On The Brink with Castle Island - Esteban Castaño (TRM Labs) on Blockchain Forensics (EP.247)
Episode Date: October 4, 2021Esteban Castaño, the cofounder and CEO of TRM Labs, joins the show. In this episode we discuss: The founding story of TRM Labs and the methodical approach the team took to finding product market fit... Esteban's perspectives on the NFT landscape and the growth potential in this category How regulators and public sector clients are approaching blockchain forensics How TRM is engaging with crypto native businesses and traditional financial services firms Perspectives on building a remote first organization while maintaining a strong culture To learn more about TRM Labs visit www.trmlabs.com Sponsor notes This episode is brought to you by Withum, a top 25 accounting firm with a cutting-edge Digital Currency and Blockchain Technology practice. To learn more, visit withum.com/crypto.
Transcript
Discussion (0)
Today on the podcast, I sat down with Esteban Castano, the co-founder and CEO of TRM Labs.
TRM is a blockchain intelligence company that's working with financial services firms,
crypto-native companies, and government agencies to help them monitor, detect, and investigate
crypto crime.
This was a wide-ranging conversation, and Esteban is an incredibly thoughtful founder.
So I think you'll enjoy this one.
So without further ado, here's my conversation with Esteban Castano.
Matt Walsh and Nick Carter are partners at Castle Island Ventures.
All of these expressed by them were the guests on this podcast.
podcasts are solely their opinions and do not reflect the opinions of Castle Island Ventures.
You should not treat any opinion expressed by anyone on this podcast as a specific inducement
to make a particular investment or follow a particular strategy, but only as an expression of
their personal opinion. This podcast is for informational purposes only.
Brought down by bad mortgage investments, Lehman, which has 25,000 employees, will be liquidated.
The federal government loans American International Group, AIG, $85 billion.
This is a different kind of market, and the Fed is asleep.
The federal government is stepping it to stabilize Fannie Mae and Friends.
Eddie Mac, the two mortgage giants that have been threatened by the housing crisis.
The Bank of England has pumped 75 billion pounds more to Britain's ailing economy with a new round of quantitative easing.
You print a couple trillion dollars and all of a sudden people start to worry.
So out of this worry, we have something called the Bitcoin.
Esteban, thanks so much for joining us on the podcast.
I can't believe it's the first time we're doing this.
I'm excited to have you.
Thank you so much, Matt.
This is great.
Well, a lot to talk about today.
Why don't we just start it off with a little bit of background on yourself, what led you to start TRM,
And you have a fascinating journey with this startup.
So I'd love to just hear what the inflection point was that got you to start it
and what got you to see that this could be a huge opportunity in on-chain forensics.
Sure, happy to.
So I'm going to step, I'm one of the co-founders and CEO of TRM.
And what TRM is, TRM is a blockchain intelligence company.
So we produce blockchain intelligence, which is basically enriched blockchain data.
And today we package that data in web applications and APIs to help financial institutions
and governments detect fraud and financial crime in crypto.
So the mission is to build a safer financial system for billions of people.
And that mission is really grounded in two beliefs.
One is that crypto is poised for explosive growth.
And the second is that risk management is foundational infrastructure to enable that growth.
You think about like risk management today, that's fraud prevention, anti-money laundering,
cybersecurity, all of these things.
What's so interesting about the blockchain is that you can use blockchain intelligence
to serve all of these use cases.
We think that if crypto really is this internet of money,
in the internet of money,
a hack is not the loss of data or PII,
people potentially losing their life savings.
And as the next billion people enter this new financial system,
we think it's critical that you have software
that can scale trust and safety in this new world.
So that's why we exist.
What's so funny about TRM is we actually started about it as a gaming company.
Our co-founder, Raul and I, we love crypto.
We wanted to build in the space.
And we started with Pokemon Go for crypto.
So we started with an NFT game, actually, where we would drop NFTs in the real world for people to go out and collect.
This was back in 2018.
We did a test run in Berkeley where we bought some gift cards.
And we put them in the middle of the campus.
And then we texted like a thousand students that there was the token drop.
And we had people running across campus in their pajamas to come get these gift cards.
So that was like the first, you know, hint of validation that people wanted, you know,
interactive experiences where you could get assets that hold real value.
You know, the next step for us was to, we needed analytics.
We started actually building smart contracts and running tests where we would distribute
NFTs to people.
