>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HOSHO CON 2018. Brought to you by HOSHO. >> Hello everyone, welcome back to theCUBE special live coverage here in Las Vegas for the first ever, Blockchain Security Conference. Really discussing security as an industry, it's called HOSHO CON, put on by HOSHO. We're here with the Co-Founder and CEO of HOSHO and main supporters of sponsoring this project or event HOSHO CON. We have Yo Sub Kwon, who is the CEO and Co-Founder. Good to see you. >> Good to see you, good to be here. Hey thanks for putting this on. I've interviewed Hartej, your Co-founder, in Toronto the Futures conference. We've had many great conversations on theCUBE. But when we talked about HOSHO CON, this conference, he really wanted to do it as an industry conference. Not as just a HOSHO event. >> (Yo agrees) >> This is really key to you guys culture here at HOSHO your company. >> Yeah. >> Take a minute and explain the event. Why this event? Why the format? And that it is open? >> I mean basically, you know, like we've been to just so many events over the, like I think we've done like 80 events this year, and the topic of conversation is, you know, around investing, it's around ICO's, it's around all these things and security touches all of those and I just feel like, and we all felt it and like the other security companies felt it too, that it just wasn't a topic that was discussed in great enough depth especially given the increasing amounts of hacks and theft and all these problems that relate directly to security. And I just feel like it's really important for us as an industry to discuss, you know, what security practices are good? What should be done? How you should do them? What resources are available to companies to learn more about security? And what resources don't exist and need to be developed? And that needs to be done in a collaborative way. Well congratulations and props to you guys for really sponsoring this and taking the leadership role in the industry but again you guys are humble and it's a good way to do it. Is to have these conversations. So thank you for doing that, appreciate it and thanks for having theCUBE here. We really appreciate it. The question I want to ask you is: I've noticed a trend here, first of all a lot of smart people here, so it's like, it's not a massive, no IPO, ICO pitch competitions, this is really down and dirty security. >> Yeah. >> Okay, black hat, white hat but it's kind of a intercultural vibe it's the community. >> Yeah. >> Coming together. But also two kind of tracks are developing there's the crypto security and then there's cyber security threats coming up. Because you said it's touching on all these points. And you're hearing, even hearing a little bit of IOT and hardware, we had Rivetz on earlier the CEO Steven Sprague so a lot of different solutions and a lot of different opportunities, a lot of different vulnerabilities. Can you explain the landscape of how the players are here, where are they coming from? >> Okay, yeah. >> What's their backgrounds? >> Absolutely I mean there are definitely, a lot of brilliant minds here and that was one of the goals of HOSHO CON is to bring people that are of all different, you know, parts of the industry whether they're, they're layers or they're information security experts or they're, you now, regulators or they're it just, developers bring them all into the same room and to kind of discuss these problems that you know, plague all of us and you know a developer's going to have a much different perspective and solution than a lawyer and but those thing can work together and the problems might still be the same. And so we've been in the industry for just like, even though HOSHO's a young company, the people that are on our team, myself, I've been in, I got into Bitcoin eight years ago, like we just have this network of people that are in the industry, have seen the kind of like cyclic nature of, you know, like a gigantic influx of people come in, these problems arise where, you know, entrepreneurs are like really focused on like growing, getting traction and then they focus less on their security, it goes to the wayside and then these big hacks happen and then the industry kind of smartens up and everything you know starts getting a little bit closer to what seems you know maybe safe or like approachable for a growth trajectory and then another gigantic influx happens and then the same thing. And so what we really need to do is like when that next big influx happens is to have standards in place to have things that an entrepreneur can just turn to and be like: "Okay, this is what I need to do "if I want to be considered credible in this industry "and I want to protect my users and my investors." >> Can you talk about some of the top conversations that are going on here, because I think that's a great point? People want you know legitimacy, they want solutions that work, that are credible and then maintain kind of, I won't say enterprise grade, but commercial grade reliable so that people can focus on building up their companies and or preparing for the growth. What is some of the top conversations? >> A lot of it's just learning about what other people do, like even with like Rivetz, we're putting, they're using the trust executions