a16z Podcast - Crypto Security and the New Web3 Mindsets for Users
Episode Date: October 15, 2021Today’s episode is all about crypto security — that is, the new mindsets and the new strategies for storing crypto assets safely while also allowing holders control and access. As a reminder, no...ne of the following should be taken as investment advice, please see a16z.com/disclosures for more important information. We’ve covered security trends more broadly a ton in our content, which you can find at a16z.com/security, as well as crypto-related trends including NFTs, and the creator and ownership economies; you can find all of that at a16z.com/nfts But as more people enter crypto lately — thanks to the boom in NFTs, decentralized finance, and much more — we share specific best practices and options for securing crypto as well as discussing how it all fits this next evolution of the internet: web3. Our expert today is a16z crypto data scientist Eddy Lazzarin, who joins host Zoran Basich to cover practical approaches ranging from passwords to crypto wallets and what users can do; the evolution of crypto briefly; and the big picture mindset shifts involved here as well. We quickly begin with the practical shift crypto security represents compared to how people interact with traditional financial institutions, and then we go into the big picture trends in security when it comes to abstraction and usability.
Transcript
Discussion (0)
Welcome to the A16Z podcast, Dumzorin.
Today's episode is all about crypto security, that is, the new mindsets and the new strategies
for storing crypto assets safely while also allowing holders control and access.
As a reminder, none of the following should be taken as investment advice.
Please see A16Z.com slash disclosures for more important information.
We've covered security trends more broadly a ton in our content, which you can find at
A16Z.com slash security, as well as crypto-related trends, including NFTs and the creator
in ownership economies. You can find all of that at A16Z.com slash NFTs. But as more people
enter crypto lately, thanks to the boom in NFTs, decentralized finance, and much more,
we share specific best practices and options for securing crypto, as well as discussing how it
all fits this next evolution of the internet, Web 3. Our expert today is A16Z crypto data
scientist Eddie Lazaran. We cover practical approaches ranging from passwords to crypto wallets and what
users can do, the evolution of crypto briefly, and the big-picture mindset shifts involved here as well.
We quickly begin with the practical shift crypto security represents compared to how people
interact with traditional financial institutions. And then we go into the big-picture trends in
security when it comes to abstraction and usability. When you have a relationship with a bank
or some Web 2 application, they're the ones who fundamentally control the terms of engagement.
the fact that they have total control over the situation
is proved by the fact that they can reset the password
or change the rules for the password on the fly.
With cryptosecurity,
you can remove the relationship with an intermediary
and have a direct relationship with a protocol.
So it's simultaneously incredible and it's terrifying.
It's incredible because it means that you can really own the thing.
That's what's so cool about Web3.
no one can revoke or interfere with your relationship with those tokens or those NFTs, those
assets, whatever. It's terrifying because it means you're in charge of controlling the secrets
that guard your access to that asset. That is an awesome responsibility. And of course,
there's all kinds of cool software and developments to make this a little bit easier,
make it a little bit less daunting. But because we're still in the early days, it's something that
requires a shift in mindset.
When people think about crypto, they think about hacks sometimes, oftentimes.
And then you hear things like, well, you know, the Bitcoin network has never been hacked or Ethereum
has never been hacked.
Like the actual cryptographic underpinnings of these blockchain are so strong and so well thought
out that it's virtually impossible to mess with it or hack it.
And yet, we've heard about crypto hacks.
So what are people talking about when they say crypto hacks?
Yeah, I think this is such an interesting point to me because it just goes to show how many
confusing myths there are about security.
It blows my mind, like, hearing some of this stuff.
It's not anybody's fault.
It's just, like, all the terms are overloaded.
So you need to kind of peel back the surface.
When somebody on Twitter pretends to be Joe Biden and says,
send me your Bitcoin, that's a Bitcoin hack.
Exactly.
So what's happening here is that, like, Bitcoin, Ethereum,
they have never been hacked in this sense.
There has never been someone that just approaches Ethereum,
impersonates Zorin,
and then just takes Zoran's money,
just straight up somehow tricks the network
into giving the adversary
all of someone's rightfully owned crypto.
That's never happened.
But there's a similar set of things that does happen.
Maybe the analogy here is like,
no one has broken into the bank, so to speak,
and just robbed the bank's vaults,
just take everything and run.
