On The Brink with Castle Island - Josh Schwartz and Dima Kogan (FORDEFI) on Building Institutional Custody for DeFi (EP.369)

Episode Date: November 8, 2022

Josh Schwartz and Dima Kogan, co-founders of Fordefi, join the show. In this episode we discuss: MPC custody: what it is, its academic roots and how MPC works. The tradeoffs and considerations that h...ave led to the growth in popularity of MPC custody. Josh and Dima's backgrounds and the path that led them to founding Fordefi. The institutional custody landscape and some of the challenges that firms face when engaging with DeFi protcols. How Josh and Dima think about the security risks associated with smart contract platforms. The types of customers that Fordefi is currently serving. Their fundraise announcement and what is next. To learn more visit fordefi.com

Transcript
Discussion (0)
Starting point is 00:00:00 Today on the podcast, I sat down with Josh Schwartz and Dima Kogan, the founders of Fortify, a company that's building custody solutions for institutions that engage in the DFI ecosystem. This was a fun podcast, and we touched on the academic history of MPC. We talked about the state of institutional DFI. We talked about how Fortify is building their product in response to evolving customer demand. So without further ado, here's my conversation with Josh and Dima, the founders of Fortify. Matt Walsh and Nick Carter are partners at Castle Island Ventures. All of these expressed by them or the guests on this podcast are solely their opinions and do not reflect the opinions of Castle Island Ventures.
Starting point is 00:00:34 Guest and host may maintain positions in the assets discussed in this podcast. You should not treat any opinion expressed by anyone on this podcast as a specific inducement to make a particular investment or follow a particular strategy, but only as an expression of their personal opinion. This podcast is for informational purposes only. Brought down by bad mortgage investments, Lehman, which has 25,000 employees, will be liquidated. The federal government loans, American International Group, AIG, $85 billion. This is a different kind of mortgage. And the Fed is asleep. The federal government is stepping it to stabilize Fannie Mae and Freddie Mac, the two mortgage
Starting point is 00:01:05 giants that have been threatened by the housing crisis. The Bank of England has pumped 75 billion pounds more to Britain's ailing economy with a new round of quantitative easing. You print a couple trillion dollars and all of a sudden people start to worry. So out of this worry, we have something called the Bitcoin. Bitcoin. So Josh and Dima, thanks so much for joining us today on the podcast. Yeah, thanks for having us.
Starting point is 00:01:25 Well, excited to talk about Fortified, but why don't we? start off with a little bit of background, your crypto journeys, what brought you guys together to start this company? Sure, I'll through the first step. So, you know, I come from a much more traditional financial background as now is common in the space, but probably wasn't so common back five years ago. I started at firms like Canterford's Cheryl and some hedge funds at Bloomberg. It was actually at Bloomberg when I got a random call if I was interested in joining this company called BitGo. And my first reaction was like, is that that Bitcoin thing? Is that even still around? And sure enough, it was over a year from the time of that original call tell I eventually joined,
Starting point is 00:02:03 and that was me just sort of going down the rabbit hole of the space and sort of like understanding it. This is going to be paradigm shifting for certainly the financial ecosystem. And for me also was pretty exciting, like what I was doing, especially like market structure, electronic trading, et cetera. There were thousands of people like me on Wall Street doing what I was doing. But to come to an industry, which was lacking people with traditional financial and market structure background, knowing that was going to be important for institutions coming into space was also really enticing. So, which by the way, interesting, while I was going to the Rabbit Hall, I bought my first Bitcoin. I remember buying my first Bitcoin on Coinbase and going on the blockchain to try and see the
Starting point is 00:02:41 transaction. This is so transparent. It's so cool. And of course, finding that that transaction wasn't there because most of crypto at that time, at least, was still like very sci-fi oriented. And so maybe a good foreshadowing for where we're at now. So I joined Bicco as Global Head of Sales at a time while the company, Bicko, of course, like the pioneer in institutional wallets, the first user of like multisig to reduce that
Starting point is 00:03:05 single point of failure as a single key. And I joined like while they were transitioning from a regular tech provider to a regulated custodian. And one of the projects I spearheaded there was the first settlement product in the space, which was like the predecessor to all the walled gardens and settlement solutions that we've seen over the past couple of years to deal with the issue of fragmented liquidity. and the fact you have to pre-fund exchanges in this market, of course, prior to like prime brokers and stuff being around.