based on like what's already on billions of devices and you know basically letting people know that that space exists on this hardware and that they can be used for all these different purposes to validate you know data going in. And, you know, there's been conversations around custody. I was on a panel earlier today about custody and basically the way I felt like it left off and the conclusion was that there is a long way to go on custody but it is incredibly crucial. Big institutional players that want to enter the markets and want to put their money into a regulated custodian they're, it's difficult to do so even with registered custodian's existing because the limitations that they have in understanding the technology and being able to provide support for all the different digital assets that exist. >> So we're reporting this morning the SEC herein the US has tightened the noose on the ICO-funded startups. I think the story originated out of Decrypt Media but essentially the SEC, Securities and Exchange Commission, is cracking down and they're going back and saying: "You got to refund some of that money." >> Yeah. >> Because of violations. That's one regulatory thing but there's also, there's software that writes these smart contracts. You guys are in that business. The software is software money, security is critical. How stable is this becoming in your mind? What's the to do items? How should a company who want's to either use the ICO process or and or use token economics to fuel their business model they got to be secure on the business front? >> Yeah. So basically smart contracts were so new when we first got in to it that people just didn't know how to develop securely in them and so there were just critical mistakes being made all over the place. We've seen over the last year a lot of improvement on that front, more libraries are being developed and people are writing consistently more secure contracts. But now what we're seeing is contracts are getting increasingly complex and with additional complexity, because it's software there's room for, you know more problems and I think that it's going to, it's going to be an interesting challenge going forward, there's thing like formal verification I think that has a huge place in the future regarding smart contracts but it's there's a lot of tools that need to be developed that's one of the things that we worked on and we're really excited about is Meadow Suite because that's software that let's you develop smart contracts. We built it intentionally with security analysis in mind and then we made it more full featured to become a development tool for writing smart contracts and developing a protocols. And so I think the more of those type of things that you see come out that bring it more to feature parity to what software developers are used to if they're say building a web application it makes it a lot easier to adhere to good practices and write secure code. >> And also kind a not have to do manual audits? >> Yeah. >> I mean at the end of the day you want to get to some sort of automation. >> Absolutely. >> Framework. >> I mean we've already automated a lot of the things that we do. But and there's still a lot left to do but we know that there is a lot left that can be automated and we hope that eventually the tools are just put into developers hands were they can do most of that work themselves. >> Yo Sub take your CEO hat off from HOSHO for a minute put your industry hat on. >> Okay. >> What are some of the names here that, and conversations, topics that you find interesting personally? >> Okay, I mean. >> (John laughs) >> A lot of people that we brought here are like our friends, we know them right? And so like I was talking to. >> Your kind of celebrities. >> I was talking with like TokenMarket earlier and like, you know, we're partners with them and they really, they're really great guys and like some of the stuff that they are trying to do and you know just listening to what other companies are trying to do with like security tokens that seem to be the thing that really moving forward. And I'm kind of fascinated like, we try to stay agnostic you know like when we're like looking at all these different technologies. But then like someone explains something to you and you're awe man that's really cool. >> Yeah. (both laughs) >> And there's some good minds here. What's the coolest thing you've seen so far? >> Well I've been locked in, I've been locked behind doors in a lot of meetings so far but the, let's see, I think what Unchained Capital is working on is really sweet. They basically, I mean like I think their business model makes a lot of sense. Like basically they hold your crypto's so you maintain exposure to it and then they'll issue you a loan. They can like turn around a loan like in 24 hous, you just hand then a bunch of Bitcoin and then they'll just give you cash and then you can you know you have that cash and then you still maintain exposure through crypto if you pay it all back you get your crypto back. (laughs) >> So it's collateralized crypto? >> Exactly I mean like that makes perfect sense to me. Like you know it's just like as long as you can liquidate that crypto and Bitcoin or Ethereum like those are big enough markets now where you can easily liquidate. Well that's