they because they have a different use case correct I think it's very important especially when it comes to things like healthcare you look at the health care industry healthcare records will not be going on public block chains and so the hyper ledger fabric framework may make sense for things that need to be HIPAA compliant for example so reliability is key so what's their jannat like say hashed crafts got a lot of traction in their performance and their speed they got time stamps that's not a native blockchain yet that's kind of getting some traction IBM's got something similar for those markets that require the reliability the performance and the security so help the audience understand IBM's moves here because IBM's conservative so they don't really want to throw the word cryptocurrency out there because it might be misunderstood but this is gonna end up in token economics how are you explaining what the moves ibm's making to the average person that might not know the inside nuances in baseball for say the crypto market I think what's interesting is that iBM has a more mature focus on this space and you know they have direct ties historically to the fortune 500 companies the way others do not and so they've taken a much more sophisticated and a much much more conservative approach you don't see IBM throwing around the word cryptocurrency and that's a smart move because it's about the cryptography that secures block chains in a decentralized ecosystem and it's that the discussion of just tokens and token sales and leveraging tokens as a currency it's a premature time in this entire industry to be having that discussion so although it's going on it's a distraction for IBM you saying yeah because we but it's more interesting for smart contracts to be written that our functional smart contracts that for the first time ever white collared middlemen are being cut out of the picture in a new trustless decentralized ecosystem so talk about where IBM could take this with token economists obviously do you think that it's all leads to some sort of tokenization is that gonna be where the value capture is gonna be how does IBM get there in your mind I think they get there by having fortune 500 companies launch legitimate decentralized applications on their blockchain and that's just what Java JavaScript it's because most fortune 500 companies already have a plethora of Engineers globally that they can simply have start working on IBM's blockchain whereas you don't see that as a risk for IBM no that's that's IBM's advantage because today if the fortune 500 companies aren't building on aetherium whose blockchain mainly because of the learning curve it takes for a current full stack engineer to become a solidity engineer what's the etherium future now obviously they have they're working on lightning seeing some things going on that area the Lightning is Bitcoin is plasma yeah plasma sorry I got them confused so they got to go through the work this and some real work that's got to get done the theory of childs a big developer community the biggest the biggest so do those merge with the IBM communities downstream at some point or is it okay to be separate and does it matter I think they'll remain separate and in this case I I highly doubt that a theory IBM hyper ledger will go down the route that route stock has gone root stock essentially is the etherium virtual machine sidechain to the Bitcoin blockchain enabling smart contracts on the Bitcoin blockchain for the first time and rootstock is a very interesting project however IBM is its own ecosystem and the way in which they're catering to the fortune 500 is extremely intriguing and from Hojo's perspective we want to be auditing smart contracts that are functional that are written by more sophisticated players in the industry centralized ecosystem our main focus is just security auditing and there's gonna be a lot more smart contracts written by more sophisticated players on IBM's blockchain then possibly the other ones right now we have we have not seen a plethora of Fortune 500 companies by any means launching smart contracts on the theorems blockchain and blue chips banks or whatever as they try to disrupt themselves need to get us to partner governments okay so how about for a minute I just take a second to talk about your business I know we covered this at polycon and the Bahamas but for the sake of the context to IBM yeah talk about what you guys are doing we're specifically in the marketplace of partners would you sit if you were parting with IBM and and your role that you could possibly take with IBM so to take a step back quick host show the word itself hosho and means security in japanese and we started this company eight months ago my co-founder yo Kwon and I and our laser focus is blockchain security and being the global leader within the blockchain security space so as far as we see there's new blockchains being made new protocol tokens being launched as well as new tokens being launched as well as do smart contracts being written that are functional for the entire business and no matter what blockchain a smart contract is written on that smart contract is code that has been written and that