But there have been cases
where people have tricked customers of the bank
into providing their private information,
which thereby fools the bank
into letting people in
and taking stuff that the bank believed
is theirs, but walking away with it.
So the vault has always remained secure,
but the human beings, of course,
that our customers of the bank
have been tricked at some point, which is awful.
Give us a sense of some of the ways
people can be tricked.
Yeah, so one common attack method
is to take people who are seeking support
for a specific DAP or a specific wallet
to intervene in those support
channels and to say, hey, I'm with so-and-so, let me help you and figure out how to debug your
problem, and then ask them to provide the seed phrase as part of the debugging process, right?
Yeah, I'm just helping you out here, right?
Exactly. And if you support, if you give them your seed phrase, you're giving them the
web through equivalent of your password. That's one example of kind of a social engineering attack
vector. Of course, you should never send someone your seed phrase under any circumstances.
there's just no reason you would ever need to do that.
Another example doesn't have anything to do with the seed phrase
is sometimes for NFT drops, right?
This is a more subtle one.
I really think people should be careful about this.
You'll go to some sites.
You're there to mint or to buy an NFT.
It's not a trusted site.
And you go there to sign a transaction.
And you may not know what transaction you're signing.
When Metamask or your crypto wallet pops up to approve a transaction,
you may need to actually inspect the nature of that transaction
to understand what it is exactly that you're approving.
It's possible to approve something very nefarious,
like transferring funds that you didn't intend to send
or granting sweeping permissions to your funds to some adversary.
If you're signing a transaction on OpenC,
if you're signing a transaction on matcha,
you're on a trusted venue.
If instead you're signing it on some brand new NFT drop that just appeared 12 hours ago
and it's going to disappear in two hours and you need to buy now as the timer's running out,
you should probably think twice or at least inspect the transactions details to ensure you know exactly what you're signing.
I know the different marketplaces are doing an amazing job filtering this stuff out and they're going to do better and better.
But we're still a little bit in the Wild West.
So Bitcoin white paper was what, 2009, right?
So it's 12 years.
Yeah.
Started with very heavily technical underpinnings and the people who got into it first
were developers and cryptographers and people like that
required an immense amount of technical skill, mathematical skill, cryptographic chops, things like that.
How is the way people think about security changed in crypto in the last 12 years?
Yeah.
There's tons of stories that you've heard about people losing their keys really early,
saving it on hard drives that burned out or forgetting the name of the file.
And that's just because it wasn't clear.
the economic value of these things yet.
And there weren't best practices for storing these keys.
Nowadays, I think we've come a really long way.
In its earliest days, I distinctly remember
a lot of my friends throwing their Bitcoin private keys
in Notepad on their desktop.
I don't think that that was the best practice,
but it just didn't seem serious.
So your private key is a 512-bit-long sequence
that you need to keep guarded
that's used to sign and send transactions
to the blockchain. That means moving things around or buying and selling things. It needs to
remain a secret. And the thing is, a 512 bit long sequence is a hard thing to keep. When mnemonic
seed phrases came along, that was a huge improvement because it's just so much easier to store
and to retain. This is those 12 or 24 words, that sequence of words, that it asks you to
maybe not screenshot or write down on a piece of paper or something like that. That sequence of words
is just a mnemonic method to record that private key.
So if you think about it, writing down some giant sequence of characters
is a challenging thing to do to store that in a durable and secure way.
One way to make it a little bit easier is instead of a random sequence of characters,
instead you store a sequence of more memorable words.
You can encode in some cryptic way or you can maybe memorize.
Probably shouldn't do that.
But try to memorize.
So it's all about the private keys and the seed phrases and the safe storage and recoverability of these things.
That's essential.
What's a common myth about this topic?
Like, what don't enough people know about it?
Something actually funny about these BIP 39 seed phrases is people may not understand that the seed phrase is kind of your password.
It's not a thing that's related to your private key or it's not just some login.
It's actually the representation of your private key.
And what that means is also that it's portable.
The BIP 39 phrase can be copy-pasted into different wallet software.
So, for example, if you have a Metamask wallet on your phone,
you could actually take that seed phrase and you could import it into Rainbow Wallet,
or you could import it into myether wallet.
And once it's plugged in, you'll be able to see your accounts and balances and so on,
because the seed phrase is how you derive the public and private key for your crypto wallet.
That alone is just one example of a huge U.S. improvement.
This would be sort of akin to like, again, comparing it to sort of Web 2 and old banking models.
