On The Brink with Castle Island - Josh Schwartz and Dima Kogan (FORDEFI) on Building Institutional Custody for DeFi (EP.369)
Episode Date: November 8, 2022Josh Schwartz and Dima Kogan, co-founders of Fordefi, join the show. In this episode we discuss: MPC custody: what it is, its academic roots and how MPC works. The tradeoffs and considerations that h...ave led to the growth in popularity of MPC custody. Josh and Dima's backgrounds and the path that led them to founding Fordefi. The institutional custody landscape and some of the challenges that firms face when engaging with DeFi protcols. How Josh and Dima think about the security risks associated with smart contract platforms. The types of customers that Fordefi is currently serving. Their fundraise announcement and what is next. To learn more visit fordefi.com
Transcript
Discussion (0)
Today on the podcast, I sat down with Josh Schwartz and Dima Kogan, the founders of Fortify,
a company that's building custody solutions for institutions that engage in the DFI ecosystem.
This was a fun podcast, and we touched on the academic history of MPC.
We talked about the state of institutional DFI.
We talked about how Fortify is building their product in response to evolving customer demand.
So without further ado, here's my conversation with Josh and Dima, the founders of Fortify.
Matt Walsh and Nick Carter are partners at Castle Island Ventures.
All of these expressed by them or the guests on this podcast are solely their opinions and do not reflect the opinions of Castle Island Ventures.
Guest and host may maintain positions in the assets discussed in this podcast.
You should not treat any opinion expressed by anyone on this podcast as a specific inducement to make a particular investment or follow a particular strategy, but only as an expression of their personal opinion.
This podcast is for informational purposes only.
Brought down by bad mortgage investments, Lehman, which has 25,000 employees, will be liquidated.
The federal government loans, American International Group, AIG, $85 billion.
This is a different kind of mortgage.
And the Fed is asleep.
The federal government is stepping it to stabilize Fannie Mae and Freddie Mac, the two mortgage
giants that have been threatened by the housing crisis.
The Bank of England has pumped 75 billion pounds more to Britain's ailing economy with a new
round of quantitative easing.
You print a couple trillion dollars and all of a sudden people start to worry.
So out of this worry, we have something called the Bitcoin.
Bitcoin.
So Josh and Dima, thanks so much for joining us today on the podcast.
Yeah, thanks for having us.
Well, excited to talk about Fortified, but why don't we?
start off with a little bit of background, your crypto journeys, what brought you guys together
to start this company? Sure, I'll through the first step. So, you know, I come from a much
more traditional financial background as now is common in the space, but probably wasn't so common
back five years ago. I started at firms like Canterford's Cheryl and some hedge funds at Bloomberg.
It was actually at Bloomberg when I got a random call if I was interested in joining this company
called BitGo. And my first reaction was like, is that that Bitcoin thing? Is that even still around?
And sure enough, it was over a year from the time of that original call tell I eventually joined,
and that was me just sort of going down the rabbit hole of the space and sort of like understanding
it. This is going to be paradigm shifting for certainly the financial ecosystem. And for me also
was pretty exciting, like what I was doing, especially like market structure, electronic trading,
et cetera. There were thousands of people like me on Wall Street doing what I was doing. But to come to an
industry, which was lacking people with traditional financial and market structure background,
knowing that was going to be important for institutions coming into space was also really enticing.
So, which by the way, interesting, while I was going to the Rabbit Hall, I bought my first Bitcoin.
I remember buying my first Bitcoin on Coinbase and going on the blockchain to try and see the
transaction.
This is so transparent.
It's so cool.
And of course, finding that that transaction wasn't there because most of crypto at that time,
at least, was still like very sci-fi oriented.
And so maybe a good foreshadowing for where we're at now.
So I joined Bicco as Global Head of Sales at a time while the company, Bicko, of course,
like the pioneer in institutional wallets, the first user of like multisig to reduce that
single point of failure as a single key.
And I joined like while they were transitioning from a regular tech provider to a regulated
custodian.