code has to be audited by a professional third party and we are that professional third party that there's a line-by-line code review of the smart contract and finds all security vulnerabilities and we've been building proprietary tooling to find vulnerabilities faster and faster and faster we do a gas analysis to make sure that that blockchain is not being clogged we conduct the static analysis to find any hidden functionality within the framework of the smart contract and the last part which is very crucial is that yeah very uniquely qualified full stack engineer with a unique QA mindset and a security background who knows the language in which this is coded which currently most projects that were auditing our aetherium ERC 20 tokens written in solidity someone has to marry the source of truth which in the case of an ICO is a white paper and marry the white paper to the smart contract and make sure is the smart contract doing what the white paper says codify the white paper basically this process of auditing is gonna be ever more crucial within the the business that IBM does with Fortune 500 businesses because when a publicly traded company launches a smart contract for a decentralized application security is the highest priority and abilities is where the hackers could come in just be on a time to market getting those smart contract codes written it was fully baked it's irreversible once the smart contract is launched and millions of dollars are gonna go through this smart contract it's been regular practice in the cybersecurity world to type up code and to have it reviewed by a third party auditor we're simply applying the exact same logic to the blockchain space and it's exciting to see more blockchains by sophisticated players like IBM come to fruition and we're looking forward to actual projects from big players around the world launch on IBM's blockchain and hosho is looking to be a preferred partner of IBM's to do all their security work whether it's smart contract auditing or penetration testing and real quick on penetration testing that's our other core service that we provide and penetration testing is both for websites and for crypto currency exchanges in which we're making sure there's no security vulnerabilities within your website and finding every way possible to penetrate your website or your exchange and every time code is changed you open up the doors to more vulnerabilities and so in the crypto currency exchange space right now we're seeing that new exchanges are being made but sophisticated investors don't know if this is a safe place to trade hundreds of millions of dollars or not yeah and so when you got commerce being John I mean IBM as folk as you mentioned is legit and they're doing a great job by the way props to IBM for doing what they're doing they've been in for multiple years now and they're supporting the Apache project they're putting their their weight behind it but these are real-world examples granted supply chain might be boring to some audiences but not to others I mean you're moving real product around this is commerce with digital fingerprints and code and potentially tokens that's a highly gonna accelerate the payment process I mean the notion of clearing goes away it's instant yes this is a highly accelerated money transfer value capture value Tran for environment you can't take me chances yes and security is primal concern and we're excited that companies like IBM value security and this space is one that the dust has yet to settle and what's gonna help the dust settle within the blockchain ecosystem is more priority on security so what's your take if you are gonna give a talk here we're doing talking here in the cube so it's awesome it's gonna be alive and on-demand as well your advice to people saying you know we got a tokenizer our business I need to start with blockchain I can see some areas to create some efficiencies around some inefficient processes and create new business models I got to get started your thoughts my thoughts are take a step back and first evaluate do you have a business what problem are you solving once your business is actually generating some revenue and you've evaluated why the concept of a blockchain could be interesting for your business then pick a blockchain and stick to it and then when you start building on that block chain you've figured out that a token could actually be leveraged within this decentralized application that you're building then you can start figuring out what the token economics of it would actually be I think what people are doing nowadays is rushing to create a token because of their excitement about the fundraising mechanism that an ICO is and an ICO is democratizing to some extent at least global capital raising and I think that fundraising mechanism is not going anywhere that that fundraising mechanism is here to stay however the majority of ICO projects that we're seeing occurring today I don't think these companies will be around in the next couple of years which shows how immature to some extent the industry actually is whereas maybe the projects that are built and launched on IBM's block chains that they develop maybe they're more sophisticated