Starting point is 00:03:30 But while I was there, I started hearing from a bunch of clients about this MPC. Hey, we're starting to hear about MPC, multi-party computation, and we hear it's the next big thing in key management. We hear it's better for chains like Ethereum and stuff that don't support Bitcoin natively. Honestly, I didn't know anything about MPC at the time. And so like anyone would do, I just started doing my research and who are the competitors and like how are we going to position ourselves against them? And notice that a lot of the MPC providers were coming out of Israel.
Starting point is 00:03:58 At the time, you had unbound fireblocks and Curve. And if I'd be like, I looked into all of them and I was just like super impressed with the team at Curve, both like professionally and personally. I eventually joined those guys as the chief operating officer. And we scaled the company through the A round and eventually to sell to PayPal early last year. And then just like the other foreshadowing to Defi, at the tail end of our time at Curve, we started seeing the defy growth happening in the space. And we were actually the first metamask institutional partners.
Starting point is 00:04:28 We were like that flagship partner for them. So maybe it was sort of like a precursor to sort of what we're doing now. That's awesome. That's quite a journey. I have a ton of follow-ups. Dima, how about you? What was the path that led you to this company? I started my career in engineering and cybersecurity.
Starting point is 00:04:43 I worked for a few years as part of my military service here in Israel on cybersecurity. And then I worked for a couple of years in Google, where I got to work on the Google. identity system. So that's kind of Google's account management system that's common to all the different Google products like Gmail and drive and YouTube and so on. There's lots of interesting challenge about securing Google's accounts and I guess specifically got to work on things related to devices. So kind of getting a better understanding of the devices of the users and using this information and the contextual setting to better, say, protect logins and this kind of stuff. And then after a couple of years in Google, actually I went back to school to get my PhD. So
Starting point is 00:05:22 So that's actually before starting the company. I spent five years at Stanford. I got the chance to work with Dan Bonnet in his lab, where I work on my PhD in cryptography. Specifically, my research was kind of combined both the more theoretical and more practical aspects of cryptography. I work quite a bit on privacy preserving cryptographic protocols. That's basically a way to construct protocols for different types of tasks that we know how to do non-privately, only to do it in a way that preserves privacy. And in some sense, when we were talking about MPC or specifically about threshold signatures, protocols, such as the one that used by MPC wallets and crypto. You can also think about obviously a protocol that tries to protect the private keys
Starting point is 00:06:00 while still accomplishing and being able to sign transactions. And yeah, so I was working kind of on this type of stuff, not really working on cryptocurrencies directly, but obviously got exposed to that as well because there's so much good things going on in Stanford in the lab in particular. And then after finishing my PhD, I was kind of excited about doing something on my own, starting a company. The two main things and to figure out
Starting point is 00:06:23 who to do it with and what to work on. The team, I was fortunate to get introduced to Josh and to Michael, our story co-founder through some common friends. So Michael,
Starting point is 00:06:32 I knew kind of from way back a little bit from the time and the service and Josh, we both knew the founders of Curve who introduced us. And then with Josh's background in custody, I was like super excited to work on the space as well
Starting point is 00:06:44 because I think it kind of connects two of the things that I was fortunate to work on and I really enjoy working on, which is cryptography and security. I think it's even within the cryptocurrency space that has so much exciting things that I would be enjoying working. This I feel like a particularly good fit. So we have to start the company around last September and it's been a fun journey ever since.
Starting point is 00:07:05 Well, I'm excited to talk about what you guys are building. But I guess before we do, we need to set the stage on just what is MPC? There's going to be a lot of people listening to this podcast that might have heard that PayPal bought an MPC company or Coinbase bought an MPC company. But what is MPC? That's a good question. So MPC stands for multi-party computation. And in general, I think you can think about MPC as a class of protocols. So protocols run between, say, different computers, different machines.