And one of the projects I spearheaded there was the first settlement product in the space,
which was like the predecessor to all the walled gardens and settlement solutions that we've
seen over the past couple of years to deal with the issue of fragmented liquidity.
and the fact you have to pre-fund exchanges in this market, of course, prior to like prime
brokers and stuff being around.
But while I was there, I started hearing from a bunch of clients about this MPC.
Hey, we're starting to hear about MPC, multi-party computation, and we hear it's the next big thing
in key management.
We hear it's better for chains like Ethereum and stuff that don't support Bitcoin natively.
Honestly, I didn't know anything about MPC at the time.
And so like anyone would do, I just started doing my research and who are the competitors and
like how are we going to position ourselves against them?
And notice that a lot of the MPC providers were coming out of Israel.
At the time, you had unbound fireblocks and Curve.
And if I'd be like, I looked into all of them and I was just like super impressed with the team at Curve,
both like professionally and personally.
I eventually joined those guys as the chief operating officer.
And we scaled the company through the A round and eventually to sell to PayPal early last year.
And then just like the other foreshadowing to Defi, at the tail end of our time at Curve,
we started seeing the defy growth happening in the space.
And we were actually the first metamask institutional partners.
We were like that flagship partner for them.
So maybe it was sort of like a precursor to sort of what we're doing now.
That's awesome.
That's quite a journey.
I have a ton of follow-ups.
Dima, how about you?
What was the path that led you to this company?
I started my career in engineering and cybersecurity.
I worked for a few years as part of my military service here in Israel on cybersecurity.
And then I worked for a couple of years in Google, where I got to work on the Google.
identity system. So that's kind of Google's account management system that's common to all the
different Google products like Gmail and drive and YouTube and so on. There's lots of interesting
challenge about securing Google's accounts and I guess specifically got to work on things related
to devices. So kind of getting a better understanding of the devices of the users and using this
information and the contextual setting to better, say, protect logins and this kind of stuff.
And then after a couple of years in Google, actually I went back to school to get my PhD. So
So that's actually before starting the company. I spent five years at Stanford. I got the chance
to work with Dan Bonnet in his lab, where I work on my PhD in cryptography. Specifically, my research
was kind of combined both the more theoretical and more practical aspects of cryptography.
I work quite a bit on privacy preserving cryptographic protocols. That's basically a way to construct
protocols for different types of tasks that we know how to do non-privately, only to do it in a way
that preserves privacy. And in some sense, when we were talking about MPC or specifically
about threshold signatures, protocols, such as the one that used by MPC wallets and crypto.
You can also think about obviously a protocol that tries to protect the private keys
while still accomplishing and being able to sign transactions.
And yeah, so I was working kind of on this type of stuff, not really working on
cryptocurrencies directly, but obviously got exposed to that as well because there's so
much good things going on in Stanford in the lab in particular.
And then after finishing my PhD, I was kind of excited about doing something on my own,
starting a company.
The two main things
and to figure out
who to do it with
and what to work on.
The team,
I was fortunate to get introduced
to Josh and to Michael,
our story co-founder
through some common friends.
So Michael,
I knew kind of from way back a little bit
from the time and the service
and Josh,
we both knew the founders of Curve
who introduced us.
And then with Josh's background in custody,
I was like super excited
to work on the space as well
because I think it kind of connects
two of the things that I was fortunate
to work on
and I really enjoy working on,
which is cryptography and security.
I think it's even within the cryptocurrency space that has so much exciting things that I would be enjoying working.
This I feel like a particularly good fit.
So we have to start the company around last September and it's been a fun journey ever since.
Well, I'm excited to talk about what you guys are building.
But I guess before we do, we need to set the stage on just what is MPC?
There's going to be a lot of people listening to this podcast that might have heard that PayPal bought an MPC company or Coinbase bought an MPC company.
But what is MPC?
That's a good question.
So MPC stands for multi-party computation.
And in general, I think you can think about MPC as a class of protocols.