and will be companies that have gone through a more rigorous process of making sure security was a primary concern and they wrote quality code for quality businesses that are actually leveraging decentralization in the appropriate way not the other way around of we want to raise capital so let's invent a reason to have a token or you have a big case right now in Silicon Valley at least is you have companies that are very serious a and B and decided let's do an icy overseer you see and that that's tricky it's not always the right solution when you're saying is don't confuse the ico crazy fundraising arbitrage and new new model to applying supply chain tokens and blockchain to a durable business agreed and on the same token we have people in the space whether they're investors they're lawyers PR firms exchanges they all need to mitigate their risk by keeping security as a concern for them both in-house and for the companies that they're working with yeah lawyers don't want to be doing lawyer work for a company that will turn out to be a scam coin and someone has to do a security audit of that token the same goes for a PR firm a marketer and in exchange exchanges should not be listing tokens that have not gone through a smart contract audit well it's good to know we got a cube alumni here in the cube to help us with our security audit yeah well the answers the life were in a cube interview so do we got one right here I want to just get into in topic you and I were talking of dinner the other night when we had we saw each other a few nights ago about the problem of picks and shovels and tools and maturity in this new emerging area can you um can you just take a minute to explain what that we were talking about there and I thought you had a good point I mean maturity of the space is not mature it's growing it's embryonic but moving fast and there's need for tools let's unpack that just share your thoughts vision so I think that a lot of people have been more excited to join in an IC o---- a token generation event and do more quick money grabs but to me what's more exciting is the infrastructure that's needed for this industry to actually grow and mature an infrastructure is infamously known as picks and shovels because when the gold rush happened the people who made the real money or the people selling the shovels to the gold diggers and what's included in that is businesses like our own hosho which is selling security audits of smart contracts doing penetration testing bringing maturity and making making things less risky for for everybody in this space so we start we see ourselves as selling picks and shovels on the other hand I'll give you an example Goldman Sachs has a trading desk today it's not 24/7 stock market Oh at 9:00 closes at 5:00 what happens tomorrow when a 24/7 crypto currency trading desk is turned on at Goldman Sachs do the traders that are now 24/7 have the appropriate tools and the governance built into software to manage a team of 24/7 traders at Goldman Sachs today when you have traders trading in the stock market they have a plethora of tools that make them snipers and you have certified market technicians telling hedge funds that this isn't gonna go up two points here in three points they're reading candlesticks in the cryptocurrency space it's like poking a stick you go from being a sniper to having a stick find by Wars like a blind man so companies there's a dozen companies that can be made building the infrastructure for just what I just said the governance with four trading floors this is a really good point and I wanted to bring it up because in these emerging markets these white spaces for tools and technology to help the overall trend grow faster has always been a successful man however you mentioned something about the goldman sachs trading this and that is it literally could be turned down overnight right so that's the problem you can accelerate things too fast and not be prepared that seems Oldman honest I'd know Goldman's done a great job at being very much forward-thinking they've been at every money 20/20 since the beginning of that FinTech conference and they're definitely in this pickle this exercise the analogy is a company can turn on a new model fairly quickly faster than the old days which we're taking months and then now you can do it really on a much shorter timeframe that means they potentially could be exposed if they go too fast yeah this is where the ecosystem has to help yeah I think the bulge bracket banks are treading the water very carefully JPMorgan is doing things they're involved with aetherium Z cash - JPMorgan has a lot going on on this front but these are publicly traded monster banks they're not going to take any risks these are they have a they have stockholders to to answer to they have the US government we have over 150 regulatory arms just regulating the finance industry in the United States and so I think it the American citizen citizen is quick to point fingers to bulge bracket banks and those banks are answering to too many regulatory arms this is one of the downsides of the United States right now in general is the increasingly coercive environment of the government ybm certainly