Starting point is 00:07:34 And the broad class of MPC protocols is basically a way for a set of parties to, let's say, compute some joint function or solve some common task while each preserving the privacy of some private input that they hold. So you can think about maybe the classic example. a collection of people, each has their own salary, and you want to compute, like, who has the highest salary without revealing anything about that individual salaries to other participants, just to compute the output. And so MPC is basically a class of cryptographic protocols that has been developed over the past, I would say 20, oh, but almost more than 30 years by now. It's been a long path from theory to practice. And basically, the most amazing results
Starting point is 00:08:15 in cryptography is that anything that you can compute efficiently, you can compute also privately using an MPC protocol. And if we want to now look at it through the lens of cryptocurrencies and wallets, they are usually when we talk about the PCs, we're actually talking about a particular task, and that is being able to do threshold signatures. That's basically a way one of the main functionalities of say a wallet is to hold your private key and then to be able to sign transactions. That's the way that you authorize transactions on the blockchain.
Starting point is 00:08:45 And the standard way to do it is that it's basically allowing some centralized party whatever your phone, to just hold a private key and then sign the transaction whenever necessary. And the problem with this is this introduces a single point of failure. This private key is stored in one device, one machine. And as we know, machines and phones and whatever eventually get compromised. And so here, the application by MPC would be to avoid even storing or having the private key at a single point, but rather generating it in a distributed fashion. So you could say maybe a phone and a server or maybe multiple servers, they're all run a protocol
Starting point is 00:09:22 and create this distributed version of the private key without ever having it at a single point. And then once they actually want to sign a transaction, they can again run some kind of cryptographic protocol that produces the signature on the transaction without ever exposing the private key to any one of the parties or to anyone in general while doing it. It sounds kind of magical, but yet this is an application of cryptography to this task. It's a really good explanation. And so you mentioned that there's 30 plus years of academic research that's really come together to build some of these MPC tools.
Starting point is 00:09:57 And by the way, that's without blockchains being even in the picture. But it does strike me that over the past even five years, just the huge leaps forward in the cryptography sector have been sort of spurred by this invention of blockchains and the fact that now there are very tangible use cases. Be curious, do you agree with that and kind of what role you see, blockchains having and advancing some of these academic research initiatives? It's a really, really good point. I think in general, like, cryptographers have been very lucky for blockchains to become so
Starting point is 00:10:29 popular because it's like a huge, you could say, like playground for a lot of really cool things and really cool and practical applications of pretty advanced crypto that we haven't seen before. So there's like a few examples, you know, MPC being one of them that we just talked about, zero knowledge proofs. That's another type of photographic tool. It's also something that's been pretty parable like 30 plus years. It's been mostly in the theory realm, but once the application have become so compelling over the past two years for blockchain, for various applications within blockchain, then it really got a lot of practical people to work on this type of problem.
Starting point is 00:11:05 And there's like a few critical steps, like the critical step of getting it from a theorem in a paper to something that you can actually execute on some machine. And you know, the first, initially it could be like a very big machine. and it will run for a really long time. It will have like a bunch of different caveats that won't really make it practical, but let's kind of one step. Once it gets there,
Starting point is 00:11:23 they know people who are excited about these things and you get like more practitioners, not only theoreticians looking at these problems. Eventually you kind of shave off orders of magnitude, do a lot of improvements that takes a lot of ingenuity. So there's ingenuity definitely on the theory side, but also on the practical side. And so you see this race to make these things more practical.