So protocols run between, say, different computers, different machines.
And the broad class of MPC protocols is basically a way for a set of parties to, let's say,
compute some joint function or solve some common task while each preserving the privacy of some private input that they hold.
So you can think about maybe the classic example.
a collection of people, each has their own salary, and you want to compute, like, who has
the highest salary without revealing anything about that individual salaries to other
participants, just to compute the output. And so MPC is basically a class of cryptographic
protocols that has been developed over the past, I would say 20, oh, but almost more than 30 years
by now. It's been a long path from theory to practice. And basically, the most amazing results
in cryptography is that anything that you can compute efficiently, you can compute also
privately using an MPC protocol.
And if we want to now look at it through the lens of cryptocurrencies and wallets,
they are usually when we talk about the PCs, we're actually talking about a particular
task, and that is being able to do threshold signatures.
That's basically a way one of the main functionalities of say a wallet is to hold your
private key and then to be able to sign transactions.
That's the way that you authorize transactions on the blockchain.
And the standard way to do it is that it's basically allowing some centralized party
whatever your phone, to just hold a private key and then sign the transaction whenever necessary.
And the problem with this is this introduces a single point of failure.
This private key is stored in one device, one machine.
And as we know, machines and phones and whatever eventually get compromised.
And so here, the application by MPC would be to avoid even storing or having the private
key at a single point, but rather generating it in a distributed fashion.
So you could say maybe a phone and a server or maybe multiple servers, they're all run a protocol
and create this distributed version of the private key without ever having it at a single point.
And then once they actually want to sign a transaction, they can again run some kind of
cryptographic protocol that produces the signature on the transaction without ever exposing
the private key to any one of the parties or to anyone in general while doing it.
It sounds kind of magical, but yet this is an application of cryptography to this task.
It's a really good explanation.
And so you mentioned that there's 30 plus years of academic research that's really come together
to build some of these MPC tools.
And by the way, that's without blockchains being even in the picture.
But it does strike me that over the past even five years, just the huge leaps forward in
the cryptography sector have been sort of spurred by this invention of blockchains and
the fact that now there are very tangible use cases.
Be curious, do you agree with that and kind of what role you see,
blockchains having and advancing some of these academic research initiatives?
It's a really, really good point.
I think in general, like, cryptographers have been very lucky for blockchains to become so
popular because it's like a huge, you could say, like playground for a lot of really
cool things and really cool and practical applications of pretty advanced crypto that we
haven't seen before.
So there's like a few examples, you know, MPC being one of them that we just talked about,
zero knowledge proofs. That's another type of photographic tool. It's also something that's been
pretty parable like 30 plus years. It's been mostly in the theory realm, but once the application
have become so compelling over the past two years for blockchain, for various applications within
blockchain, then it really got a lot of practical people to work on this type of problem.
And there's like a few critical steps, like the critical step of getting it from a theorem
in a paper to something that you can actually execute on some machine. And you know, the first,
initially it could be like a very big machine.
and it will run for a really long time.
It will have like a bunch of different caveats
that won't really make it practical,
but let's kind of one step.
Once it gets there,
they know people who are excited about these things
and you get like more practitioners,
not only theoreticians looking at these problems.
Eventually you kind of shave off orders of magnitude,
do a lot of improvements that takes a lot of ingenuity.
So there's ingenuity definitely on the theory side,
but also on the practical side.
And so you see this race to make these things more practical.
And I think it's just been driven by really compelling applications.
the blockchain space. It's been absolutely fascinating to see. Josh, I'd be curious your perspective
from the commercial side. I mean, presumably you're not in the hardcore weeds here on the
cryptography and you're not building these things. But how did you get comfortable and see that
there's a commercial opportunity here around MPC enough to go and just do this full time and
dedicate the next 10 years to this? It's funny when I was first joining curve. I mean,
to your point, there was a lot of doubt or just questions about the technology and especially
some of the folks, the institutional law providers who were focused on other key management
solutions like multisig actually were raising their own pushback to MPC. By the way, P.S.
over the last four or five years, like we've seen a very big shift where like even some of the
multi-sig providers have now adopted threshold signature scheme as part of like their own
key management solutions. Because again, ultimately, then what we saw at, what really changed
really in the last couple of years was also this move from like a very Bitcoin-centric ecosystem to one
where we see lots of other chains.
