On The Brink with Castle Island - Lili Infante (CAT Labs) on Combating and Preventing Crypto Crime (EP.429)

Episode Date: June 5, 2023

In this episode, we sat down with Lili Infante, Founder and CEO of CAT Labs. Lili shared: Her experience spearheading the formation of the crypto taskforce at the DOJ How the crypto-enabled crime lan...dscape has evolved and become more sophisticated Investigating cases where crypto is used and the unique challenges in establishing a chain of custody Products CAT Labs is building to more effectively recover digital assets and protect against situations where assets are compromised in the first place Learn more about Cat Labs in Fortune and on their website.

Transcript
Discussion (0)
Starting point is 00:00:00 Welcome back to On the Brink. This is Ria from Castle Island, and today I'm excited to share my conversation with Lily Infante, founder and CEO of Cat Labs. Lily is a former DOJ special agent, and she spearheaded the effort to create a crypto task force at the DOJ to combat crypto-related crime. In her time investigating cases related to crypto assets, Lily realized that there were a few key missing pieces of tooling that were preventing the industry from combating this crime and presenting barriers to adoption of use cases that really aim to leverage the technology to the benefit of society rather than to its detriment. This led her to leave her role at the DOJ and began the journey of building cat labs to fill the gaps. In this episode, we cover how the nature of crypto-enabled
Starting point is 00:00:59 crime has evolved, the unique challenges as well as benefits of working on cases where crypto is being used, and how Cat Labs is building tools to help one law enforcement more effectively handle the recovery and chain of custody of digital assets, as well as how the company is building tools to prevent hacks, frauds, and scams that are enabled by crypto in the first place. So with that, here's my conversation with Lily. Hello everyone. Welcome back to another episode of On the Brink. After a bit of a hiatus, I'm happy to be getting back to hosting and with a very special guest today, Lily Infante, who is the founder and CEO of Cat Labs, which is also a CIV portfolio company. Lily, to kick it off, you have a very interesting background so maybe we can start
Starting point is 00:02:13 there. Tell us about your background and what sparked your interest in crypto initially. Thanks so much, Rhea, and thank you for having me. So I was a special agent with Department of Justice for almost a decade. And when I started looking into cryptocurrency back in about 2012, 2013, back then, Bitcoin was being used primarily as a first. real use case on the dark web for the trade of illicit goods and services. And I looked at the dark web world and I was absolutely flabbergasted and mind blown at the amount of criminal activity that was happening so openly, even though we call it the dark web, but once you actually access the websites and the hidden services operating on the dark web. You can see this criminal
Starting point is 00:03:15 activity just happening openly. And Bitcoin was being used as a payment method for these illicit goods and services on the dark web. So this was my kind of initial foray into into crypto and investigating cryptocurrency crimes. And the way I got into it in general and the way that I found doubt about crypto was actually from an episode of The Good Wife in 2012 in January. It was called Bitcoin for Dummies. And I started looking into the technology and was actually very impressed by the technology itself, the first trustless system for money. I felt like was a revolutionary technology in terms of removing the human element from the financial system and the trust element where a lot of greed and corruption lives, right?
Starting point is 00:04:14 So I was personally interested in crypto and Bitcoin at that point and then started looking into it from the perspective of the dark web once I joined the DOJ and started looking into dark web and also money laundering as it comes to cryptocurrency. There's a lot to unpack there. But I think one thing that sparked for me as you were. as you were talking about that is just maybe the contradictory feelings that you had towards crypto. You know, one experiencing it as this permissionless, sovereign digital asset that had the potential
Starting point is 00:04:57 to create a lot of good. But on the flip side, seeing it through the work that you were doing at the DOJ through a more negative lens and seeing it being used as a mechanism to facilitate transactions on the dark web. How did you kind of balance those two feelings against each other? It wasn't that difficult to balance actually, and it seems counterintuitive, but when I looked at the technology, and it's very similar with anything. If you have fiat currency, and it's being used for a criminal purpose. It doesn't mean that the fiat currency itself is illegal or bad, right?
Starting point is 00:05:43 It's just being used for a criminal purpose. And we all know that humans ruin everything. Any utopian system that ever gets created is always, we always find loopholes to make it bad and make it serve our own interests in a negative way, unfortunately. And this crypto is not an exception to that. if you look at for example the tour network it's a very similar story the tour network was actually created by the u.s. government right to protect intelligence agents and a journalist overseas as
Starting point is 00:06:21 well from being intercepted by foreign governments and other intelligence agencies by malicious state actors and then it started being used as a platform for all kinds of illicit activity right So Tor itself is not a bad thing. Same thing as Bitcoin itself is not a bad thing. The two technologies were created for a good purpose, and I still believe in that purpose. I still believe in the transparency and a decentralization and the trustless nature of the distributed ledger technology,
Starting point is 00:06:57 and I think it can have a lot of really good applications for humanity with not just money, a supply chain and, you know, banking the unbanked and, you know, just so many, so many different applications for it to improve efficiency in our society, to remove middlemen in our society and different systems that we work with. So I just reconcile those two aspects of cryptocurrency as it's kind of a necessary evil, anything that is created that's considered a utopian, you know, technology or system is probably going to be exploited somehow by humans. And we just have to get on top of it.