Starting point is 00:11:41 And I think it's just been driven by really compelling applications. the blockchain space. It's been absolutely fascinating to see. Josh, I'd be curious your perspective from the commercial side. I mean, presumably you're not in the hardcore weeds here on the cryptography and you're not building these things. But how did you get comfortable and see that there's a commercial opportunity here around MPC enough to go and just do this full time and dedicate the next 10 years to this? It's funny when I was first joining curve. I mean, to your point, there was a lot of doubt or just questions about the technology and especially some of the folks, the institutional law providers who were focused on other key management
Starting point is 00:12:20 solutions like multisig actually were raising their own pushback to MPC. By the way, P.S. over the last four or five years, like we've seen a very big shift where like even some of the multi-sig providers have now adopted threshold signature scheme as part of like their own key management solutions. Because again, ultimately, then what we saw at, what really changed really in the last couple of years was also this move from like a very Bitcoin-centric ecosystem to one where we see lots of other chains. And the idea of having a key management solution that is easily integrated and can support easily any of these chains, where to the chain itself, it's a single
Starting point is 00:12:55 signature reduces also a lot of the fees. I mean, one of the major problems with multisig as a solution on Ethereum was that, like, it was just too expensive. Every single time, those providers would have to, like, run a smart contract that, like, mimic the use of on-chain support of multisig, which is what Bitcoin has. But in Ethereum, it would just create a contract. which was very expensive and arguably not really super secure because this is now creating a contract that's providing the security instead of the math itself, which YWNBC is.
Starting point is 00:13:24 I think the way that Dean may even describe that, I like to, of course, tell from the non-technical example to salary example as a way for people to understand how we can compute solutions without sharing our individual inputs. And if you think that, the blockchain itself is protected by math. And so shouldn't it make sense that math protects math instead of some other kind of solutions? either hardware or anything else. And so really it was just seeing like over the last couple of years, just watching like the overall industry adopting from like major players of the Coinbase we've seen has adopted their own MPC. They eventually bought unbound. So a lot of the major exchanges have done.
Starting point is 00:13:59 So I think at this point now, it's not so much the leap it was back then. But I think at this point, like it sort of has emerged as like the gold standard in security. It certainly seems that way that if you're a custodian that is not doing this, it seems like you're in the minority at this point. So maybe let's transition to the business that you guys are building. So tell us a little bit about this. You're coming out of stealth past couple days here probably. Talk a little bit about the opportunity that you see and what you're building. Like Dima mentioned sort of after we got connected to Dima, Michael, also through the guys at Curve. And we were exploring different opportunities. And yeah, of course, we wanted to sort of, if there was an area in custody to focus, that would make sense. There were MPC providers in custody. And so that in and of itself sort of would not be that unique of a problem to solve. But what was happening in the space, sort of early last year, we started seeing this very major shift into the defy adoption. So the first 13 years of crypto were mainly about holding assets and transferring them, either for CFI settlement or what have you.
Starting point is 00:14:59 And finally, we're seeing like blockchains used for decentralized access to yield, to decentralized access to liquidity, actually supporting a trustless ecosystem with the promise, of course, with D5 replacing the way that we should. traditionally run finance through all these middlemen. And well beyond the examples of CryptoKitties, which were the POCs, we were actually seeing real use cases of this. And all this is done, of course, through the interaction of smart contracts, contracts, which are basically are programs that are created up by anyone, but enforced by everyone, which is sort of like where the trustless nature arises. And one of the things that we came to the realization of was that this trans, like,
Starting point is 00:15:38 you know, the shift from when the action was a transfer to the action of interacting with smart contracts are really very, very different actions from a security and custody perspective. Sort of like from a non-technical perspective, think about like a transfer is like into like signing a check. So like if I sign a check, that's about like who am I writing the checkout to? How much can I write the checkout for who has to sign the check? And this is really what a lot of the original institutional wallets and custodians were built to protect. That was the action transfers. When I guess if you continue the analogy, interacting with smart contracts, A smart contract is a contract.