And the idea of having a key management solution that is easily integrated
and can support easily any of these chains, where to the chain itself, it's a single
signature reduces also a lot of the fees.
I mean, one of the major problems with multisig as a solution on Ethereum was that, like,
it was just too expensive.
Every single time, those providers would have to, like, run a smart contract that, like,
mimic the use of on-chain support of multisig, which is what Bitcoin has.
But in Ethereum, it would just create a contract.
which was very expensive and arguably not really super secure because this is now creating a contract
that's providing the security instead of the math itself, which YWNBC is.
I think the way that Dean may even describe that, I like to, of course, tell from the non-technical
example to salary example as a way for people to understand how we can compute solutions
without sharing our individual inputs.
And if you think that, the blockchain itself is protected by math.
And so shouldn't it make sense that math protects math instead of some other kind of solutions?
either hardware or anything else. And so really it was just seeing like over the last couple of years,
just watching like the overall industry adopting from like major players of the Coinbase we've seen
has adopted their own MPC. They eventually bought unbound. So a lot of the major exchanges have done.
So I think at this point now, it's not so much the leap it was back then. But I think at this point,
like it sort of has emerged as like the gold standard in security. It certainly seems that way that
if you're a custodian that is not doing this, it seems like you're in the minority at this point.
So maybe let's transition to the business that you guys are building. So tell us a little bit about this. You're coming out of stealth past couple days here probably. Talk a little bit about the opportunity that you see and what you're building. Like Dima mentioned sort of after we got connected to Dima, Michael, also through the guys at Curve. And we were exploring different opportunities. And yeah, of course, we wanted to sort of, if there was an area in custody to focus, that would make sense. There were MPC providers in custody. And so that in and of itself sort of would not be that unique of a problem to solve.
But what was happening in the space, sort of early last year, we started seeing this very
major shift into the defy adoption.
So the first 13 years of crypto were mainly about holding assets and transferring them, either
for CFI settlement or what have you.
And finally, we're seeing like blockchains used for decentralized access to yield, to decentralized
access to liquidity, actually supporting a trustless ecosystem with the promise, of course,
with D5 replacing the way that we should.
traditionally run finance through all these middlemen. And well beyond the examples of CryptoKitties,
which were the POCs, we were actually seeing real use cases of this. And all this is done, of course,
through the interaction of smart contracts, contracts, which are basically are programs that are
created up by anyone, but enforced by everyone, which is sort of like where the trustless nature
arises. And one of the things that we came to the realization of was that this trans, like,
you know, the shift from when the action was a transfer to the action of interacting with smart
contracts are really very, very different actions from a security and custody perspective.
Sort of like from a non-technical perspective, think about like a transfer is like into like signing a
check. So like if I sign a check, that's about like who am I writing the checkout to? How much can I
write the checkout for who has to sign the check? And this is really what a lot of the original
institutional wallets and custodians were built to protect. That was the action transfers.
When I guess if you continue the analogy, interacting with smart contracts,
A smart contract is a contract.
And what do we always tell people when you're signing a contract?
You need to read the fine print.
And in fact, of the billions of dollars that have been lost or stolen, over the years of crypto,
like Dima talked about from compromise that the private key is the first iteration.
In DFI, it's sort of like a very different set of risks.
Most of the billions of dollars have been lost, it's not because people have had their private key stolen,
as much as like people just don't even know what it is that they're signing.