And the immediate question that we had was, well, how do we know if this thing is working?
Like, are these people actually engaging with the NFT?
Are they, you know, increasing their holdings over time?
Are they trading them?
And so we built a lightweight analytics, you know, layer that through many, many versions of
iteration and listening to the market, you know, eventually became TRM, which was a trust
and safety product.
It's a fascinating story.
You were so early to the NFT phenomenon.
I guess the current mania right now must really be interesting for you to watch, given
how early you were.
It is.
It is incredibly.
interesting to see kind of how really timing is everything.
When did it become obvious to you that there was a huge market opportunity here for what
TRM is doing today? Like when did it click for you that tons of government agencies and financial
services firms would need these type of services?
Well, it was actually a slow realization over many months and years of iteration. We have this
analytics product to help token companies understand their users. So the idea was, you know,
mix panel for crypto. And you could search any token in our app and immediately see kind of
usage metrics. And this was 2018, we went out and tried to get some customers and there was like
only a handful of token projects that were of meaningful enough size to care about user retention.
And so we realized like, okay, we need to expand the market a little bit here.
One of our customers was trust token, which is a leading stable coin issuer. And I remember
their compliance came to us and said, is there any chance that I could use this analytics to,
you know, monitor risk on our network. Can we do this for AML? I googled AML. And then, you know,
from there, we actually started building a compliance product based on what our customers were asking
for. The idea of building software that can help crypto teams, crypto businesses, to be compliant,
was very compelling because that was a need that every business had. That was a hair on fire
need. And so we started building that. And the next aha moment was when we announced our seed round,
we tried an experiment.
At the time, we were still kind of the product was very much geared towards mixed panel for crypto.
But we launched an experiment was, what if we launch as a compliance company?
You know, what kind of demand are we going to get?
And we did that.
And that morning, we had inbounds from people like Coinbase and other companies.
And we said, you know what?
Like, we're not mixed panel for crypto.
We are a crypto compliance company.
And so we started kind of building this compliance platform.
Fast forward six months, we get a cold inbound from one of the top five banks in the U.S.
who says, you know, I need a crypto forensics product to understand, you know, risk on the network.
And we said, wait a second.
This isn't about crypto companies.
This is every financial institution.
And then you fast forward 12 months and federal law enforcement reaches out and says, hey, you know, there's been this attack.
And we need help, you know, understanding the activity on the blockchain.
Wait a second.
This isn't every financial institution.
This is every organization that touches digital assets.
And so it was kind of like following the smoke from the market in terms of finding a larger and larger, you know, market opportunity.
Raul and I, we were fortunate to go through White Combinator early on. And one of the things that I think really impressed on us, Michael, who is the president, stood up and he said that a lot of founders don't realize when you're building a startup that these things can take seven to 10 years. And you reach the end and you look back and you say, wow, that was the most impactful thing that I did in my life. And so as we were iterating, Raul and I kept looking for, kind of lining up the crosshairs were what is a problem that we can
our life to? What is a mission that we can dedicate our life to? And if we're successful,
not only will we build a big and enduring business, but we'll have made an impact that we're
really proud of. We'll have built a company that we're really proud of. And as we were getting
more and more feedback from the market in terms of people needing analytics to manage risk and build
trust and safety, that really started to kind of inspire us. And over time, we fell in love with the
mission. And it was probably about a year and a half ago at the tail end of Y Combinator that we
planted the flag and we said, you know, this is what we're going to do. We're going to be a
company that builds a safer financial system for billions of people. I love that story. I had no
idea about kind of the pivot on the fly there to put up the compliance flag. What a great story that is.
Yeah, I mean, I think both Rochle and I had had prior, like, you know, startup experiences that had
failed miserably. And the one thing that intense failure teaches you is that you don't know what the
world needs. Like, if you could reason about what the world wants, you know, you'd see a lot of
successful startups out there. You know, you have to listen to the world. You have to listen to the
market and listen to what does the market want. And that's the job of the entrepreneur. The job of the
entrepreneur is to build what the world wants of them. And so we started from a place of that
assumption and then it was a year and a half of kind of listening to the market to see where it would
pull us. Well, I want to tug on that thread a little bit. So speaking about what the market wants,
put us in the shoes of one of your customers and maybe talk about a couple different categories,
maybe financial services firms, maybe law enforcement or regulatory.