Starting point is 00:16:14 And what do we always tell people when you're signing a contract? You need to read the fine print. And in fact, of the billions of dollars that have been lost or stolen, over the years of crypto, like Dima talked about from compromise that the private key is the first iteration. In DFI, it's sort of like a very different set of risks. Most of the billions of dollars have been lost, it's not because people have had their private key stolen, as much as like people just don't even know what it is that they're signing. And we've seen examples of, let's say, a front end,
Starting point is 00:16:42 if a front end of a DAP gets hacked and therefore the attacker is asking a user to approve like a new malicious transaction, users has no idea that they're even getting hacked at that time, because this is not like me sending a transfer from my wallet. This is me approving a transaction that's being initiated for many number of applications that those number of applications keep growing exponentially. If an attack on a pool is going to compromise a user's funds and a user didn't even know that they gave unlimited allowances to that contract to pull funds from their wallet. They're even unaware that they're even at these risks. And so we realized that there's sort of like a very, with custody means a lot of different things in the space. We realized it's
Starting point is 00:17:24 very, very different to custody for transfers than it is for custody for defy. And so we actually, when we started talking some clients about it, we heard some like some crazy feedback. We heard some folks telling us we had to sign a nine figure transaction completely blind. We had no idea the details of what we were signing. That never happened when they were signing a transfer. People solved for that already. We heard another person tell us at a fund. It's scary, how easy it is for me to steal my firm's assets when I'm interacting in
Starting point is 00:17:53 defy. And I use an institutional law and we're like, how is that possible? So all I need to do is interact with a contract on the back end sends funds my own private address. Whoever is involved at the institution to even approve this has no context with which to approve or block it. And so we just realized that there needs to be this built from the ground up approach for custody. And that's sort of like what's going to hold back a lot of institutions from entering and adopting DFI.
Starting point is 00:18:18 And so that's why we set up to build Fortify. That's really exciting. So think about you guys sitting in between the institution and these public protocols that everyone wants to engage with. But right now, it's just not safe. Yeah, that's right. Dima, how do you think about it from your side in terms of just the categories of risk that exist on some of these protocols? It's probably been a record year in terms of defy hacks. And some of these things, I guess I wouldn't even call them hacks.
Starting point is 00:18:43 They're sort of market manipulation. So how do you just frame the types of risks that exist in engaging with the protocols? This is a really good question. I mean, I think we're still in the process of really understanding because that defy space is evolving and the security people are trying to understand and even like categorize different types of risk, let alone, you know, try and solve them. I would generally say there's like a few different components to defy and each comes with the wrong risk. One main piece is just the risk with the smart contract. Smart contracts
Starting point is 00:19:11 are really, let's say, complicated programs that run this common execution environment that's completely open to everybody. And so bugs on fund contracts are really, really critical. And so this is like one class of problems, basically bugs in code that at the end of the day result in people being able to steal funds. Then there's also a different class of bugs when contracts need to interact with outside worlds through what's called like oracles. It's basically, basically things that report external information to the blockchain. So these things are also like, this is now not contained in the blockchain. And so you're trusting some external sources.
Starting point is 00:19:45 If these sources can be manipulated, then the internal logic can go wrong. So an example that would be if someone tries to say being able to manipulate the price feed that some decentralized exchange uses and then be able to basically make a trade or create like an undercollateralized position because of that. And then there's also another example. It's basically this interface between what's happened on the blockchain and what happens as in normal, say, web to war and internet. This is something that we are in particular working very hard to solve.
Starting point is 00:20:16 And this is basically whatever goes into the creation of the transaction. At the end of the day, a transaction needs to capture the intent of the user. And a lot of the problems in security, if you think about things in general, like fishing or things like unrelated to blockchain is because there's like a mismatch between the intent and the user and what happens. You intend to log into your Google account, but you find yourself logging into a phishing website that's still your password, where you're authorizing something that's not what intended to. And so transactions is exactly this type of problem.
Starting point is 00:20:46 If you are intent to maybe send some assets to Josh, but somehow the transaction does a mistake or because of someone tricking you or phishing you, you find yourself sending funds to an attacker. And so I would say this type of class of attacks, basically that transactions are malicious or this is something that we're working hard on solving. There's multiple examples of these types of attacks leading to loss of funds. There's an example of people being tricked into, say, approving their entire NFT collection to an attacker where they were just maybe presented with like some kind of once-in-a-lifetime opportunity to maybe sell their NFT and found themselves like losing all their collection.