And we've seen examples of, let's say, a front end,
if a front end of a DAP gets hacked and therefore the attacker is asking a user to approve
like a new malicious transaction, users has no idea that they're even getting hacked at that time,
because this is not like me sending a transfer from my wallet. This is me approving a transaction
that's being initiated for many number of applications that those number of applications
keep growing exponentially. If an attack on a pool is going to compromise a user's funds and a user
didn't even know that they gave unlimited allowances to that contract to pull funds from their
wallet. They're even unaware that they're even at these risks. And so we realized that there's
sort of like a very, with custody means a lot of different things in the space. We realized it's
very, very different to custody for transfers than it is for custody for defy. And so we actually,
when we started talking some clients about it, we heard some like some crazy feedback. We heard
some folks telling us we had to sign a nine figure transaction completely blind.
We had no idea the details of what we were signing.
That never happened when they were signing a transfer.
People solved for that already.
We heard another person tell us at a fund.
It's scary, how easy it is for me to steal my firm's assets when I'm interacting in
defy.
And I use an institutional law and we're like, how is that possible?
So all I need to do is interact with a contract on the back end sends funds my own private
address.
Whoever is involved at the institution to even approve this has no context with which to approve
or block it.
And so we just realized that there needs to be this built from the ground up approach for custody.
And that's sort of like what's going to hold back a lot of institutions from entering and adopting DFI.
And so that's why we set up to build Fortify.
That's really exciting.
So think about you guys sitting in between the institution and these public protocols that everyone wants to engage with.
But right now, it's just not safe.
Yeah, that's right.
Dima, how do you think about it from your side in terms of just the categories of risk that exist on some of these protocols?
It's probably been a record year in terms of defy hacks.
And some of these things, I guess I wouldn't even call them hacks.
They're sort of market manipulation.
So how do you just frame the types of risks that exist in engaging with the protocols?
This is a really good question.
I mean, I think we're still in the process of really understanding because that defy space is evolving
and the security people are trying to understand and even like categorize different
types of risk, let alone, you know, try and solve them.
I would generally say there's like a few different components to defy and each comes
with the wrong risk. One main piece is just the risk with the smart contract. Smart contracts
are really, let's say, complicated programs that run this common execution environment that's
completely open to everybody. And so bugs on fund contracts are really, really critical. And so
this is like one class of problems, basically bugs in code that at the end of the day result in
people being able to steal funds. Then there's also a different class of bugs when contracts need
to interact with outside worlds through what's called like oracles. It's basically,
basically things that report external information to the blockchain.
So these things are also like, this is now not contained in the blockchain.
And so you're trusting some external sources.
If these sources can be manipulated, then the internal logic can go wrong.
So an example that would be if someone tries to say being able to manipulate the price
feed that some decentralized exchange uses and then be able to basically make a trade
or create like an undercollateralized position because of that.
And then there's also another example.
It's basically this interface between what's happened on the blockchain and what happens
as in normal, say, web to war and internet.
This is something that we are in particular working very hard to solve.
And this is basically whatever goes into the creation of the transaction.
At the end of the day, a transaction needs to capture the intent of the user.
And a lot of the problems in security, if you think about things in general, like fishing
or things like unrelated to blockchain is because there's like a mismatch between the intent
and the user and what happens.
You intend to log into your Google account, but you find yourself logging into a phishing website
that's still your password, where you're authorizing something that's not what intended to.
And so transactions is exactly this type of problem.
If you are intent to maybe send some assets to Josh, but somehow the transaction does a mistake
or because of someone tricking you or phishing you, you find yourself sending funds to an attacker.
And so I would say this type of class of attacks, basically that transactions are malicious
or this is something that we're working hard on solving.
There's multiple examples of these types of attacks leading to loss of funds.
There's an example of people being tricked into, say, approving their entire NFT collection
to an attacker where they were just maybe presented with like some kind of once-in-a-lifetime
opportunity to maybe sell their NFT and found themselves like losing all their collection.
There's also this would be an example of fishing that results in a malicious transaction.