What are they using the product for and what do they care about?
Sure.
So today we serve three verticals, crypto businesses, financial institutions, and public sector agencies.
You know, a crypto business, they want to meet their AML requirements and they want to meet
anti-money laundering and sanctions regulatory requirements.
So, you know, someone like finance, you know, they're going to screen an incoming deposit
and see, is this incoming Bitcoin source from proceeds of financial crime?
This is source from someone selling stolen credit cards on the dark web.
Is a source from a ransomware attack?
And they can in real time, you know, detect and block that transaction.
Someone like a financial institution, you know, they may want to take on crypto customers.
They may want to provide banking services to a large exchange.
They may want to enable crypto as an asset class.
They may want to launch stable coins or tokenized assets.
And regardless of kind of what kind of the product is, they need software to mitigate risk.
So if you're going to take on crypto exchange customers,
Well, how do you actually verify the AML controls of a given exchange?
And exchange comes to you and says, hey, we're doing KYC, we're doing AML.
Using blockchain intelligence like TRM, you can actually look up that exchange's profile
and see, well, what does the on-chain data say about their controls?
What percentage of the volume coming into that exchange is actually linked to high-risk activity?
So it's really helpful from like a due diligence standpoint for financial services companies.
Many of them are looking to enable crypto as an asset class for their customers,
and they want to partner with subcustodians.
And they can use blockchain intelligence to help due diligence on these subcustodians
to see if those custodians are exposed to risk.
Or if they're going to launch a new asset, they can use blockchain intelligence to
understand high risk activity across the network.
And then finally, you have the public sector.
And that's really a multiple different verticals.
You have law enforcement, which might want to investigate nation state cyber attacks
or look at ransomware attacks or hacks.
or high-yield investment schemes.
You also have regulators that want to detect market manipulation.
You also have tax authorities.
So there's kind of a wide range of users that can use blockchain intelligence to help mitigate risk.
That's fascinating.
So it must be a real challenge for some of these people where, you know, the users of the
product, it's not their day job to stay up on the latest mixer technology or the latest
cross-chain swapping thing that criminals are doing.
So what's your experience in terms of selling?
the product and really educating the person that's using the product, if that makes sense.
What does that process look like?
Sure. It varies by vertical.
What's interesting about crypto is that money laundering has always been here.
The things that you see in crypto rhyme with what you see in the Fiat world.
One thing that you can do if you want to launder money in the Fiat world is called structuring,
which is, you know, breaking apart your deposits into small amounts and depositing in it
at an ATM or, you know, at a bank.
Well, the same thing happens in crypto.
You can take a large amount of, you might have $50 million of Bitcoin source from
illicit finance and you can break that up into small amounts and deposit it across multiple
different exchanges.
So immediately, it's easy for compliance analysts to kind of see that, wait a second,
this is just the same typologies we've been seeing in a new way.
What's really exciting for our customers is when they get to learn about the new typologies
that are really crypto-native.
What changes about money laundering?
when someone can programmatically spin up 500,000 virtual bank accounts,
well, you're going to have programmatic money laundering where nation states can programmatically
control thousands of wallets to launder funds across the crypto ecosystem.
And you're going to have to use really hardcore advanced analytics to detect that.
So that's kind of the frontier that we are in many ways pioneering.
It must be difficult to stay on that frontier just internally in terms of all of the new
and innovative things that criminals are coming up with in order to, you know,
move money around on these topologies. How do you guys think about staying up on that?
It is difficult, but you don't have to assume that you need full visibility or complete coverage
of the crypto economic system to stop threat actors. When you're looking at an attack,
you're finding the one place where they kind of messed up and that's the lead. That's like what you
can use to build out a case and build an investigation. The larger the attack, the more surface area
there is. It's really difficult to launder $100 million of stolen Bitcoin.
like you're likely going to mess up along the way, and that's where you'll get caught.
I think the other thing that we'll see is the types of tools that we use to manage risk in
crypto will continue to evolve.
Blockchain analytics, blockchain intelligence is one tool, but there will be many more
tools that are invented over the next decade.
And that's not uncommon.
Like if you think about, you know, an old Western town on the frontier, risk management
in those days was like a single sheriff sitting on Main Street.
He had perfect visibility of everything that happened in that old western town.
You know, even the stores had slats between the woods that you can kind of peer through and see everything.