Starting point is 00:21:22 There's also this would be an example of fishing that results in a malicious transaction. That's maybe one example, like connecting back to what Josh talked about the difference between maybe earlier wallets and new Defi-focused wallet like ours, is that when you are dealing with transfers, those transfers were usually initiated from your wallet. You would go into your dashboard of your wallet, initiate a transaction. So as long as you trusted your wallet, probably that transaction would be created as you intended to be. But in Defi, usually the transactions aren't created directly from your wallet, right? You're connecting your wallet to one out of whatever, hundreds or thousands of different apps and those daps, and they're specifically their front,
Starting point is 00:22:01 that create those transactions. So now transactions are created by untrusted sources. And this only puts a heavier weight on your wallet, on your security suite to basically help you verify those transactions, present you with all the information that you need to make a meaningful decision. Is this the transaction that I intend to do? And also being even more proactive and flag different things that could be maybe classified as risky.
Starting point is 00:22:26 And this is a whole class of risk that I think does basically, basically, in the same. to necessitate building a custody solution, a wallet, that's focused on that from day one. It's focused on this type of challenges, and the entire solution is engineered to better protect you from those types of attacks. Yeah, you can definitely see the clear need there. I mean, it's been interesting to just see the types of market participants in Defi over the year. So it starts with individuals, eventually proprietary trading firms, market makers, hedge funds, venture
Starting point is 00:22:55 funds. I mean, these are all customers of yours now. But it's interesting that J.P. Morgan did a test transaction with the Monetary Authority of Singapore on a DFI protocol a couple weeks ago. So what's your view on what it takes to get to that level of institutional participation in DFI? Maybe this goes beyond just custody as a roadblock, but curious your guys' perspective on what it will take to unlock some of these large banks. It's great to see the P.O.C. I'd say, from J.P. Morgan, especially working, by the way, I think there's a lot of talk around the fact that like we're currently obviously in like a bit of a bear market or correction.
Starting point is 00:23:33 And what people tend to say is during bear markets is sort of like where we see a lot of building that tends to happen. And we've seen it in the previous cycles also. By the way, DeFi was born out of the last bear market. And this is, I think, just another good sign of that the fact that like we're still seeing these POCs. I think like you said, there's more than custody. Of course, custody and security is paramount. We're seeing this in like the discussions and the debates on the regulation front in terms of like protecting end user funds and how is that protected. Obviously, a piece of that is like custody and security components. But I do think there's more than that. There's what is going to be all the different catalysts of like how institutions will
Starting point is 00:24:13 adopt Defi. And so tokenized securities has its own issues that still have to jump through some hurdles. So I think we're still honestly a bit away from seeing full adoption from the traditional institutions on this side. But like, look, I mean, it's great that they chose to do this on public blockchain. It chose to do this in DFI. The use cases are there, but honestly, I think we're a bit far from that. The more common use cases that we're seeing now, and like I think the next case use cases, obviously we're seeing like trading firms, funds, et cetera, who are very active in terms of like yield or liquidity solutions out there. I think we're seeing a lot of retail that whether it's for NFTs or other types of use cases are trying to get access within DFI. And so there will be more
Starting point is 00:24:53 institutions, corporations, et cetera, that will adopt that as part of their strategies. But I think, like I said, it's this regulation and, like I said, like I said, like a little more complex as far as the assets themselves to get tokenized assets on its blockchains. I think one of the things that'll be interesting over the next couple of years is the invention of these private pools in the context of defy. And curious to you guys' perspective on that, do you think we end up with a bifurcated market where we sort of have a lit K-YC version of DFI and it coexists with the version of defy as it is today? And how does that factor into some of these decisions by these institutions? We still need to see how things will evolve. I think one challenge is that
Starting point is 00:25:33 for a lot of those market participants, part of the appeal in defy is that you also have open pools that are also open to retail investors. And so you have much more liquidity in the space. I think as you go into permission pools and pools that maybe have limited set of participants, I think the challenge is how to make them, I don't come from the finance, but from 100, understand how to make them as attractive to the different types of market participants, even if they don't have that same amount of liquidity or the retail participants and so on. So I think that's one piece of it. But I think there have been examples of even, like you could say, to the complete extreme
Starting point is 00:26:09 out of it, if you say there's like public blockchains and public pools, then maybe have closed pools and public blockchains. And then on the opposite end, there's actually like private blockchains. The entire blockchain is just run between a closed set of participants. And I have heard about, for instance, banks that have been experimenting with these types of private blockchains for their basically internal cross-bank or interbank settlement on trading. And so I think if that has already been interesting for banks, that maybe this in-between solution where the blockchains would be public and you could have an easier way to add more
Starting point is 00:26:41 participants while still controlling the participants, maybe that would actually be successful. Well, that's great. So maybe let's dive into the actual product. I mean, you guys went into this with a certain hypothesis and now you have customers who are probably telling you what they need. So let's talk about the actual tech stack. What's it look like? What's the product do? This is something that we're very excited to talk about, of course, after a year of building this.