got the blue chip company got the the fortune 500 but they also have a marketplace and that's where they could really kind of change the game feeling in those white spaces yeah IBM's marketplace sounds very exciting and my mind just goes to who's handling the security for everything to do with IBM blockchain we're hoping at Osho arch edge thanks for joining us thanks for sharing your your insight here in the queue with an IBM think conference breaking down all the top news that's really around blockchain at AI would date at the sin of the value proposition all being disrupted by new decentralized technologies blockchain being the beginning and a lot more is happening and certainly we're in and bring it to you on the cube no matter where it is will be there I'm John furrow here and Las Vegas for IBM think coverage we'll be back with more coverage after this short break [Music]

>> Narrator: Live from Nassau in the Bahamas. It's The Cube! Covering PolyCon 18. Brought to you by PolyMath. >> Welcome back everyone, we're live here in the Bahamas with The Cube's exclusive coverage of PolyCon 18, I'm John Furrier with my co-host Dave Vellante, both co-founders of SiliconANGLE. We start our coverage of the crypto-currency ICO, blockchain, decentralized world internet that it is becoming. It's the beginning of our tour, 2018. Our next guest is Hartej Sawhney who's the advisor at Pink Sky Capital, but also the co-founder of Hosho.io. Welcome to The Cube. >> Thank you so much. >> Hey thanks for coming on. Thanks for coming on. >> Thanks guys. >> We had a great chat last night, and you do some real good work. You're one of the smartest guys in the business. Got a great reputation. A lot of good stuff going on. So, take a minute to talk about who you are, what you're working on, what you're doing, and the projects you're involved in. >> So first of all, thank you so much for having me, it's really exciting to see the progress of high-quality content being created in the space. So my name is Hartej Sawhney. We have a team based in Las Vegas. I've been based in Las Vegas for about five years. But I was born and raised in central New Jersey, in Princeton. And my co-founder is Yo Sup Quan. We started this company about seven months ago and my co-founder's background was he's the co-founder of Coin Sighter in Exchange out of New York, which exited to Kraken. After that he started Launch Key which exited to Iovation. And prior to this company, my previous company was Zuldi, Z-U-L-D-I .com where we had a mobile point of sale system specifically for high volume food and beverage companies and businesses. So we were focused on Fintech and mobile point of sale and payment processing. So both of us have a unique background in both Fintech and cyber-security and my co-founder Yo, he's a managing partner of a crypto hedge fund named Pink Sky Capital. And he was doing diligence for Pink Sky, and he realized that the quality of the smart contracts he was seeing for deals that he wanted to participate as an investor in, and I'm an advisor in that hedge fund, we both realized that essentially the quality of these smart contracts is extremely low. And that there was nobody in this space that we saw laser focused on just blockchain security. And all the solutions that would be entailed in there. And so we began focusing on just auditing smart contracts, doing a line-by-line code review of each smart contract that's written, conducting a GAS analysis, and conducting a static analysis, making sure that the smart contract does what the white paper says, and then putting a seal of approval on that smart contract to mitigate risk. So that the code has not been changed once we've done an analysis of it, that there's no security vulnerabilities in this code, and that we can mitigate the risks for exchanges and for investors that someone has done a thorough code analysis of this. That there's no chance that this is going to be hacked, that money won't be stolen, money won't be lost, and that there's no chance of a security vulnerability on this. And we put our company's name and reputation on this. >> And what was the problem that is the alternative to that? Was there just poorly written code? Was it updated code? Was it gas was too expensive? They were doing off-chain transactions. I mean what are some of the dynamics that lead you guys down this path? I mean this makes sense. You're kind of underwriting the code, or you're ensuring it or I don't know what you call it, but essentially verifying it. What was the problem? And what were some of the use cases of problems? >> I would say that the underlying problem today in this whole industry, of the blockchain space, is that the most commonly found blockchain is Ethereum. The language behind Ethereum is called Solidity. Solidity is a brand new software language that very few people in the world are sufficient programmers in Solidity. On top of that, Solidity is updated, as a language on a weekly basis. So there are a very limited number of engineers in the world who are full-stack engineers, that have studied and understand Solidity, that have a security background, and have a QA mindset. Everything that I just said does exist on this