And as cities evolved, you had many layers of risk management, you know, evolve with cities.
Like, you know, you have easy passes and you have stoplights and you have locks on your doors and you have not only, you know, federal law enforcement, but you have local PD and private security.
And I think we're going to see a lot of different, you know, forms of risk management evolve as the crypto economy.
evolves. And that could be, you know, maybe NFTs that grant new access into permissioned and
opaque defy pools. Or maybe that's traditional transaction monitoring systems that evolve to take
in crypto transactions. You know, there's going to be a lot of different tools that evolve.
This episode is brought to you by Witham. Witham is a top 25 accounting firm. They have a cutting
edge digital currency and blockchain technology practice. Wherever your company is from a stage
perspective from pre-seat to IPO, they have tailored solutions just for you. They have helped
some of the largest companies in the crypto industry with audit, tax, and advisory needs. And they've also
helped a number of our portfolio companies. To learn more about advisory, audit, and tax services,
head over to on thebrink.link.link slash with them. That's on thebrink.com. One thing I'd
love to get your perspective on is just how do you answer questions about ransomware? You must get
asked about this all the time. It's one of the all-time fuds that people like
to critique the crypto industry for saying, hey, it's a common use case is for ransomware attacks.
How do you guys think about that? Well, ransomware isn't new. I mean, there was a ransomware
attacks before crypto. Now, it is true that that crypto is a predominant form of payment for
ransomware attacks today, but you also get the benefit that investigating, you know,
the attack is much easier with crypto. You actually can understand not only, you can use blockchain
intelligence, not only to trace, where do the proceeds of the ransomware payment ultimately end up,
but you can understand the entire network of actors that help openly contribute to a ransomware attack.
There is a whole ecosystem of service providers, and blockchain intelligence allows you to map all of that out.
It gives you much better intelligence.
Yeah.
People don't like to think about all the use cases for cash that are in illicit activity.
It feels like an inappropriate comparison.
Yeah, I mean, that's right.
Like any new technology lends itself to new risks, then the answer is not to ban the technology.
the answer is, well, how do we manage the risks, especially if the technology has the promise of
expanding financial services to billions of people, which we really believe crypto can do.
The fascinating thing about your business is that there's so much leverage in the model
to the extent that new assets are represented on chain. So the market size is so big for
cryptocurrency, but if you layer on things like NFTs and real world assets and, you know,
land title registrations on blockchains, the addressable markets,
grow pretty significantly, you know, with the additional use cases for blockchain. So I'm just
curious, what are you the most excited about when you just look at what blockchains are being used
for? Oh, that's a great question. I mean, it is difficult to conceptualize how many new forms of
value are going to get tokenized because what's so transformative about blockchain is it fundamentally
alters the cost of transferring value. And any time that you fundamentally alter kind of the cost structure
of something so fundamental to the economy, it has ripple effects that are difficult to predict.
Like with the Internet, it altered the cost of transferring information, and it took several
decades for us to begin to understand kind of the implications of that. Arguably, we still haven't
really fully understood how that will evolve. So what can we see around the corner right now?
Well, today we can see that a lot of in-game digital assets, the entire game economy is going to be
tokenized. And think about how many transfer events happen in private servers right now for,
you know, for different games. All of those events can happen on public blockchains.
You know, think about all of the stuff right now that doesn't happen on electronic rails,
whether that's, you know, titles or real estate or whatever it might be. You know,
all of that can pour over to public blockchains. We think there are going to be trillions of
transactions that happen on public blockchains and will be the company that organizes that information
and, you know, helps bring insight out of that noise.
That's super exciting.
One of the, you know, most obvious mainstream breakthroughs here has been NFTs.
And you've been super, super early to NFTs.
But curious how you broadly think about the space right now, sort of what's the most
exciting in that category and then how that engages with TRM.
I love NFTs.
They're so cool.
I think there are a couple properties that make them really magical.
You know, one is that they're interoperable.
So, you know, if I give you an NFT, which is basically just a digital token that someone can hold,
but anyone can go out and see that you're holding that token.
So, you know, loot is a new project, which is really clever, which says, you know, here's,
you know, some items that you hold.
And then anyone can recognize that you're holding those items and build new user experiences on top of that.
That principle is arguably as big as something like mobile.