Starting point is 00:07:42 You know, we just have to use our tools and technologies and the human element, the good part of the human element to weed out the bad actors so that the good and the technology can thrive. I love that. And we're definitely going to get into how Cat Labs is doing that, how Cat Labs is building tools and products both reactive and proactive to kind of address maybe some of the more nefarious uses of the technology, which is, like you said, at its core, neutral. And it's how it's used that is good or bad, but the technology is neutral. So we'll definitely get into that. So I guess the next thing I want to double tap into is what inspires. you to create this first crypto task force at the DOJ. So you know, you talked a little bit about
Starting point is 00:08:35 the work that you were doing around dark webs and realizing that people were using Bitcoin, but you really ran with it. You champion the creation of the task force. What in your experience kind of made you realize that this would be a category that requires its own focused team? So when I first started looking into how Bitcoin was being used on the dark web and then off the dark web to actually launder illicit proceeds, I came up with the conclusion that this was going to be a very important facet of money laundering in the future because it's very expensive and time-consuming and dangerous for criminals to launder money. The process of laundering money is very complicated. And I learned all about that process in my first one or two years of
Starting point is 00:09:32 being in the agency and learning everything about traditional money laundering. And when I learned about how with crypto, one could transfer value across borders instantly and cheaply, that kind of set off this light bulb in my head. This is going to be huge in money laundering. not just with Dark Web, but also traditional criminal organizations. So I wanted to get ahead of it. People didn't believe me. My colleagues didn't really believe me at the time that this was going to be huge, but I think I proved some of them wrong eventually.
Starting point is 00:10:12 And when I started looking into the Dark Web and I saw billions of dollars in illicit goods and services being traded on the Dark Web, with crypto and also I saw the possibility of crypto being used as a money laundering tool by traditional criminal organizations. I needed to create a team that could handle the extent or the vast features of this criminal organization, this new criminal organization that is using this technology, not just the dark web, but also crypto technology. And the reason that I decided that that it would be best to actually create a task force that's made of different agencies is because I wanted to tap into all of the resources and brain power that is available in different agencies
Starting point is 00:11:08 because every agency has its own mission statement. Each agency is kind of very good at specific things. And I wanted to be able to tap into those resources so that I wasn't just working with one agency, I could tap into the resources of all the different agencies. And to give you an example, for example, DEA agents are extremely good undercovers. So they do really, really good undercover work. And IRS are really good at tracing the money. And HSI has a really good crimes against children squad. And FBI is really good with general infrastructure of the dark web. You know, they did, they led that the Silk Road case and other things too and have a lot of
Starting point is 00:11:58 different tools and resources too. And the US Postal Inspection Service as well, anything dealing with the postal system where, you know, on the drugs when, on the dark web markets, when you order drugs, they usually come through the mail. So the U.S. Postal Inspection Service was as well critical. So all of these different agencies have their own strengths. And I wanted to tap into those strengths and those resources to make sure that we're able to target the large organizations, right? So I didn't want to just target, you know, a dark web vendor.