That's maybe one example, like connecting back to what Josh talked about the difference between
maybe earlier wallets and new Defi-focused wallet like ours, is that when you are dealing with
transfers, those transfers were usually initiated from your wallet. You would go into your dashboard
of your wallet, initiate a transaction. So as long as you trusted your wallet, probably that
transaction would be created as you intended to be. But in Defi, usually the transactions aren't
created directly from your wallet, right? You're connecting your wallet to one out of whatever,
hundreds or thousands of different apps and those daps, and they're specifically their front,
that create those transactions.
So now transactions are created by untrusted sources.
And this only puts a heavier weight on your wallet, on your security suite to basically
help you verify those transactions, present you with all the information that you need to
make a meaningful decision.
Is this the transaction that I intend to do?
And also being even more proactive and flag different things that could be maybe classified
as risky.
And this is a whole class of risk that I think does basically, basically, in the same.
to necessitate building a custody solution, a wallet, that's focused on that from day one.
It's focused on this type of challenges, and the entire solution is engineered to better
protect you from those types of attacks.
Yeah, you can definitely see the clear need there.
I mean, it's been interesting to just see the types of market participants in Defi over the
year.
So it starts with individuals, eventually proprietary trading firms, market makers, hedge funds, venture
funds.
I mean, these are all customers of yours now.
But it's interesting that J.P. Morgan did a test transaction with the Monetary Authority of Singapore
on a DFI protocol a couple weeks ago. So what's your view on what it takes to get to that level
of institutional participation in DFI? Maybe this goes beyond just custody as a roadblock,
but curious your guys' perspective on what it will take to unlock some of these large banks.
It's great to see the P.O.C. I'd say, from J.P. Morgan, especially working, by the way, I think there's a lot of
talk around the fact that like we're currently obviously in like a bit of a bear market or correction.
And what people tend to say is during bear markets is sort of like where we see a lot of building
that tends to happen. And we've seen it in the previous cycles also. By the way, DeFi was born out
of the last bear market. And this is, I think, just another good sign of that the fact that like
we're still seeing these POCs. I think like you said, there's more than custody. Of course,
custody and security is paramount. We're seeing this in like the discussions and the debates on the
regulation front in terms of like protecting end user funds and how is that protected.
Obviously, a piece of that is like custody and security components. But I do think there's more
than that. There's what is going to be all the different catalysts of like how institutions will
adopt Defi. And so tokenized securities has its own issues that still have to jump through
some hurdles. So I think we're still honestly a bit away from seeing full adoption from the
traditional institutions on this side. But like, look, I mean, it's great that they chose to do this
on public blockchain. It chose to do this in DFI. The use cases are there, but honestly, I think we're
a bit far from that. The more common use cases that we're seeing now, and like I think the next case
use cases, obviously we're seeing like trading firms, funds, et cetera, who are very active in terms of like
yield or liquidity solutions out there. I think we're seeing a lot of retail that whether it's for
NFTs or other types of use cases are trying to get access within DFI. And so there will be more
institutions, corporations, et cetera, that will adopt that as part of their strategies. But I think,
like I said, it's this regulation and, like I said, like I said, like a little more complex as far
as the assets themselves to get tokenized assets on its blockchains. I think one of the things
that'll be interesting over the next couple of years is the invention of these private pools
in the context of defy. And curious to you guys' perspective on that, do you think we end up with
a bifurcated market where we sort of have a lit K-YC version of DFI and it coexists with
the version of defy as it is today? And how does that factor into some of these decisions
by these institutions? We still need to see how things will evolve. I think one challenge is that
for a lot of those market participants, part of the appeal in defy is that you also have
open pools that are also open to retail investors. And so you have much more liquidity in the
space. I think as you go into permission pools and pools that maybe have limited set of participants,
I think the challenge is how to make them, I don't come from the finance, but from 100,
understand how to make them as attractive to the different types of market participants,
even if they don't have that same amount of liquidity or the retail participants and so on.
So I think that's one piece of it.
But I think there have been examples of even, like you could say, to the complete extreme
out of it, if you say there's like public blockchains and public pools, then maybe have
closed pools and public blockchains.