You know, right now if you have your funds with a bank, right, and you want to change,
you have to close your account with one bank, open up an account with another bank,
create all new login information.
In this, in Web 3, you've got the login information.
It's yours, basically, and you can transport it from one.
interface to another. A lot of people don't know that the BIP 39 phrase is portable, that the seed phrase is portable. And that's really unfortunate because that's the proof of the portability and coolness of this whole Web3 thing is that you can literally uninstall the wallet software, install some new wallet software, pop in that seed phrase, and everything of yours is there automatically without any extra effort. That's proof that the wallet software is just a view into what's on the blockchain.
what you control, it's not the actual thing that holds your assets.
They're in the blockchain.
They're all over the world in no particular place.
That's the proof of that.
Let's talk about security mindsets.
So seed phrases clearly are an improvement over 50012-bit encryption.
But even there, I think we don't want to rely on memory alone, right?
So what are the ways people are currently thinking about securing these seed phrases,
and how is that evolving?
I think it's a little bit unfortunate how we think about storing those seed phrases.
today. It's a little bit backwards that seed phrases are stored now by like putting it on a
piece of paper and then hiding it. I think that's really unsecure and not very user-friendly.
In fact, people that I know, what they do is they'll get something like a crypto steel,
a piece of, an actual piece of metal that you can encode the seed phrase onto by like selecting
and creating this little puzzle to represent all the words in the phrase. And the reason why people
like this is that it's a piece of metal. It's not going to be damaged by sunlight or being too
dry or just picking the wrong kind of ink or something like that. It will last like a thousand
years and you can bury it in the ground or whatever. Like I actually have a bunch of them. I put
them all over the place. They have different purposes for me. It's a general concept, this idea of
a metal representation of your seed phrase. So maybe the generic term is a mnemonic cold storage
wallet. Yeah. Yeah. And then you have to kind of think about metallurgy and things like what will rust or
oxidize and what kinds of...
Yeah, will it survive a fire, like, whatever, you know?
But I love the idea.
It's like taking it a step further of like, okay, what can I actually create that cannot
be destroyed?
But even then, that's a little bit backwards.
I think the best way, the future of storing private keys probably has something
to do with multi-party computation or Shamir's secret sharing, which are methods for splitting
the private key up among a few trusted parties, maybe like a professional custodian,
maybe a friend, maybe in a different computer of yours,
so that you can trust that even if you lose your little piece,
you can initiate a transaction to recover the address,
recover the funds.
And this is all really with the aim of getting away from this terrifying potential
of losing a bunch of money because you lost a piece of paper
or something happened to that piece of paper or somebody stole it or whatever.
It's kind of funny because crypto is all about not having a single point of failure,
but in many ways the way we have stored our passwords and keys
just like a single point of failure.
No, that's exactly right.
I mean, it's maybe one-click improvement
to move the single point of failure
away from a trusted third party to yourself,
you know, for people who really appreciate
having full control over the situation,
that can be better.
But that's definitely not the right solution, right?
You don't want to be the single point of failure
for your own system either.
It's best to be able to choose the trade-offs
in this design space and decide, like,
okay, for these things,
I'll take the responsibility.
For these things, I want to hire a professional.
For these things, I want to trust my friends and so on.
Being able to kind of design around all those possibilities and choose the risks you're willing to take and not.
That's one of the things that's really cool about crypto security is it opens up this whole design space again,
as opposed to just relying on some third party, some giant company to do it right.
When we think about mainstream adoption for crypto, it seems inevitable that a lot of people,
maybe the vast majority of people, do not want to take these steps.
They do not want to think this much about security, right?
and they want it to be more like those banks or whatever.
Like they wanted to be, if I lose it, somebody will help me get it back.
So where do you think that's going?
How is security going to evolve in order to bring more people into this space?
So for people who want a bank-like experience, there will be many options,
one of which is just holding your crypto in an exchange.
I think exchanges, generally speaking, will do a really high-quality job holding your assets.
But of course, holding your assets in an exchange limit your ability.
ability to use those assets. So if you hold Ethereum on an exchange, you can't do all the cool
defy stuff. You can't necessarily buy and trade NFTs. You can't use Web3 authentication to prove
that you were an OG and some interesting crypto social club, but they will allow you to recover
your password in the traditional way. You can set up two-factor off. The worst-case scenario,
you can send them some documents, prove who you are, and regain access to lost funds. So they
will offer that kind of experience.