Earth today and if it does, there's a chance that that person has made too much money to want to get out of bed. Because Ethereum's price has gone up. So the quality of smart contracts that we're seeing being written by even development shops, the developers building them are actually not full-stack engineers, they're web developers who have learned the language Solidity and so thus we believe that the quality of the code has been significantly low. We're finding lots of critical vulnerabilities. In fact, 100% of the time that Hosho has audited code for a smart contract, we have found at least a couple of vulnerabilities. Even as a second or the third auditor after other companies conduct an audit, we always find a vulnerability. >> And is it correct that Solidity is much more easy to work with than say, Bitcoin scripting language, so you can do a lot more with it, so you're getting a lot more, I don't want to say rogue code, but maybe that's what it is. Is that right? Is that the nature of the theory? >> Compared to Bitcoin script, yes. But compared to JavaScript, no. Because Fortune 500 companies have rooms full of Java engineers, Java developers. And now the newer blockchains are being written, are being written on in block JavaScript, right? So you have IBM's Hyperledger program, you have EOS, you have ICX, Cardano, Stellar, Waves, Neo, there's so many new projects that are coming, that all of them are flexing about the same thing. Including Rootstock, RSK. RSK is a project where they're allowing smart contracts to be tied to the Bitcoin blockchain for the first time ever. Right, so Fortune 500 companies may take advantage of the fact that they have Java developers to take advantage of already, that already work for them, who could easily write to a new blockchain, and possibly these new blockchains are more enterprise grade and able to take more institutional capital. But only time will tell. And us as the auditor, we want to see more code from these newer blockchains, and we want to see more developers actually put in commits. Because it's what matters the most, is where are the developers putting in commits and right now maximum developers are on the Ethereum blockchain. >> Is that, the numbers I mean. Just take a step there. So the theory of blockchain. Percentage of developers vis-a-vis other platforms percentages-- >> By far the most is on developed on Ethereum. >> And in terms of code, obviously the efficiencies that are not yet realized, 'cause there's not enough cycles of coding going on, it's evolution, right? >> Yes. >> Seems to be the problem, wouldn't you say? So a combination of full-stack developer requirements, >> Yes. >> To people who aren't proficient in all levels of the stack. >> Yes. >> Just are inefficient in the coding. It's not a ding on the developers, it's just they're writing code and they miss something, right? Or maybe they're not sufficient in the language-- >> It's a new language. The functions are being updated on a weekly basis, so sometimes you copied and pasted a part of another contract, that came from a very sophisticated project, so they'll say to us, well we copied and pasted this portion from EOS, so it should be great. But what that's leading to is either A, they're using a function that's now outdated, or B, by copying and pasting someone else's code from their smart contract, this smart contract is no longer doing what you intended it to do. >> So now Hartej, how much of your capability is human versus machine? >> Yeah I was going to ask that. >> ML, AI type stuff? >> So we're increasingly becoming automated, but because of the over, there's so much demand in the space. And we've had so much demand to consistently conduct audits, it's tough to pull my engineers away from conducting an audit to work on the tooling to automate the audit, right? And so we are building a lot of proprietary tooling to speed up the process, to automate conducting a GAS analysis, where we make sure you're not clogging up the blockchain by using too much GAS. Static analysis, we're trying to automate that as fast as possible. But what's a bit more difficult to automate, at least right now, is when we have a qualified full-stack engineer read the white paper or the source of truth and make sure the smart contract actually does it, that is, it's a bit longer tail where you're leveraging machine learning and AI to make that fully automated. (talking over each other) >> But maybe is that, I'm sorry John. Is that the long term model or do you think you can actually, I mean there's people that say augmented intelligence is going to be a combination of humans and machines, what do you think? >> I think it's going to be a combination for a long time. Every single day that we audit code, our process gets faster and faster and faster because once we find a vulnerability, finding that same vulnerability next time will be faster and easier and faster and easier. And so as time goes on, we see it as, since the bundle of our work today is ICOs, token generation events, there are ERC 20 tokens on the Ethereum blockchain. And we don't know how long this party will last. Like maybe in a couple years or a couple months, we have a big twist