Starting point is 00:27:04 The main pieces of our product is, number one, we have coming back to the topic that you started the conversation. We have our own MPC-based key management system. We have built out an MPC key management system that uses photography to protect your, keys and around that cryptography, a lot of system security elements that basically protect your private keys. But I think that's really the first step, because what really makes our product unique, what makes it actually suitable and a good fit for D5 is the rest of the stacks. And in particular, we've built our own browser extension that basically allows our users
Starting point is 00:27:40 to interact with any data. And you could say it's quite a, you know, maybe an interesting decision to build our own extension as opposed to maybe integrate with existing extension-based wallets or maybe even use other types of protocols. And it hasn't been an easy lift. But I think what it allowed us is basically have this kind of co-design, as I mentioned, between the key management and the connectivity to the blockchain and the transparency. So our extension basically allows us to connect to both EVM and non-EVM chains within a single
Starting point is 00:28:10 extension that provides the same unified experience. It also allows us to control the type of data. and information and risk signals that we present to the user at the point of transaction. And this is something that we could do because we've developed our own extension. And finally, everything that has to do with, say, authorization, policy controls. This is also, you see it at the point of trade through our own extension-based wallet. So that's kind of a second piece of it. And you think, on the back end, there's a lot of this.
Starting point is 00:28:39 We mentioned like different types of data that go into enriching a transaction. So we have things like simulating a transaction to help you make sense, that transaction before it happens and help people who need to approve that transaction to also have the right context for that. And we have our own policy engine that's basically a way for you as an organization to encode the different types of rules around what type of transactions will be allowed, what type of transactions will be blocked, and what type of situation might require maybe a set of approvers within an organization. And what makes, I think, our policy engine pretty cool is that the types of attributes that go into defining those rule and this kind of authorization logic,
Starting point is 00:29:17 are really, I think, like we'd say Defi native attribute. So it's not only things like the amount of the transaction or the recipient. You can create really fine great rules around particular adapts, particular types of Defi actions. And so you can really kind of create a policy that on the one hand keeps us secure, but on the other hand, minimizes friction around Defi trading. And I think that's also something that's actually pretty important in Defi, because if you're just settling some kind of trade,
Starting point is 00:29:42 sending amount, sending some funds to a counterparty, it might not be time sensitive. Of course, you wouldn't want them to wage a few days, but usually the terms of the deal might have been already predetermined. When we talk about interacting with the DFI protocols, the market conditions can't be changing. If your tech slows you down, there's maybe this one extra approver that needs to be done because you don't know this is maybe a lower thing. The opportunity might be gone. And I think that's another thing that we've been really careful about balancing this building our product. That's a great explanation. And Josh, you've been out there talking to the market for years in
Starting point is 00:30:13 terms of people that are looking at custody, what have you heard just in working with this initial group of design partners that's going to inform what you guys build next? We love giving the demos and showing everything from the fact that there's this one browser extension to connect to any chain. Of course, like right now, the product today is OLLIVM. We're launching Stalana soon and then there's a roadmap for additional chain support. But that fact, like, think about it from an institutional perspective, I always could go back and So like, imagine if you had a solution to help you buy Microsoft stock when needed something else to buy Apple.