Starting point is 00:12:35 I wanted to target all of the different co-conspirators within the organization to include the administrators, the money laundering organizations facilitating the obfuscation of cryptocurrency that's coming out of illicit finance and illicit activity in general on the dark web and office. the dark web, right? And mixing services, manual laundering services, etc. And vendors, of course. So I knew that I needed that big team and all of those resources to actually tackle this big kind of multibillion dollar problem. And also selfishly, if you have a task force, you are able to get dibs on certain cases. Right. So I was really inspired by how the Silicon Road case came about and was being dealt with in an interagency way and collaboration. It wasn't necessarily a task force, a crypto-focused task force, but there's different agencies
Starting point is 00:13:39 that were involved in that case. And I felt like actually creating a task force that only focused on crypto would be very beneficial in creating or getting rid of some of the rivalry that sometimes comes between agencies when we're starting new cases, especially very high-profile cases. So if I create a task force and agents within that task force actually get dibs on a specific case that we start, then we end up working the case together and not have to fight against each other and, you know, sometimes the competition is healthy, but sometimes it's destructive. So I think just that selfishly being able to get dibs on the big cases was also very
Starting point is 00:14:33 important besides getting all of the resources and brainpower of different agencies. It seems like facilitating that level of collaboration would definitely be a lot more productive than having to kind of compete over it. I guess as you were assembling the task force and tapping into different agencies that had different areas of specialty and different skill sets, what did you kind of notice were gaps in skill sets that you felt like you maybe needed to hire for or fill by like maybe building out a team exclusive of people for? from these individual agencies? Well, we always had a gap in Intel. So intel gathering when it comes to marrying the traditional casework that we do with cryptocurrency. So, for example, blockchain analysis, marrying that with dark web scraping,
Starting point is 00:15:40 marrying that with OSIN or open source intelligence is not an easy thing. and it's not easy to find one Intel analyst that can do all of those things. Right. So we kind of had to pick and choose and try to get individuals from different headquarters elements sometimes that could support a lot of these different facets of the investigation. Because when you have crypto involved in an investigation, it's an entire new level of investigative activity that's being created where you can actually trace stuff. money, right? So and tracing the money is an entire career in itself. So definitely hiring and not
Starting point is 00:16:25 hiring, but trying to tap into Intel resources and also trying to get some of these tools. And, you know, sometimes we'll go to conferences and we would get demos of some of the tools that are available out in the private sector that we could potentially use to further our cases. So we would do that and we would pitch those to our headquarters elements. And then those headquarters elements would purchase those tools for us and also for intel analysts that would then support our cases. That was actually going to be one of my questions later on in the conversation. But since you brought it up, what were some of the tools that you used in your role leading
Starting point is 00:17:07 the task force and maybe some other people used as a part of your investigations? So the main types of tools for crypto-enabled investigations would be blockchain analytics tools. So we procured a good number of these tools, including echinallysis, elliptic, coin-based analytics, TRM labs, and others, block trace as well. And so one of these tools may have something that the other one doesn't. So a lot of times we would actually procure multiple tools just to make our investigations complete. And then also dark web scraping tools, open source intelligence tools, you know, forensic tools, aggregator, intelligence aggregation tools. There's so many of them, but crypto-specific mostly would be dark web and like on-chain blockchain analytics tools that we would use.
Starting point is 00:18:06 And what were the types of cases that ended up being in your purview? I think initially you said that you were working on cases related to the dark web, but in your work, after creating the Crypto Task Force, were they all related to the dark web? Or were there, you know, other categories that kind of stood out? So I think as time progressed and as the technology grew, we started. started seeing a lot more other types of crypto crimes that were happening besides dark web crimes so dark web was definitely something that we focused on very heavily in the beginning and then as crypto exploded into the mainstream we saw a lot more uh different types of crimes that were propagating that were propagated and enabled uh and made easier by crypto right and this this would be
Starting point is 00:19:09 hacks, scams, and fraud, for example, just exploded because crypto made it so easy to monetize hacks, scams, and fraud. You know, you used to have to steal someone's social security number and then find a way to sell it and monetize that, and now you can just hack into a bridge and steal half a billion dollars pretty easily if you have the resources, right? And there's no recourse because it's crypto. So you can't, it's very difficult to get the money back after that kind of, that kind of exploit. So we started seeing a lot of, a lot of hack scams and fraud, a lot of pig butchering scams,
Starting point is 00:19:54 romance scams, defy hacks. What exactly is a pig butchering scam? Yeah, so pig butcher, I don't like the word at all, but that's what they, that's what they call it. So pig-butchering scam is basically a romance scam where a victim is contacted usually by an attractive female or attractive male and on social media or somewhere. And a romantic relationship is being developed for several months. And then after that, they get pulled into an investment scheme, usually involving cryptocurrency. They're made to open up an account on Coinbase or Binance or any other exchange, purchase crypto, and then transfer the crypto to a private self-custody wallet and then participate in basically a scammy investment scheme. And then these victims' funds get stolen and funneled out of their wallets and they end up losing.
Starting point is 00:21:02 their life savings and sometimes mortgaging the house. And it's just actually a really heartbreaking situation. And this happens just all day, every day, literally hundreds of cases a day are being reported like this. And it's a huge problem. And crypto made it a lot easier to propagate this kind of scam because of how immutable it is and how you don't have to use traditional financial system to actually siphon money out of people's accounts, right? So that's one of the big ones.
Starting point is 00:21:40 That's the pig butchering is one of the most heartbreaking scams or crimes that we've seen. And to the extent that you can speak to it, if you could speak to a couple examples of maybe cases that were more widely reported on in media that you got to work on in your time at the DOJ. I think the biggest one was the hydro market. I can't speak too much about it because it's still an ongoing case, but I was the lead agent on the case that took down hydro market, which was the largest darkware market in the world. And it was actually also a very large, the largest crypto laundering platform.