in the ICO space that the numbers will drastically go down. The long tail of Hosho's business for us, is to keep track of people writing smart contracts, period. But we think they are going to become more functional smart contracts where the entire business is on a smart contract and they've cut out sophisticated middle men. Right and it may be less ICOs, and in those cases I mean, if you're a publicly traded company, and you're going from R&D phase where you wrote a smart contract and now actually going to deploy it, I think the publicly traded company's going to do three to five audits. They're going to do multiple audits and take security as a very major concern. And in the space today, security is not being discussed nearly as much as it should. We have the best hedge funds cutting checks into companies, before the smart contract is even written, let alone audited. And so we're trying to partner with all the biggest hedge funds and tell the hedge funds to mandate that if you cut a check into a company that is going to do a token generation event, that they need to guarantee that they're going to at least value security, both in-house for the company and for the smart contract that's going to be written. >> How much do you charge for this? I mean just ballpark. Is it a range of purchase price, sales price? What's the average engagement go for, is it on a scope of work? Statement of work? Or is it license? I mean how does it work? >> So first it depends is it a penetration test of the website or the exchange? Penetration testing of exchanges are far more complex than just a website. Or if it's a smart contract audit, is it an ICO or is it a functional smart contract? In either case for the smart contract audit, we have to build a long set of custom tooling to attack each and every smart contract. So it's definitely very case-by-case. But a ballpark that we could maybe give is somewhere around the lines of 10 to 15 thousand dollars per 100 lines of functional code. And we ask for about three weeks of lead time for both a smart contract audit and a penetration test. And surprisingly in this space, some of the highest caliber companies and high caliber projects with the best teams, are coming to us far too late to get a security audit and a penetration test. So after months of fundraising and a private pre-sale and another pre-sale, and going and throwing parties and events and conferences to increase the excitement for participating in their token sale, what we think is the most important part, the security audit for a smart contract is left to the last week before your ICO. And a ridiculous number of companies are coming to us within seven days of the token sale, >> John: Scrambling. >> Scrambling, and we're saying but we've seen you at seven conferences, I think that we need to delay your ICO by two or three weeks. We can assure you that all of your investors will say thank you for valuing security, because this is irreversible. Once this goes live and the smart contract is deployed. >> Horse is out of the barn. >> It's irreversible. >> Right right. >> And once we seal the code, no one should touch it. >> It's always the case with security, it's bolted on at the last minute. >> It's like back road recovery too, oh we'll just back it up. It's an architectural decision we should have made that months ago. So question for you, the smart contract, because again I'm just getting my wires crossed, 'cause there's levels of smart contracts. So if we, hypothetical ICO or we're doing smart contracts for our audience that's going to come out soon. But see that's more transactional. There's security token sales, >> Yes. >> That are essentially, can be ERC 20 tokens, and that's not huge numbers. It could be big, but not massive. Not a lot transaction costs. That's a contract, right? That's a smart contract? >> People are writing smart contracts to conduct a token generational event, most commonly for an ERC 20 token, that's correct. >> Okay so that's the big, I call that the big enchilada. That's the big-- >> Right now that is the most important, the most common. >> Okay so as you go in the future, I can envision a day where in our community, people going to be doing smart contracts peer-to-peer. >> Sure. >> How does that work? Is that a boiler plate? Is is audited, then it's going to be audited every time? Do the smart contracts get smaller? I mean what's your vision on that? Because we are envisioning a day where people in our audience will say hey Hartej, let's do a white paper together, let's write it together, have a handshake, do a smart contract click, click. Lock it in. And charge a dollar a download, get a million downloads, we split it. >> I envision a day where you can have a more drag and drop smart contract and not need a technical developer to be a full-stack engineer to have to write your smart contract. Yes I totally envision that day. >> John: But that's not today. >> We are very far from that today. >> Dave, kill that project. >> We're so far, we're very far from that. We're light years far from that. >> Okay well look. If we can't eliminate the full-stack engineers, I'm okay with that. Can we eliminate the lawyers? At least minimize