Like there's going to be so many companies that are built on top of this principle of,
hey, how do I give a digital object to somebody that can then be interoperable with any other
application out there? That's something that's really interesting. I think the other interesting
thing is that the cost of creating NFTs and provisioning them and transferring them is really
low. And so what is the fact that kind of that cost of, you know, of transferring value being
so low? What does that mean about kind of what new experiences you can create as NFTs? So it's really
exciting. I've been fascinated to just see the financialization of NFTs in a very short period of time.
It almost feels like the early days of Bitcoin when it was clear to some people that this was
becoming an asset class. And then all of a sudden you started to see custodians and exchanges
and data providers and kind of the whole swarm of financial products that would be necessary
to support the trading and, you know, in custody of these assets. Do you see the same thing happening
in the NFT space? Yeah, I mean, it's booming. And I think the reason is,
any time that you have permissionless open protocols, that lends itself to rapid experimentation
because you have a lot of decentralized independent parties that are being able to develop
in unison and learn from each other along the way and build off of each other.
You think about kind of HTTP.
I mean, it's a simple protocol, but it's enabled the Internet as we know it today, or SMTP
and all of the email clients that are built on top of that protocol.
And so you look at something like ERC 721, the principal protocol for NFTs on Ethereum, for instance.
And so it's not surprising that you're seeing so many end user applications kind of grow on top of that very rapidly.
You guys had a great blog post a few weeks ago about some of the security considerations for NFT drops.
There was a couple incidents on Solana recently.
So how do you guys think about this in terms of your coverage of this ecosystem and maybe speak about some of those security considerations in this,
fast-growing kind of emergent field.
Yeah, I mean, I think the, the interesting thing is that the security considerations are evolving
in real time.
Like, in web application security, there are things like the OWASP top 10, which are, you know,
the top 10 things you can do to make sure your web application is safe and protected from hackers.
We haven't gotten to the point that we even know the threat landscape or the different
types of attacks.
What was so interesting about this, this one attack was the attacker had a malicious smart
contract that if you executed it, you know, would trigger draining the funds from your own wallet.
So that's a new type of kind of attack that we haven't seen. Just last week, we saw another type of
attack where somebody created a wallet that had a lot of ERC 20 tokens on the wallet. It had no
ETH and they published the private key. And so people said, wait a second, this, you know, this wallet
has a bunch of money on it and they gave us the private key. I'm going to go spend the funds there.
But there's no ETH on it. So I need to send ETH into the.
the wallet in order to kind of transfer the tokens out. The moment that they sent the ether into
the wallet, that ethos wasn't automatically swept. But I think we're just starting to see
what are the different ways that people can conduct novel attacks on blockchains?
And over the next multiple years, we'll see what is the crypto OWASP top 10 equivalent?
Yeah, they'll be keeping you busy. That's for sure, especially as these things move to different
protocols and move up the stack onto layer two. So is that something that you guys are consistently
keeping an eye on in terms of the layer 2s that are emerging here and even, I guess,
other layer ones. How do you prioritize which chains you cover? Yeah, I mean, we prioritize based on
just, you know, customer demand and where we see the most growth. But it's something that we are
rapidly evolving our capabilities. I mean, every week we're launching a new capability. We're the
first to monitor, you know, financial crime risk on SLO. We're the first to monitor risk on Sala,
the first to monitor risk on Tron, the first to have coverage on all ERC 20 tokens, all ERC
C721 tokens and NFTs. And so, you know, part of keeping up is just making sure that you're
constantly iterating and launching new capabilities and then figuring out kind of where are you going
to place your bets. Like, where do you think there's the most growth? That makes sense.
I mean, another place where you guys have really been at the cutting edge is just all of the
conversations with the regulators. And, you know, I remember at the end of the last administration,
there was a lot of noise around unhosted wallets and you guys were very involved in that conversation
as well. So what's your kind of just general view on the state of regulatory in the United
States right now? What are the hot button issues? What should people be thinking about?