Starting point is 00:22:25 So it wasn't only used for buying illicit goods and services on the dark web. also used by traditional criminals like ransomware actors and hackers to launder money to actually funnel money through the platform. So that's one of the biggest cases that I worked. Hydro actually accounted for about 80% of all cryptocurrency dark web transactions in the world. And it was a $5 billion marketplace. And what did the investigations that you were working on, what did they generally entail, like what did the process of investigating one of these cases look like start to finish? So it really, really depends. So it depends on where the case started. Sometimes we would look for, we would look on forums or we would look for intelligence on, let's say, the biggest scams or the biggest
Starting point is 00:23:28 dark web markets or whatever it is criminal organizations that are being that are the most popular right now right so we would look on a lot of the forums and get gather intelligence that way to kind of decide on what we want to target and who we want to target sometimes we would get leads from headquarters elements sometimes we would get leads from confidential sources or informants that would then put us on the path to work a crypto case and you know every your crypto case is kind of different, but they all have that element of tracing. So we always have to have those tracing elements in place
Starting point is 00:24:08 and capabilities in place when we work a crypto case. When it comes to dark web, a lot of the targets are faceless and anonymous. So that's a huge aspect of doing a case, a dark web case, where you have to actually de-anonymize your target first before you can do it. do anything else. And then the crypto tracing portion of it actually makes it easier for us a lot of times to not
Starting point is 00:24:39 just de-anonymize personas that are operating anonymously online, but also to trace the funds, right, because the blockchain is fairly transparent. But we do have to stay on top of the ways in which criminals obfuscate the the source of funds and how they break that kind of paper trail on the blockchains by using centralized and decentralized mixers. So there's always a challenge involved in staying on top of what criminals are doing in order to hide their assets. But the blockchain is a really good tool actually to identify the big players in a criminal organization. Yeah, definitely. Definitely. Yeah, it seems like there's pros and cons. You know, on one end, like you said, you have something that works in favor of criminals and that, you know, crypto transactions are immutable. So, you know, it's really hard to reverse kind of the impacts of some of these crypto-related crimes. But then on the other end of the spectrum, something that probably worked in your favor was the fact that transactions.
Starting point is 00:25:58 are all on chain, are transparent, much more traceable, which maybe helped you to some extent. Something that you just mentioned related to this transparency is that, you know, criminals might have used centralized or decentralized mixers to make it more difficult to track them and to track transactions. You know, over the last year, there's been a lot of discussion on. the topic of mixers due to kind of the Pact on Tornado Cash. In your view, on one end, it's mixers are tricky because it gives criminals a tool, right? But then on the other end, it allows users that are leveraging blockchain, you know,
Starting point is 00:26:53 for regular, very innocent transactions. to have a level of privacy and not be tracked on chain. What are your thoughts on just mixers generally? Well, that's a good question. I don't like them. I don't like them. I feel like there's a reason why Satoshi Nakamoto created Bitcoin for it to be transparent and traceable, right?
Starting point is 00:27:20 Transparency is one of the main features of distributed ledger technology. So I do understand the privacy aspect, but think about the fact that a lot of the criminal activity happens in these dark pools, right, of, you can say that a lot of the centralized entities that deal in crypto or digital assets, right, are kind of like mixtures, right, because you don't really know what's going on within inside the actual entity until it comes out of the entity's wallet. it, right? So like the internal checks and balances of crypto transactions. So, you know, let's take FTCS, right? If the FTCS transactions, their internal transactions were transparent on the blockchain, maybe the whole thing wouldn't have happened. Right. Right. But creating these dark pools of transactions that nobody can see, it may not actually be a good idea. Actually, Satoshi Nakamono maybe had a good idea of keeping crypto transactions transparent. Anonymous and transparent, right, is what is what we want here.
Starting point is 00:28:38 But yeah, I don't really see, and you can argue with me too on this. I, you know, if you see a good use for using and mixing service, if you're not doing anything wrong, I'm happy to hear one, but I myself don't really see a good use for it, just based on the fact that I like the transparency of the blockchain. And I like even those centralized entities to be accountable for what they're doing, and not just create those dark pools of transactions that nobody really has any idea of what they're doing. And this is not just in crypto, right? The traditional financial system is the same thing.