them. >> We can minimize them possibly, but we have five stacks of lawyers for our company, I don't see them going anywhere. We need lawyers all the time. >> I see that in the press sometimes, yeah it's going to get disrupted. I don't see it happening. Okay we were having a great conversation off-camera about what makes a good ICO. You see, you have a huge observation space. And you were very opinionated. A lot of companies are out there just floating a token because they're trying to raise money. And they could do the same thing with Ethereum or Bitcoin. >> That's correct. >> Your thoughts? >> My thoughts are that it's very important for companies who are sophisticated, I think, to start by giving away a little bit of equity in the business. And that if you want to be in the blockchain space, and you really firmly believe you have a model to have a token within a decentralized application, I would still start by finding quality investors in the space, in the world. They might be still in Silicon Valley. Silicon Valley didn't just disappear overnight now that the blockchain is out. I am all for the fact that Silicon Valley no longer has as much of a grip on tech because of their blockchain world. And they're not seeing as much deal flow, and there's not as much reliance on venture capitalists, that's exciting to me. But let's not forget the value, that top-tier VCs like Andreessen Horowitz and Vinod Khosla. and Fintech VCs like Commerce Ventures and Nyca Partners in New York, Propel VC, these are good Fintech VC arms that continue to time and time again add immense value to companies. >> And they have networks. They add value. >> They have strong-valued networks, but they're just not going to disappear. And those VCs, if they've invested into a company, took a board seat, fostered their growth, taught them what it means to actually be a real business that's growing at 7-15% week over week, maybe two years down the line, after they've given away a board seat to someone like Nyca Partners, I would be interested in understanding what your token economics look like. Now that you have a revenue generating business, how you've placed a token model into this already running business that makes 25 to 50 grand a month and you have a team of 10, self-sustaining themselves off of revenue. Much more intriguing of a conversation. What's happening today in the space is, hey my buddy Jim and Steve and I came up with an idea for this business. There's going to be a token, and we're starting a private pre-sale tomorrow. I'm going to give you 300% bonus and will you be my advisor? And they're going to start raising capital because of an idea. You know what we used to say in the Silicon Valley startup world, you can raise on just a PowerPoint. I think in the blockchain world, you could raise on just an idea? And then maybe a white paper? And the white paper is one page? And so you've raised a bunch of capital, you have a white paper. >> Now you got to build it. >> Now you got to build, you got to write a smart contract, you got to build it, you got to do it, and then everyone loses excitement and it goes back to our previous conversation the development talent. So, another thing not being discussed in the space is company employee retention, right? So if you have a growing number of ICOs, that have very large budgets because investors have found a way to sink millions of dollars into a company early, you've got $5 million in the hands of a company to start, well this company can afford to pay someone a very ridiculous salary to come join them to write the smart contract now. So they could offer an engineer 500 Eth a month to come join them for three months. So you have good engineers just bouncing from one ICO to the next and as soon as the ICO goes live, they quit. This is a problem to companies who are-- >> It's migration, out migration. >> How do you retain, even capital? >> Companies like Hosho, ShapeShift, companies that are selling picks and shovels of the industry, that want to be household names in the space, we have to really think about how we're going to retain our employees in the space. >> So the recruitment and bringing on the new generation, we were also talking off camera about Bill Tye and the younger generation and kind of riffing on the notion that, because there is a new set of mission-driven developers and builders, on the business side as well. Your thoughts and reaction to what you see and what you see that's good and what you see that we need more of? >> So the most powerful thing in the blockchain space that I think is so exciting is that you have a lot of people between the age of 25 and 35 that don't come from money, that didn't go to Stanford, didn't go to Y Combinator, they're probably not white, from-- >> John: Ivy League schools. >> Ivy League schools. I'm not trying to make it about race, but if you're a white male and went to Stanford and went to Y Combinator, chances of you raising VC money on sand hill are a lot higher, right? And you have a guy looking like me who didn't go to Stanford, doesn't come from money, running up and down sand hill, I have personally faced that battle and it wasn't easy. And we were based in Vegas and