But pretty good option for people who don't want to worry about it too much and who don't
necessarily need to do all those other things you mentioned, but rather just want some exposure
to the asset.
Exactly right.
Okay.
So somebody comes to you and says, hey, and I know there's exchanges and stuff, but I really,
I hear this phrase like not your keys, not your crypto, right?
Yeah.
Which means the exchange holds the keys.
And even though they'll probably treat you well, it's still like this third party that you
don't, you know, I want control.
I want this incredible ability to port my stuff from one user interface.
to another. I don't want to be tied down to any one place. What should that person do? And let's say
that person doesn't even necessarily want to do a bunch of defy stuff or get involved in
Dow's and NFTs, but just kind of like wants this freedom to move money around and do some
trading and buying and selling. I think that there's a whole design space that people can choose from.
So the key question is where are the private keys held? That is the key question.
If you just install Metamask into your Chrome, Metamask is holding the key. So you generated
a seed phrase that hopefully you stored, maybe used pen and paper, maybe used a crypto steel,
maybe you saved it in a password manager. You saved that seed phrase, which can be used to
reconstruct your private key. And then you also allowed Metamask to hold a copy of that
private key. And so the private key is only as secure as you believe your Chrome browser
memory is. If you want to take that private key and move it out of your
computer, move it to something more secure, you could get a hardware wallet. And in that case,
when you generate the key, when you generate the seed phrase, you store the seed phrase in the
same manner we discussed before. But now, instead of having kind of a warm version, an online
available version of that private key in your browser memory, there's nothing on your computer.
Your computer knows nothing about your private key. Instead... Which is obviously great and makes it
less likely to be hacked because people can get into your computer. Exactly. So you just remove that
entire set of vulnerability. You just removed an entire part of the attack surface out of your
computer and onto this separate, discrete device. But this separate device, your ledger wallet or
treasurer wallet, it's offline. It's not connected to the internet. It's not running extremely
complex software like a browser. Instead, all it does is it holds your key. And that way,
when you connect it to your computer or you connect it to your phone,
when you want to issue a transaction,
that device asks your little hardware wallet to generate a signature.
And the private key never leaves that little device.
And that way you can keep emitting transactions
and you can do all the kinds of stuff that you want to do,
but you can trust that there's only two places your private key is stored,
the hardware wallet and the paper or crypto steel or whatever
where you wrote the seed phrase.
Okay. So even with separate hardware wallets, though, even though that's safer, you still have to connect it to your computer when you need to issue transactions. So what's even beyond that in terms of security? You can get much more sophisticated than this, right? You could even, for example, you could generate a seed phrase or a private key, calculate the public key for that phrase, and never have a touch a computer ever. You could have some offline device that's never seen the light of the internet and calculate the public key.
And you could receive funds to that public key without it ever having been online.
And that would be like a cold wallet.
The idea is that it's never touched the internet.
And you might say, how is it possible to send funds to something that's never been online?
Well, that's because when someone sends you a token on a blockchain, there's no sense in which you receive it.
Instead, that token gets sent to a specific address.
And when you want to do something with that token later, you just have to prove that you control,
the private key behind that public key, behind that address.
So in theory, you could create a private key, figure out the public key that corresponds
to that private key without ever touching the blockchain and then tell someone to send
you that thing to that public key.
And so in this case, you have total control of that public key without that public key
ever having been touched on the blockchain.
It's kind of a weird concept,
but there's no sense in which you have to be online.
So, of course, if you self-custody
and you want to be really, really certain
about the security of this public key,
you can generate it without ever touching the internet.
That's one way to describe what a cold wallet is.
So is this required for everyone
or even most people interacting with crypto
or just a very small subset
that are doing very advanced things with crypto.
Like, help me understand that balance
that people might think of
or a framework for people to think about that.
In security, there's always a trade-off
between friction and safety.
The more friction you add
and the more steps removed
that you take the valuable secret,
like the private key,
from the internet,
the more secure the thing is.
But, of course, it's also less convenient to use.
So I think it really depends
what you're trying to do.
I think generally speaking,
the secure enclave on modern smartphones is really high quality.
So if you install some high quality crypto wallet,
you can generally trust that the crypto wallet you installed
is going to remain secure and keep your private key safe.