Starting point is 00:29:26 Like the trading and investment traditional financial system, it's also full of dark pools of these big players that we don't know what the hell they're doing on their platforms. Yeah, I mean, I think that the transparency, and accountability that you get with on-chain transactions on Bitcoin and Ethereum is definitely one of the key benefits. But on the other end of the spectrum, I do think that privacy is also really important. So I guess the question that we're asking as an industry and maybe hoping to answer, you know, as zero knowledge proofs become a more viable option that can be leveraged,
Starting point is 00:30:10 maybe that allows you to get the best of both worlds to some extent. And that's hopefully the answer. Yeah, yeah, I hope so. Zero knowledge proofs is actually, it's a great technology. We're actually working on even some next level of technology at my company that may also help. So before we get into that, because I definitely want to get into that, I think maybe just zooming out a little bit, what does the crypto crime landscape look like today? versus when you started.
Starting point is 00:30:44 How has it evolved? What types of assets are people using? What types of, you know, what chains are people using? How has that changed over the last kind of 10 years? So it's changed quite a bit. Of course, it used to be mostly Bitcoin and Minero, primarily Bitcoin, primarily used in the context of the dark web and online transactions and cybercrime.
Starting point is 00:31:14 Now, in the past few years, the type of crime that's being propagated and enabled by crypto has expanded significantly. Crypto has leaked into traditional criminal organizations. This can be terrorist organizations, crimes against children, drug trafficking organizations, mafia groups are now using crypto to launder money, especially with the advent of stable coins. because now there's no volatility risk. It used to be that criminal organizations or traditional criminal organizations that are not cyber related were using sometimes cash to Bitcoin transactions. So they would pick up cash from the street from illicit proceeds and then turn it into crypto and turn it into Bitcoin. But that held a certain level of volatility risk.
Starting point is 00:32:13 They didn't want to deal with that necessarily. And when stable coins started coming out into the market and becoming more liquid, I think that really exploded the criminal use case for traditional criminal organizations to launder money via stable coins because that volatility risk is not there anymore. And it's not just tether, right? It's sometimes it'll be tether on Salon, tether on Ethereum, tether on Tron. So they'll use different chains in order to actually launder money and transfer value across borders simply and efficiently. So that's the main change that I saw in the last few years is just the use case kind of moving out of just dark web and spilling out into other areas of crime.
Starting point is 00:33:11 making it easier to move money around when it comes to crypto. Also, state actors is a big one as well. The Lazarus Group and Russians also using crypto to invade sanctions and finance their operations as well. That's a big use case, too, where they can kind of go around the traditional financial system and still finance their operations and their criminal activities as well. definitely big changes in the past 10 years, but also a lot of really good companies and technologies that have come out that have helped us kind of keep track of this evolution of crypto crime. And I think hopefully we're going to continue seeing some of these tools evolve
Starting point is 00:34:03 as well to stay on top of the crypto crime as it's evolving. So let's talk about that. You know, I think we spoke to maybe some of the biggest gaps that you experienced in skill set when it came to assembling the task force. And then, you know, you talked a little bit about some of the tools that you used in, you know, your role leading the task force. But what did you notice in your time at the DOJ that were the biggest gaps? And kind of how did you pressure test the thesis? that this warrants the creation of a company like Cat Labs? Well, I think the biggest gap was at the time,
Starting point is 00:34:51 especially in the last few years when crypto exploded into the mainstream and we started seeing a lot of the hacks, scams and fraud coming in and kind of paralyzing the government in terms of being able to respond to these crimes. I think the biggest gap was in asset recovery. So actually, when we seize digital data, whether it be phones, computers, or communications, cloud accounts, documents from criminals, actually locating cryptocurrency assets.
Starting point is 00:35:27 The process would take many, many hours. It required a great deal of experience and just technical knowledge on the part of the investigator or the analyst that was looking through the data. And sometimes it would be terabytes of data that we would have to look through to actually look for seizable assets. And we also had a huge backlog of forensic evidence that needed to be looked through and examined. And due to the fact that time is of the essence when you're trying to look for assets, for digital assets, right? You have to, once you get that evidence in hand, you have to find those.
Starting point is 00:36:13 assets right away or else the target can take them out if they have a backup of the seed phrase or the private key or even their family if we say we arrested the target their family can take that money out and move it out so the fact that you seize a computer that potentially has cryptocurrency assets on it doesn't mean that you actually seize the cryptocurrency assets you have to do several steps right in order to actually seize those assets and take them out of the the perpetrator's account. So that was the biggest bottleneck is dealing with that evidence. Actually, time to recovery, time to discovery of cryptocurrency assets was a huge bottleneck. And I saw that there was evidence sitting in evidence lockers that nobody had looked through
Starting point is 00:37:04 or people had looked through and didn't find digital assets just with millions of dollars of digital assets sitting in there gathering dust. And that's just unacceptable, especially in the context of hacks, scams and fraud, where victims can get money back, right? And I felt like that was a huge, huge bottleneck. Another thing that you and I kind of spoke about, have spoken about in the past, is just operationally, you know, the internal kind of permissioning and requirements maybe weren't as robust as it could be, right,
Starting point is 00:37:39 to ensure that the people internally that are working on these cases have like a really robust process that they're sticking to. Yeah, no, absolutely. There's a lack of custody of evidence controls that is just not implemented properly. as it is with traditional assets, right? So with traditional assets, let's say with cash, you do a search warrant on the house, you enter the house, you search every room, two people per room, you find a pile of cash in the corner of the room, you have a witness when you find that pile of cash in the corner.