Yeah. I mean, there's a lot of issues, right? Like one of the big questions right now is on
tokens and are they securities and how does the how we test apply? You know, another question is
how do you do AML and defy? I think the overarching trend in a lot of the hot button issues is
that a lot of the assumptions that underpinned existing regulatory frameworks are being challenged
by crypto. You look at something like AML, anti-money laundering framework. The assumptions behind
today's anti-money laundering regime is that financial activity happens through financial
intermediaries. Those intermediaries can detect in report suspicious activity and that there's a
limited number of these intermediaries. So it's possible to enforce compliance across these
intermediaries. Crypto challenges all of that. I mean, you have decentralized exchange
technology so you can have peer-to-peer transfer of value or you can have smart contracts computer
software that facilitates the transfer of value. You have a wide surface area making it more,
it just requires more capabilities to manage the risk across all of that evolving surface area.
And then because you have open source finance, the number of intermediaries is exploding.
The number of financial institutions is exploding. In the traditional world, you want to think
about it as a 15-year-old kid in a basement in life.
and being able to create an exchange.
But that's very much possible now.
And so when the assumptions behind a risk management framework change,
the answer is not to just copy, paste the existing risk management framework.
The answer is to say, well, what novel native risk management framework do we need to develop?
And I think that's the big question that policymakers and regulators are thinking through is,
in the case of defy, how do you manage financial crime risk when you have smart contracts that can
facilitate, you know, transactions who don't have a compliance team that can, you know,
file suspicious activity reports.
And how do you think we get there? I mean, there's a lot of talk in the market around
creating permission pools, but, you know, is that a viable answer here? How do you think this
evolves? It's going to evolve through a lot of trial and error, to be frank, because the minute
that you kind of start designing a risk management framework, the assumptions have like shifted
under you yet again, you know? And so like, I think that there's going to be just constant iteration
and experimentation. And that's okay. That's actually how it's supposed to work. I think what we'll find is
that, you know, risk management is going to take many different forms. Like some of the answer should be
new legal frameworks. Some of the answer should be new technology products. You know, some of the answer
will be kind of new behaviors that that users take on. And we kind of have to have an open
mind in terms of how will we do risk management in crypto. Maybe the answer isn't reporting requirements.
Maybe the answer is that we are going to have software that programmatically, you know,
screens things. Or maybe the answer is that users are going to have a lot more autonomy in terms of
information in terms of where there is risk in the system. There will just be, you know, a lot of
possible answers. So clearly there's a lot of barriers in the eyes of financial services firms that are
in their eyes preventing them from getting more aggressively into cryptocurrency and blockchain-based
technologies. My perception is that the suite of TRM products is actually addressing some of those
perceived barriers in the sense of, okay, we can actually do this now because we have this third-party
provider that is providing us with A, B, and C that makes us more comfortable. I'm curious,
number one, is that true? And then number two, what are the other barriers that are holding some of your
customers or potential customers back from more actively engaging in the sequence?
ecosystem. Yeah, that's, I mean, that's absolutely true. I think that we talk to prop trading firms and other
asset managers who want to engage for defy, you know, for instance. And the principal reason why they
don't is they say, well, I don't want to execute a trade with some decentralized smart contract on
the other side of that trade. There's a, kind of a sanctioned actor or a ransomware attacker,
something nefarious. And right now I'm blind. I don't know how to kind of detect that or manage that
risk. Well, you know, we have a solution that can risk score.
defy liquidity pool. So you can actually have visibility. If I engage with this defy protocol,
who's on the other side of that and how do I make sure that I'm managing the risk appropriately?
If you are a financial institution and you're looking to invest in an exchange or you're looking
to perhaps launch a new asset on a new blockchain, well, we can help provide visibility on what's
the risk profile of different assets as a whole? What's the risk profile of different crypto entities
out there. So, you know, it's a huge unlock to have the tools that allow people to manage financial
crime risk. In terms of kind of the other things, you know, the big questions that we see are,
you know, around custody and and other infrastructure components that people need to get right in
order to be able to launch a new product or service. And there are great companies that are addressing
those needs as well. You guys are clearly at the cutting edge of so much that's happening in this
ecosystem. One of the things that struck me over the past couple of weeks where we had the
Treasury Department come out and put some actors on the sanctions list. So there was a Russian
exchange called Suex. I had actually never even heard of this thing. You guys are obviously
staying on top of all of these things. How big is this kind of underbelly of the market with these
participants that, you know, most people have never heard of. Like how big of a factor are they?