Starting point is 00:30:45 Users want to use the same experience regardless of their defy activities and regardless of chain. And so I think that's something that's really valuable. And the transparency is one thing that was like, wow, this is really cool. But the approvals is also, we hear people say, I have to zoom in to watch my trader's screen before I approve because I'm approving on my mobile or any other way that I'm proven blind. I have to go in and watch them and there are somewhere else. And I think this is something we're getting a lot of positive feedback. What I've seen over the years, the tradeoff
Starting point is 00:31:16 in custody has always been this concept of like security versus utility. And we saw this in lots of different ways play out. This was like why people wanted to use their cold storage. Great. I keep my funds in deep cold bunkers. And that's awesome. And armed guards and no one's going to come and still my private key except like now I have to actually move my funds and it's going to take me forever to access them. And so this tradeoff, which is one of the things that excited people, people around MPC. And I think DEM is hitting on this also when it comes to DFI, sometimes if you're not DFI specific around a policy engine, you just say, well, don't worry. Every action requires three people to approve. You're actually holding people back from doing the actions that may not need that level of security.
Starting point is 00:31:55 And so being able to have that flexible policy engine, and it enables them to do their operations seamlessly and then jumps in when you want to set policy or governance to actually, from a risk perspective. That's really positive. So I said, I think the two biggest things that are next on our roadmap is like additional chain support we'll be rolling out as well as APIs for our programmatic clients. Those are like the two next biggest things. It's really interesting to think about what the future could look like from policy perspective because obviously you have a bunch of offline things, but theoretically you could have policies
Starting point is 00:32:25 in the future around things that are happening on chain. And so don't allow me to do anything if the liquidity on a certain network is below X. the possibilities are really endless there when you think about the policy side of it. I agree. I mean, even think about worlds from like what an OMS would do in traditional of saying don't allow me to be more than X percent of a given pool. So this means I now have to think about the transaction I'm about to do my current position that pool and the overall position information. So like leveraging on-chain information to govern like my next transaction. So yeah, I think there's a lot of interesting things, especially as more regulated institutions come in the space
Starting point is 00:33:02 that will have a lot of feedback on the policies. So you guys mentioned that you're coming out of stealth. So what does that mean? It looks like you've announced a capital raise that we're very excited to be part of as well. So talk a little bit about that. Yeah, we're really excited that we just recently announced that we raised $18 million in our seed round partnering with some of like the most reputable firms in both crypto and tech. So the round was led by light speed alongside, of course, you guys at Castle Island,
Starting point is 00:33:29 electric capital, Alameda Research, Jump, Pantara, Illuminate Financial, PayPal, Microsoft, NEMA Capital, DCG, Defiance, and Starkware. And I think that the round itself, of course, is great just in terms of like the different folks that we have in there and like their different perspectives of what they're looking to build. Some of those guys are also our design partners. And so we have a mix of folks in terms of trading firms and active defy funds.
Starting point is 00:33:59 We have folks who are very interested in the regulated institutions and how they're going to come into the space and their needs, as well as tech firms and like how mainstream tech firms will be adopting Defi as well. So I'm really excited to that and we closed that early in the year. And then we've been in stealth for the last year, just building out our team. We now have around 30 employees between the U.S. and Tel Aviv. And yeah, just like finally excited to get out there and show the product to everybody. Well, that's great, guys. and we're really excited to be on board. Where can we send people that want to learn more about the product?
Starting point is 00:34:33 Where can we send them to find out and to take the product for a test drive? Yeah, awesome. So people can learn about us at fortify.com. That's F-O-R-D-E-F-I-F-I-Fortify.com. We're also on social media, on Twitter, LinkedIn, and Telegram. Twitter, we're at Fortify HQ and LinkedIn and Telegram at Fortify. And like you said, we're happy to schedule demos of the platform and just have conversation with clients exploring how we can help secure their defy operations.
Starting point is 00:35:03 Awesome. Well, thanks so much, Josh and Dima for coming on the podcast today. Awesome. Thanks, Matt. Thanks for listening to another episode of On the Brink with Castle Island. To find out more about Castle Island, visit castle island. Visit castle island.vc. To listen to all of our podcast episodes, please go to On thebrink dashpodcast.com or just click on the tab in our website. Thanks for listening.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.