Starting point is 00:38:25 If you transport that cash, you count that cash, you always have a witness next to you. And all of those steps are always recorded, right? And this is very important for court. And it's also, of course, very important to prevent rogue agents, officers, analysts from stealing money, right? You know, with traditional kind of banking assets, it's the same thing. It's there's always a kind of a custody of evidence process there. Now, with digital assets, once you lay your eyes on private key material, like a seed phrase, for example, That's it. You own the money, right? And because digital evidence very often goes through many different hands.
Starting point is 00:39:12 It'll go through an analyst hands, an agent, an officer, and multiple people have access to a copy, let's say, of somebody's phone when they're looking at that phone to look for evidence. And the problem with that is you don't know when somebody actually laid eyes on a seed phrase. Right. So there's a great potential for corruption to happen. There's potential for theft. There's really no kind of custody of evidence or chain of custody that's standard across the board for finding digital assets. Once you find digital assets and you tell someone you found digital assets, then there's a process. But actually laying eyes on digital assets, one person, it's very possible that only one person lays eyes on the digital assets and nobody else knows about it, right, which to me is unacceptable, right?
Starting point is 00:40:16 If somebody lays eyes on a seed phrase within a digital data or digital evidence, somebody else needs to know about that. There needs to be some kind of paper trail or audit trail that gets created every time that somebody actually views that private key. material. And that's that that's something that I feel like hasn't been solved yet. So yeah, maybe speak to what what products are you building at cat labs that helps kind of address this gap for the public sector, law enforcement in addressing crypto related crime in a more timely manner, a more process oriented, auditable manner, that, that makes things significantly more efficient. Yeah, yeah.
Starting point is 00:41:08 So talk about the products that you're building for the reactive piece related to crypto crime. So for the public sector, we are trying to fill that gap of digital asset recovery. So our first product is called RecoveryCat. And what RecoveryCat does is it works with any kind of digital data. and this can be a copy of a phone or computer. It can be cloud account, email account.
Starting point is 00:41:39 So any kind of digital data that could potentially house digital assets. And this is something that we as experts at Cat Labs know exactly what kind of data can potentially house digital assets. So the tool will scan through that data automatically. So it will save many, many, many hours of manual labor of scanning through terabytes of data to find evidence of crypto use. So this can be private key material, seed phrases, it can be just evidence of self-custody wallet use, evidence of multi-sig wallet use, evidence of centralized exchange use, things like that. And it will create a report and also a workflow for the public and private assets that were located. So I'm not going to talk
Starting point is 00:42:29 too deeply about how everything works. I don't want to give criminals ideas. But just in general, it kind of streamlined that process of finding cryptocurrency artifacts within digital data and digital evidence and then providing a workflow for the actual seizure of those assets and also providing a custody of evidence dashboard so that when somebody like an analyst or an officer actually lays eyes in private key material or any kind of crypto that can potentially be seized, their direct supervisor gets notified, and there's a witness workflow as well that gets triggered in that situation. So we are trying to put those controls in place, that audit trail in place, not only to prevent, of course, corruption and rogue agents
Starting point is 00:43:24 from stealing crypto, but also to create that audit trail for court, right? And also to protect these agents and analysts from any accusations. So whenever they do lay eyes on private key material, somebody actually knows about it. And whenever these cases go to trial or go to court, there's an audit trail that can be presented of when a certain person actually was working with private key material. So this is something that we think is super important to create accountability, to create more transparency in the process of seizing digital assets. And also, of course, automating these manual processes of just scouring through terabytes of data to find evidence of crypto use. So I mentioned the word reactive because Catlabs.
Starting point is 00:44:23 has two objectives. One is to react in situations where crime actually takes place and help retrieve assets that have been compromised. But, you know, I think another thing that we've talked about at length is preventing crypto crime from from happening in the first place. So talk a little bit about that and building products for one objective, which is being proactive versus the other or being reactive. Right. So we don't think only building tools for law enforcement is enough to tackle the problem of crypto crime because, yes, it's nice that they're able to streamline their cases and
Starting point is 00:45:11 their operations and, you know, find crypto in a more timely manner and speed up time to recovery. But if they're still inundated, and paralyzed by the sheer number of cases that are coming in, it is still not enough in our eyes. So what we want to do is create also proactive tools that prevent a lot of these crimes from happening in the first place. And where we found we could be very helpful in this regard is in the case of hack, scams, and fraud. So we feel like in the past few years, hack, scams, and fraud cases have exploded, especially as they are enabled by crypto use.