But in that case, the risk is how do you back up that private key
if that device is destroyed or you lose that device?
So that's where social recovery, like Argent has, comes into play.
that's where writing down
or storing the seed phrase
comes into play. Some wallet software
also allows you to encrypt and
upload the private key
to like ICloud or Google
Drive. That's kind of
varies by wallet provider. In theory
they should be able to encrypt it with some password.
You remember that password
instead. You remember your
iCloud password.
And then your seed phrase
is hidden in there. But ultimately
the question is
Where is the seed phrase for?
So anytime you have a device with the seed phrase on it, like a wallet of any kind, right?
There's a possibility that that physical device can be damaged.
So I have, for example, a ledger.
And I've actually had that ledger fail before.
But that in no way compromised my long-term ability to control my assets because I just got a new ledger.
I put in the seed phrase and we start over again.
You shouldn't think of it as like a little safe deposit box to store your phrase.
that's not what it is. It's instead a little computer for signing transactions. Of course, to do that,
it has to have a copy of the phrase, but the seed phrase itself is the valuable thing. And in fact,
if you choose to not use a ledger or not use Metamask anymore, or you want to switch your wallet
software, you could take that seed phrase and put it into a new kind of wallet or a new piece of
software that signs transactions. It's the seed phrase that is the critical component you need to
store. There's so many minefields for people, especially who are relatively new to this. So what's the
one thing people should be doing, or there are two or three things people should be doing to protect
themselves? So first, I strongly recommend a hardware wallet. They're very convenient. They're very high
quality now. Never ever provide your seed phrase to anyone else. Never send your seed phrase to
anyone else under any circumstances. They don't need it. There's no reason they would ever need it to
debug something. Another is to generally rely more on your phone than your browser. So it's actually
really nice methods to connect to your phone, like by scanning a QR code, wallet connect or something
like that, to connect with the DAP, even if it's on your laptop, and send signatures authenticated by
your phone. A phone is a much more secure computing environment than a laptop.
When we think about all these issues in relation to the wider adoption of crypto and
defy, for widespread adoption, interfaces will probably have to become more intuitive for people,
more user friendly. It's almost like the crypto part of it has to be abstracted to make it truly
accessible to a large, large number of people. But what would doing that mean? Would that
fundamentally be anti-crypto and that less control for the individual, more control for third parties?
Help me think through that in terms of wider adoption. Yeah, you're completely right that a lot of the
crypto features will have to be abstracted. And that shouldn't be alarming to anyone who follows
trends in technology because that's always been the norm about everything.
No one knows how credit cards work underneath the hood.
No one knows how JavaScript powers burning interfaces and browsers.
No one knows how DNS or the mail protocol works unless you're an engineer working on that
thing.
A lot of these things are abstracted.
But think about like when people access Facebook, there's only a few ways.
There's like the Facebook client, like the app that you've done.
download on your phone, or you can access it through the web browser. But fundamentally, if you want to
read and write data from Facebook, you need to use a client that Facebook controls. To bring this
analogy back to crypto, even if people end up having the crypto experience abstracted away
and end up with this really straightforward interface, that interface still does not control
the underlying information and the underlying data and the underlying assets.
and what that means is that they have to focus on delivering purely a high-quality user experience.
That is a fundamentally different relationship with the end user than if the data is controlled by them.
And in fact, I would even go so far as to say, like, it will unlock radically superior interfaces.
You expand the space of people who can try their shot at an interface infinitely from one to an arbitrary number, right?
Now anyone can make that interface.
The interfaces on crypto-based applications will end up being better because of the interoperability, not as good.
Really, it feels like what we're talking about here is a very different security paradigm, right?
It's more personal control along with more personal responsibility.
And it's a completely different relationship to one's assets and data than we're used to.
It's like the transition from Web 2 to Web 3 kind of happening in real time, right?
One of the most, like, Web 3 moments for me is going to my parents' computer.
in Miami, which is not logged into any of my accounts, right? So all I had to do was open up
the browser, click wallet connect, and then scan with my phone, scan the QR code from my phone
wallet on the browser on their desktop, and I'm immediately logged in, and it's showing me all
of my assets. I didn't have to remember a password. I didn't have to do some CAPTC, right? I'm
immediately shown all of my things, not by signing a transaction, but just by basically linking my
public key on my phone with that DAP on my parents' browser. That to me is incredible
because it just shows the portability of things and how we are truly in a different security
paradigm where you're just showing the machine the window to look through to see your stuff
as opposed to constantly re-uploading your private material to Web 2 and repeatedly reproving
that you're a human being and who you are.