There are thousands of these kind of nested services that we've identified. They kind of take two
flavors. You know, one is what we call chameleon shops, which is basically, you know, an exchange that
will be operating multiple different fronts. They'll have different brands. They'll have different
websites. And the back end is kind of the shared infrastructure. The second typology that we see is what
we call parasite exchanges, which are, you know, exchanges that operate on the infrastructure of a
larger exchange. And the larger exchanges often doesn't know that that's really taking place because
what they see is they just see, you know, a retail customer, you know, maybe they're using a synthetic
ID or stolen credential, they'll come in, they'll pass KYC, they'll create an account, and then
they're just doing a ton of volume. But if you're a large exchange, I mean, you have thousands of
customers that are doing meaningful volume on your platform, how are you going to know that this one,
you know, John Smith here is actually running an unregistered money services business on top
of your platform and serving kind of less savory customers? We invented a new form of analytics
called ownership analytics last year that that gives exchanges visibility, not just in terms of
who are they transacting with, but what activities taking place on their platform.
so that they can uncover these nested exchanges like Suex.
That's fascinating.
I mean, I guess you have to stay up on all this stuff.
It's probably evolving pretty quickly.
Along those lines and evolving quickly,
one, to just get your view on what it's been like to build this company
over the past couple of years.
Obviously, you're growing so fast.
You started in one direction.
You're now kind of a different idea.
What's it been like to ramp up?
Talk a little bit about just growing culture and organization over the past couple of years.
Sure.
I mean, I think, you know, the first thing to recognize is that,
that building an enduring business is not actually like one linear path.
It's a series of mini games.
You know,
it's a series of challenges,
each with its own,
you know,
boss.
And at every step,
you have to be hyper aware in terms of what is like the principal objective today.
You know,
in 2018,
2019,
for us,
it was about getting to product market fit.
It was about figuring out what product
deserves a company to be built around it.
What product does the market need?
You know,
today,
it's about how do we scale this product and take it
to market so we can achieve our mission of building a safer financial system for billions of people.
People is the most important thing that we do to get there.
A company, this is a great quote by Vinod Kosla, the company becomes the people that
hire is not the product it builds.
We really believe that.
And to kind of ramp up successfully, we think you need two things.
One is a really clear talent strategy.
So what's your approach to hiring?
What's your approach to the way you hire, fire, and promote?
And then two, you need the scaffolding onto which.
that talent can latch on to.
So you need a really strong purpose and culture.
You know, purpose is why.
Everyone in the organization needs to have clear vision of why are we here and where are we going?
What is the most important thing for the business to do today?
And then you need a really strong culture, which is like how do we make decisions?
How do we execute?
How do we treat each other?
And we have 18 leadership principles at TRM divided into kind of three buckets that help inform
the way we think about those questions.
You know, we look for people who are impact-oriented trailblazers that know how to set the right destination and figure out where are we going and what is, you know, what's the right way to figure out where we're going.
We look for master crafts people, people who know how to execute efficiently with speed and grit.
And then we look for inspiring colleagues, people who can elevate the people around them through integrity and apprenticeship and positive energy.
That's awesome.
How have you done this in a remote culture over the past 18 months?
What's that been like?
gamers really led the way for us.
As any gamer will know, we've had online friendships for many years.
So I think for us, it's been about just adapting our processes to function well remotely.
One thing that we do is we write a lot of stuff down.
So we have a great knowledge base that we use.
We're constantly communicating.
And then we find ways to build the camaraderie that you might get through in-person
relationship.
So we have quarterly off-sites in various hubs that we're launching.
We're going to have weeks where people come together for a given week every quarter just to spend time in an office together, as well as of annual opportunities to bring everybody together as well.
That's fascinating.
Well, that's about.
This has been a great chat.
Where can we send people to find out more about TRM, follow your work, and check out the open recs that you have?
Sure.
So, TRM Labs is our website.
Blog.ttttrmlabs.com is where you can see all of the latest investigations that we're producing and what we're seeing out of the ecosystem.
And then careers.tramlabs.com.
That's where we've got all of the open roles.
If you don't see a role that's a good fit, email us at talent at t rmlabs.com.
Again, our mission is to build a safer financial system for billions of people.
And we're looking for people that would be really excited to work on that.
Well, keep up the great work.
Thanks so much for coming on the podcast.
Thanks so much.
Thanks for listening to another episode of On the Brink with Castle Island.
To find out more about Castle Island, visit castle island.V.C.
To listen to all of our podcast episodes, please go to On the Brink dashpodcast.com or just click on the tab in our website.
Thanks for listening.