Starting point is 00:45:59 So what we're building here are cybersecurity tools that prevent a lot of these hack, scams and fraud from happening in the first place. So that actually eases the burden on law enforcement and they're not getting so many cases. And of course, we're, you know, decreasing the number of victims in this cases. and creating more of a credibility in this industry and trust in this industry, right? Basically making sure that people can interact with these technologies without being scammed or defrauded or hacked. So we are building two types of tools in this proactive approach.
Starting point is 00:46:47 One is having to do with the most popular ways in which people lose money in crypto. One is key management and another is social engineering. And usually it's either a combination of the two or they work separately, right? So either improper key management or social engineering or both at the same time. So I would say these account for about 80% of all the hack, scams and fraud that we're seeing. And so we're building tools in these two areas to address the vast number of cases that are, or the vast number of attack vectors in crypto hacks, scams and frauds.
Starting point is 00:47:34 Key management is something that, you know, this industry has kind of struggled with at length. And there have been so many companies that have tried to, you know, build solutions. that attempts to protect against some of these ways that assets can be compromised, I think it'd be great to get your take on, specifically as it relates to key management, like how can cryptography be leveraged in novel ways to help protect end users, whether they're institutional or individual from crypto crime, cybercrime and so on. Well, cryptography can be used in order to protect the private key aspect of, you know, distributed ledger technology, right? Because private keys is where the main attack vector happens, revealing your private key or even a portion of your private key when your, let's say, signing transactions or even in the case,
Starting point is 00:48:51 of key backup and recovery, right? Just managing that private key is a very challenging aspect of dealing with distributed ledger technology, right? And what we do at Cat Labs is we actually leverage what's called fully homomorphic encryption in order to lessen the vulnerability of that private key. So basically that private key, key doesn't have to be exposed every time that you do something, every time that you interact with
Starting point is 00:49:27 the blockchain. That's one of the technologies that we are leveraging and we have some of the greatest thought leaders in the field of fully homomorphic encryption that are working on this technology right now to make sure that key backup and recovery as well as key management are removed as attack vectors for crypto crimes, especially hacks, scams, and fraud. I think we're going to have to do another episode talking about fully homomorphic encryption exclusively because that is such an interesting field of study. And I think it's application to the crypto space in the context of key recovery, key backup is really exciting. But there are so many more applications beyond that as well. So we'll definitely have to have you back on to talk about
Starting point is 00:50:23 that. But I guess in the meantime, you talked a little bit about building tools for the public sector and law enforcement and then also about tools that can be leveraged in the private sector. And I guess this is your first time working in the private sector. Correct me if I'm wrong. You know, it's still early, but what's it been like to kind of balance the two when it comes to working with one versus the other sales cycles and so on? So I think for me, it's easier to cater to the public sector just because I know I'm so familiar with the needs of the public sector, especially in the context of what we're building. We know exactly what we need to build and we know exactly what the pain points are. And then dealing with the sales cycle is just part for the course. We know exactly what those are.
Starting point is 00:51:27 We know exactly when we need to pitch. We know exactly when the money drops. We know exactly when the fiscal year ends. Right. So, you know, these things is something that we have to navigate. Those contracts, those government contracts are generally slower to get. sometimes we would have to do trials and, you know, a few licenses at a time and then, you know, those contracts would turn into multi-million dollar or multi-year contracts.
Starting point is 00:51:59 So it's one of those things where you kind of have to go with the flow. And, you know, many companies have done it before, you know, you have Palantir that started with government contracts. TNales is also started with their first, some of their first customers. were government as well. And they ended up being pretty lucrative contracts, even though they ended up taking a little bit longer than private sector contracts would.
Starting point is 00:52:24 Private sector is a lot faster, but a lot more volatile, right? A lot more dependent on budgets and what the market is doing. Are we in the bear market? Or we're in the bull market? So I think it's a lot easier to get a private sector contract. So time to contract.