awesome. Thanks for putting on this event and I want to get back to HOSHO. How's business going? You're the CEO, Commander in Chief, what's going on with the company? How's things going? >> Yeah. >> Quick update. >> Well everything's crazy right, like we're moving quickly and the next steps are Asia. We really want to basically penetrate those markets. Only, we don't have as much coverage there as we would like but having spent some time there earlier this year doing some reconnaissance it's a crazy, crazy space over there. There's a lot of action happening, there's a lot of adoption. People are really enthusiastic about it but security almost seems like six months to a year behind North America and Europe as far as what exchanges are requiring, what investors are demanding of their portfolio companies. And so I think that now that they've had such major hacks happen over the last six months they're starting to realize. >> Major hacks talking about 60 Million. I mean I heard numbers up to 300 plus million. >> Yeah. >> I mean these are it's not like five dollars out of your wallet. >> Yeah. >> This is massive. >> Like over a billion dollars has been stolen in some capacity and like it's been pretty crazy yeah, so. >> Where's the big vulnerability? Exchanges, is it the DApps, where's the holes? >> They're all over the place but the biggest numbers definitely come from exchanges. Exchanges just need to be far more responsible and just, I feel like a lot of it is just negligence. They're growing so quickly that they don't pay attention to, you know, putting resources into educating their staff on really simple security practices. You know things like phishing and social engineering, like things that were good security practices still are good security practices. And a lot of those attacks are not even anything like some new exploit of a new technology it's the same kind of thing of like phishing, social engineering, sims swapping, you know, poor user access control, bad passwords. >> I mean the basics. >> Yeah. >> But this is what growth does to you you've point earlier. As more people start feeling growth there's more exposure service area wise. >> Yeah. >> New dynamics are kicking in. >> Well I'm starting to see new exchanges that are popping up that are you know taking security very seriously and the way they're treating it is that is their differentiator but in my mind like security shouldn't be a differentiator. Everybody should. >> (John laughs) >> If you're an exchange and you're holding massive amounts of other people's assets you should take security very seriously. That should just be a default, a standard. >> You have to be differentiating strategy with security it's not, it doesn't make sense. >> Marketing 101 you shouldn't be different, it should be standard. (both laughs) >> I mean if that's the state of the art, this is the problem. This highlights the problem. >> It does yeah. >> Alright so what's, what's the future for this event? How do you guys see this unfolding? Obviously this is the first inaugural event here HOSHO CON, How do you see it evolving? >> I think a lot of conversations should hopefully spur from this and we want to make this a yearly event. So we're definitely going to take a lot of the feedback from people that attended and see what they want, what they really enjoyed, what they really want to talk about. And even I think, a lot, since we're recoding all of the talks we'll be putting them up online at some point and I think it'd be really good to see like what the transition is like next year from like, where we were in some of these problems and addressing those problems you know a year from now. Like I think that will be really exciting. >> You guys are expanding in Europe, HOSHO good job with that. Who's the kind of clientele that you guys have? Is it ICO's? Is it companies? It is enterprise? Who are your target customers? >> So we have a lot of companies that are ICO's for sure. We have more exchanges and protocols joining those ranks. And then we are trying to move into enterprise as well. We made a partnership with Telefónica and developed a partnership with them to be able to sell to more enterprise clients and what they need. >> And what's your value proposition that you guys are offering? >> We are, well, we do smart contract audits, we do penetration testing. Those are things that a lot of companies in this space need. And then also we've been helping with security architecture and cryptocurrency assessments. >> And tooling, tools for development. >> And tooling, yeah we're trying to do our part. I mean we can't and won't do it alone but we try to develop things that, if we develop anything that's useful from a security perspective, we try and make it available for everyone. >> Yo Sub thanks for coming on theCUBE, appreciate your time and congratulations, it's a great event. >> Thank you. >> HOSHO CON sponsored by HOSHO and other's in the industry, it's an industry event, it's not just their company, it's their friends all coming together to solve the major problems with security, making it standard, making it safe and supporting the growth with the community. It's theCUBE covering live here in Vegas. I'm John Furrier stay with us for more CUBE coverage after this short break. (upbeat electronic music)