And then on the opposite end, there's actually like private blockchains.
The entire blockchain is just run between a closed set of participants.
And I have heard about, for instance, banks that have been experimenting with these types of private
blockchains for their basically internal cross-bank or interbank settlement on trading.
And so I think if that has already been interesting for banks, that maybe this in-between
solution where the blockchains would be public and you could have an easier way to add more
participants while still controlling the participants, maybe that would actually be successful.
Well, that's great.
So maybe let's dive into the actual product.
I mean, you guys went into this with a certain hypothesis and now you have customers who are probably telling you what they need.
So let's talk about the actual tech stack.
What's it look like?
What's the product do?
This is something that we're very excited to talk about, of course, after a year of building this.
The main pieces of our product is, number one, we have coming back to the topic that you started the conversation.
We have our own MPC-based key management system.
We have built out an MPC key management system that uses photography to protect your,
keys and around that cryptography, a lot of system security elements that basically protect
your private keys.
But I think that's really the first step, because what really makes our product unique, what
makes it actually suitable and a good fit for D5 is the rest of the stacks.
And in particular, we've built our own browser extension that basically allows our users
to interact with any data.
And you could say it's quite a, you know, maybe an interesting decision to build our own
extension as opposed to maybe integrate with existing extension-based wallets or maybe
even use other types of protocols.
And it hasn't been an easy lift.
But I think what it allowed us is basically have this kind of co-design, as I mentioned,
between the key management and the connectivity to the blockchain and the transparency.
So our extension basically allows us to connect to both EVM and non-EVM chains within a single
extension that provides the same unified experience.
It also allows us to control the type of data.
and information and risk signals that we present to the user at the point of transaction.
And this is something that we could do because we've developed our own extension.
And finally, everything that has to do with, say, authorization, policy controls.
This is also, you see it at the point of trade through our own extension-based wallet.
So that's kind of a second piece of it.
And you think, on the back end, there's a lot of this.
We mentioned like different types of data that go into enriching a transaction.
So we have things like simulating a transaction to help you make sense,
that transaction before it happens and help people who need to approve that transaction to also
have the right context for that. And we have our own policy engine that's basically a way for you
as an organization to encode the different types of rules around what type of transactions will
be allowed, what type of transactions will be blocked, and what type of situation might require
maybe a set of approvers within an organization. And what makes, I think, our policy engine pretty cool
is that the types of attributes that go into defining those rule and this kind of authorization logic,
are really, I think, like we'd say Defi native attribute.
So it's not only things like the amount of the transaction or the recipient.
You can create really fine great rules around particular adapts,
particular types of Defi actions.
And so you can really kind of create a policy that on the one hand keeps us secure,
but on the other hand, minimizes friction around Defi trading.
And I think that's also something that's actually pretty important in Defi,
because if you're just settling some kind of trade,
sending amount, sending some funds to a counterparty,
it might not be time sensitive. Of course, you wouldn't want them to wage a few days,
but usually the terms of the deal might have been already predetermined. When we talk about
interacting with the DFI protocols, the market conditions can't be changing. If your tech
slows you down, there's maybe this one extra approver that needs to be done because you don't
know this is maybe a lower thing. The opportunity might be gone. And I think that's another
thing that we've been really careful about balancing this building our product.
That's a great explanation. And Josh, you've been out there talking to the market for years in
terms of people that are looking at custody, what have you heard just in working with this initial
group of design partners that's going to inform what you guys build next?
We love giving the demos and showing everything from the fact that there's this one
browser extension to connect to any chain. Of course, like right now, the product today is
OLLIVM. We're launching Stalana soon and then there's a roadmap for additional chain support.
But that fact, like, think about it from an institutional perspective, I always could go back and
So like, imagine if you had a solution to help you buy Microsoft stock when needed something
else to buy Apple.
Users want to use the same experience regardless of their defy activities and regardless
of chain.
And so I think that's something that's really valuable.
And the transparency is one thing that was like, wow, this is really cool.