Starting point is 00:52:44 is a lot quicker, but losing that contract is also a lot easier. Once you get that multi-million dollar multi-year government contract, it's pretty much set as long as you continue meeting that need of the government and making sure that you're meeting the mission statement of that particular organization in the government. When it comes to the private sector, of course, those contracts depend on a lot on the state of the market and whether the organization that you're working with has the funds to continue supporting and continue using your tools, right, and whether it's worth it for them. So, yeah, I think the kind of the speed to market is longer in the government, but those
Starting point is 00:53:32 contracts once you get them are a lot more secure, but the speed to market is faster with the private sector, but a lot more volatile and less secure. One thing I think, Lily, you've done really well, and I wanted to kind of ask this as a last question, is build a team that is really diverse, you know, diverse background, skill sets, demographic. And I think the team that you've rallied around you at Cat Labs is really impressive. I don't know if something comes to mind, but if there's anything that, you know, any piece of advice or suggestion that you have for first time founders that also want to build a really strong, robust, diverse team around them. Yeah, I'm super, super proud of myself for actually being.
Starting point is 00:54:27 Like, you know, I'm not going to be humble here because the team is amazing. Yeah, it is. I don't know what the hell I said to them that made them. want to work with me, but, you know, my team is absolutely the special forces of this field, both in forensics and cybersecurity and cryptography. And I'm so, so grateful for being able to put this team together. We actually just had our off-site kind of team bonding experience, and I got to meet everybody in person. I think there was a couple of people that I had never met actually in person before, which was really exciting.
Starting point is 00:55:08 But in terms of being able to build this kind of team, first of all, the first step, I would say, is create the vision and then create the different aspects of what it would be necessary to actually execute. on that vision, right? So my vision was, okay, I had, it was actually very ambitious, right? Because I had two products that have some similarities, right? But, you know, both in the crypto industry, but at the same time were fairly different, right?
Starting point is 00:55:50 So I had two products, one tailoring to government, one tailoring to more to the private sector, but are kind of solving the same problem. So I needed to build a team that knew the problems of both sides, right, that knew the problems of the public sector and knew the problems of the private sector and knew how to solve them. Right. So I needed experts in cryptography. I needed experts in cybersecurity. I needed experts in forensics. I needed experts in selling to the government. I needed experts in selling to the private sector. Right. So that is something that I had to think about when I first envisioned what this company was going to do. Okay, what are the different pieces that I need to put together to actually make this work? Right. Because I can't afford for it not to work. I just left my cushy government job to pursue this. This has to work. So, you know, I had to think about those different.
Starting point is 00:56:57 pieces that all needed to come together for this thing to work. And it's not just the tech talent. And it's not just the selling. It's everything. It's research and development. You know, it's very niche areas in which I think we needed extreme expertise. Right. So, you know, I hired, I hired someone from that was pursuing his PhD and fully homomorphic and because I knew I wanted to use that technology in order to, you know, deal with the key management issue in cybersecurity, right? So I knew I needed someone that was very well versed in general in crypto cybersecurity. So, you know, I hired former former chief security and development officer of DCG and all of its fully own subsidiaries. who else better to do this than this guy, right?
Starting point is 00:57:58 So, but I think my main advice to founders is have your mission statement, your vision for your company very well articulated. And when you're getting people on board and you're trying to attract talent, make sure that these people are on board with you, right? that these people can get on board with your vision and your mission and get excited about your vision and your mission. That's the most important thing because most of the people that I got on board, they're not doing this just for the money, right?
Starting point is 00:58:37 They're doing this because they're passionate about what they do specifically. And you have to find those people that are passionate about what they do and then just take them and put them in that position in your company to continue doing what they're passionate about. Yeah. So that's just articulating that vision and that mission statement. And it wasn't that difficult for me because we're trying to fight crime, right? So everybody wants to fight crime.
Starting point is 00:59:02 You know, we don't, nobody like, you know, we all want to feel safe in our society. So I think, I think it was fairly easy to get that across and, and also to convince people that I'm serious about this, that this is not something that I'm just saying. just to, you know, raise money or just to kind of a get rich click scheme. You know, I've been in public service for over a decade. I dedicated my life to fighting crime and I, you know, love to do this now in the private sector. And I think getting people on board with that and with that mission and that vision was the challenge. And I think people love it.
Starting point is 00:59:47 I think people want to do good in the world and use their powers for good. And that's what we're doing here. I love that. And I think it is a testament to your passion, your leadership, and your ability to really articulate that vision and that mission that has definitely allowed you to build such a stellar team. Lily, it's been such an honor to have you on. You have such a cool story. Thank you so much for sharing so much about your.
Starting point is 01:00:17 experience working at the DOJ. It's really cool to get a look into that that whole piece, which I, you know, wasn't super familiar with until I met you. So that was awesome. What is the best way for people, our audience, our listeners to, you know, keep track of you and what you're building at Cat Labs? Definitely our website, catlabs.io. And yeah, look me up on Twitter and on LinkedIn as well. Thank you so much for having me.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.