so being based in Vegas, I'd also have to deal with so why do you live in Vegas? When are you going to move to Silicon Valley? And if we invest in you, you're going to open an office in sand hill right? And now in the blockchain world, what's exciting is you have so many heavy-hitters running as founders, some of the most successful companies in the space, who don't come from money and a big prestigious background, but they're honest, they're hard-working, they're putting in 12 to 15 hours of work every single day, seven days a week. And to space, six weeks is like six years. And we all have a level of trust that goes back to times when we were all running struggling startups. And so our bond is, to me, even more significant than what must have been between Keith Rabois and Peter Thiel in the PayPal Mafia. We have our own mafias being formed of much stronger bonds of younger people who will be able to share much more significant deal flow so if the PayPal Mafia was able to join forces to punch out companies like eBay and Square, wait 'til companies in this space, we have young, heavy-hitters right now who are non-reliant on some of the more traditional older folks. Wait 'til you see what happens in the next couple years. >> Hartej, great conversation. And I want to get one more question in. We've seen Keiretsu Forum, mafias, teams more than ever as community becomes an integral part of vetting and by the way trust, you have unwritten rules. I mean baseball, Dave and I used to do sports analogies. >> Self-governance. >> Reggie Jackson talked about unwritten rules and it works. If you beam the batter, the other guy, your best star, your side's going to get beamed. That's an unwritten rule. These are what keeps things going, balanced through the course of a season. What are the unwritten rules in the Ethos right now? >> Honesty, transparency, and that's the key. We need self-governance. This is a very unregulated market. There's rules being broken by people who are ignorant to the rules. The most common rule I've seen being broken is by people who are not broker dealers, running around fundraising capital, they don't even know what an institutional advisor license is. They don't know what a Series 7 and a Series 63 is. I asked a guy just last night, he said I'm pooling capital, I'm syndicating, let me know if you want in on the deal. And I said when did you take your Series 7? He goes what's that? Get away from me. You're an American, you need to look up what US securities laws are and make sure that you're playing by the rules and if someone who doesn't know the rules has entered our inner circle of investors, of advisors, of people sharing deal flow, we have a good network of people that are closing the loop for companies, whether it's lawyers, investors, exchanges, security auditors, people who write smart contracts, dev shops, people who write white papers, PR marketing, people who do the road show, there's a full circle-- >> So people are actually doing work to put into the community, to know your neighbor if you will, know the deals that are going down, to identify potential trip wires that are being established by either bad actors or-- >> KYC, AML, this is a new space that's also attracting people that have a criminal background. Right? And that's just a harsh reality of the space. That in the United States if you have a felony on your record, maybe getting a job has become really difficult and you figured let's do an ICO, no one's going to check my record. That is a reality of the space. Another reality is the money that was invested into this entire ICO clean. Right, that's a massive issue for the US government right now. It's been less than 15 hours since the SEC has issued actually subpoenas to people on this exact topic, today. >> This is a great topic, we'd like to do more on. >> Dozens of them. >> We'd like to continue to keep in touch with you on The Cube. Obviously you're welcome anytime, loved your insight. Certainly we'd love to have you be an advisor on our mission, you're welcome anytime. >> For sure, let's talk about it. Come out to Las Vegas. Hosho's always happy to host you. >> John And Dave: We're there all the time. >> The Cube lives at the sands. >> It's our second home. >> Come by Hosho's office and let us know. Vegas is our home. We are hosting a conference in Vegas after DEFCON. So DEFCON is the biggest security conference in the world. You have the best black hats and white hats show up as security experts in Vegas and right on the tail end of it, Hosho's going to host a very exclusive invite-only conference. >> What's it called? Just Hosho Conference? >> Just Blockchain. It'll be called the just, it'll be by the Just Blockchain Group and Hosho's the main backer behind it. >> Well we appreciate your integrity and your sharing here on The Cube, and again you're paying it forward in the community, that's great. Ethos we love that. That's our mission here, paying it forward content. Here in the Bahamas. Live coverage here at PolyCon 18. We're talking about securitized token, a decentralized future for awesome things happening. I'm Jeff Furrier, Dave Vellante. We'll be back with more after this short break. (upbeat music)