It's kind of absurd the system that we've created today.
But it's funny, part of me keeps saying,
but how do we know it's all going to work?
Like, how do we know that just because you have this seed phrase
that you can carry around in the world with you,
that it's going to throw all these different interfaces
and all these different methods of connecting,
how do we know it's always going to work
and that there's not going to be some kind of technical fuck-up?
Not even a hack, but just like,
how can we trust that it's just going to work?
Is that a stupid question?
But I feel like a lot of people think that way, though.
No, no, it's an incredible question.
I mean, there's a few ways it can go wrong.
Well, one way that it won't go wrong is what's so cool about the Web 3 way is that you're creating a single interface that everyone can program against to do all these cool identity, metadata, authentication things.
The fact that you're creating a single interface for everyone else to plug into, as opposed to forcing everyone to re-implement their own security system, is an incredible improvement.
there's like a saying in security like don't roll your own crypto right that's referring to
cryptography not like web 3 crypto and that is a testament to how difficult it is to make a secure
system in a web 2 world and that's why they always insist you know recycle things reuse things
don't use systems that you built yourself from scratch instead use things that have received
incredible public scrutiny the maximal expression of this vision is instead
what if there's an actual authentication network,
which is kind of how I think about Web3 networks,
and everyone can plug into that.
That's, in a way, the most secure thing
because it's a single interface that no one person controls
that is constantly under scrutiny
and being shared by all different kinds of parties
for all kinds of different purposes.
That is just such a superior security system.
It's unbelievable.
And the elemental feeling of security is that,
No matter where my seed phrase is stored, that's always going to be translatable that
whatever blockchain you're using will always recognize.
Yeah, exactly right.
There's essentially no way that that connection cannot be made, that the blockchain will
not recognize it because the blocks have been validated by this huge far-flung network
and they're all stored and they cannot be manipulated and it's immutable and it's always
there and it'll always be connected to that seed trace.
Yeah.
And I actually think there's critical things that we have to change.
Like, for example, the fact that the primary interface that users have is with a single public key.
Like, you have the single private key and you have a single public key.
Maybe you have multiple wallets, but there's still always this single private key to single public key relationship.
That means certain things that are important in security are very difficult.
Like, for example, rotating out keys.
Sometimes you want it just to prevent the risk of keys being shared or a specific old key being compromised.
It's a common design pattern.
Often people want to be able to rotate keys or expire old keys
for the purposes of privacy, of just like keeping things fresh,
of kind of like recycling old passwords.
But of course, you can't do that in a system
where a single private key maps to a single public key.
So instead, a way to solve this is to create like a decentralized identifier.
That's like one step removed.
And underneath that identifier, you have like a public key
or even a set of public keys.
So that identifier, for example, could refer to like a group of people
or that identifier could refer to me, but I just keep cycling the public key.
So my public key is changing, but my identifier never changes.
This is kind of like the relationship you have with your password and your Twitter username and your email.
Like you can change the email, but keep the username.
You can actually even change the username and keep the email.
That's because unknown to you, you have a unique user ID like in Twitter that is not revealed in the interface.
Nothing never changes.
That's how, like, you can change your Twitter username and still receive comments from someone else.
We need to build a system like that so that people can lose keys, but not to lose the network that they've built or the relationships that they've built or the assets.
So what I'm kind of understanding here is that right now there are ways that if you lose your seed phrase, it's kind of like worst case scenario, right?
There are ways to put things in place to make sure you can recover your seed phrase.
many people may not know those ways just yet,
so we may see these worst case scenarios crop up from time to time.
But it sounds like the further we go into the future,
there will be easier ways for these kind of recovery systems to be in place.
Different kinds of apps will be built, systems created,
so that the average person coming into crypto probably will not be terrified
of losing their private key in the future.
Totally. I think it should be because everyone has different risk tolerances
and everyone has different attack vectors that they're concerned about.
So I can't wait to see that built out.
I think most people will generally trust specific institutions or third parties,
but it's really important.
I think it's a really interesting part of crypto that you always have the option to opt out
and put the control of things in your own hands.
Eddie, thanks so much.
Thank you, as always for your time.
Yeah, a pleasure.