But the approvals is also, we hear people say, I have to zoom in to watch my trader's
screen before I approve because I'm approving on my mobile or any other way that I'm
proven blind. I have to go in and watch them and there are somewhere else. And I think this is
something we're getting a lot of positive feedback. What I've seen over the years, the tradeoff
in custody has always been this concept of like security versus utility. And we saw this in lots of
different ways play out. This was like why people wanted to use their cold storage. Great. I keep
my funds in deep cold bunkers. And that's awesome. And armed guards and no one's going to come and
still my private key except like now I have to actually move my funds and it's going to take me forever to
access them. And so this tradeoff, which is one of the things that excited people,
people around MPC. And I think DEM is hitting on this also when it comes to DFI, sometimes if you're not
DFI specific around a policy engine, you just say, well, don't worry. Every action requires three people
to approve. You're actually holding people back from doing the actions that may not need that level of security.
And so being able to have that flexible policy engine, and it enables them to do their operations seamlessly
and then jumps in when you want to set policy or governance to actually, from a risk perspective.
That's really positive.
So I said, I think the two biggest things that are next on our roadmap is like additional
chain support we'll be rolling out as well as APIs for our programmatic clients.
Those are like the two next biggest things.
It's really interesting to think about what the future could look like from policy perspective
because obviously you have a bunch of offline things, but theoretically you could have policies
in the future around things that are happening on chain.
And so don't allow me to do anything if the liquidity on a certain network is below X.
the possibilities are really endless there when you think about the policy side of it.
I agree. I mean, even think about worlds from like what an OMS would do in traditional of saying
don't allow me to be more than X percent of a given pool. So this means I now have to think
about the transaction I'm about to do my current position that pool and the overall position
information. So like leveraging on-chain information to govern like my next transaction. So yeah,
I think there's a lot of interesting things, especially as more regulated institutions come in the space
that will have a lot of feedback on the policies.
So you guys mentioned that you're coming out of stealth.
So what does that mean?
It looks like you've announced a capital raise that we're very excited to be part of as well.
So talk a little bit about that.
Yeah, we're really excited that we just recently announced that we raised $18 million
in our seed round partnering with some of like the most reputable firms in both crypto and tech.
So the round was led by light speed alongside, of course, you guys at Castle Island,
electric capital, Alameda Research, Jump, Pantara,
Illuminate Financial, PayPal, Microsoft,
NEMA Capital, DCG, Defiance, and Starkware.
And I think that the round itself, of course,
is great just in terms of like the different folks that we have in there
and like their different perspectives of what they're looking to build.
Some of those guys are also our design partners.
And so we have a mix of folks in terms of trading firms and active defy funds.
We have folks who are very interested in the regulated institutions and how they're going to come into the space and their needs, as well as tech firms and like how mainstream tech firms will be adopting Defi as well.
So I'm really excited to that and we closed that early in the year.
And then we've been in stealth for the last year, just building out our team.
We now have around 30 employees between the U.S. and Tel Aviv.
And yeah, just like finally excited to get out there and show the product to everybody.
Well, that's great, guys.
and we're really excited to be on board.
Where can we send people that want to learn more about the product?
Where can we send them to find out and to take the product for a test drive?
Yeah, awesome.
So people can learn about us at fortify.com.
That's F-O-R-D-E-F-I-F-I-Fortify.com.
We're also on social media, on Twitter, LinkedIn, and Telegram.
Twitter, we're at Fortify HQ and LinkedIn and Telegram at Fortify.
And like you said, we're happy to schedule demos of the platform and just have conversation
with clients exploring how we can help secure their defy operations.
Awesome.
Well, thanks so much, Josh and Dima for coming on the podcast today.
Awesome.
Thanks, Matt.
Thanks for listening to another episode of On the Brink with Castle Island.
To find out more about Castle Island, visit castle island. Visit castle island.vc.
To listen to all of our podcast episodes, please go to On thebrink dashpodcast.com or just click on the
tab in our website. Thanks for listening.
