The Wolf Of All Streets - How To Keep Your Crypto Safe | Security Expert Explains | Nick Percoco, Kraken
Episode Date: May 10, 2022Over $1 billion has already been hacked in crypto in 2022. Today we are joined by Nick Percoco (@c7five) who is the Chief Security Office at Kraken. While sometimes overlooked, security is a critical ...piece in crypto markets and something all traders should take very seriously. Today we discuss Nick's mantra on security, how you can protect your own assets, why having a succession plan is critical, and so much more. JOIN THE FREE WOLF DEN NEWSLETTER 📩 https://www.getrevue.co/profile/TheWolfDen THANK YOU TO OUR SPONSORS ►► I couldn't be more excited to announce that Vuori is a sponsor for the show. I've been wearing their clothing for years and can't get enough of it. Countless episodes have been recorded in Vuori, and I tell everyone they need their incredibly versatile and comfortable clothing. You can do practically anything in it. For our listeners, they are offering 20% off your first purchase. Get yourself some of the most comfortable and versatile clothing on the planet at vuori.com/melker. Not only will you receive 20% off your first purchase, but enjoy free shipping on any U.S. orders over $75 and free returns. Get your outfit today at: https://thewolfofallstreets.info/vuori ►► Have you ever had your exchange go completely offline during days of high volatility? Of course you have. We've all been through it. Those days are no longer with Bullish. Bullish is a new breed of digital asset exchange that empowers users to trade with deep and predictable liquidity across highly variable market conditions. They also have incredible automated market-making and industry-leading security. I can't get enough of this platform and it's fully regulated. Sign up here: https://thewolfofallstreets.info/bullish/youtube EPISODE LINKS Nick Percoco: Production & Marketing Team: https://penname.co/ FOLLOW SCOTT MELKER • Twitter: https://twitter.com/scottmelker • Instagram: https://www.instagram.com/scottmelker • Facebook: https://www.facebook.com/wolfofallstreets • Web: https://www.thewolfofallstreets.io • Spotify: https://spoti.fi/30N5FDe • Apple Podcasts: https://apple.co/3FASB2c
Transcript
Discussion (0)
Let's go.
Being the head of security at a major exchange has to be one of the most stressful jobs in the world.
Not only do you have to constantly prevent the attacks that are happening,
but you have to plan for the ones that you don't even know exist yet. Nick Percoco has been doing this for decades,
but we're lucky that he's now at Kraken helping to secure assets and lead the way
for digital security and crypto security into the future.
This episode is sponsored by Vauld and Vori. Please stay tuned for more
information on both of these amazing companies later in the episode. So we were joking around
right before we were talking. And I said that in, I remember when I was a kid, they used to say that
the most stressful job in the world was being an air traffic controller. Now I'd have to imagine
the most stressful job in the world has to be exchange security. And you're the head of that
at Kraken. I am. Yeah. Yeah. The head of security and engineering and IT. So, there's all things
technical really at Kraken. And how do you actually split that
division of labor? Yeah, so we have a security team,
and it's not just people just doing generic security. So, there's a full stack of activities.
So, everything that you hear about from red teaming, people trying to hack into us constantly,
to try to find flaws and vulnerabilities, to blue teaming, people who are trying to
detect when things bad are happening, and then really everything in between.
So we have policies, procedures are important, how we actually look at our code.
We have an application security team that partners with our engineering team and is
embedded in our engineering team to make sure that the code that we write, when it gets out to our clients and gets in the app store,
does not have security flaws. Right. I mean, we're over a decade into,
obviously, Bitcoin's existence. Yeah.
But it's still really, really early. Is there even a roadmap for what you're doing? Are you
guys literally just drawing it as you go, because there's always new vulnerabilities hackers have new
Attack vectors. Well, certainly that I've been in the security industry. This may will be 25 years Wow
So I've been at this for a long time
Not in crypto because crypto hasn't existed for 25 years
But for building security products supplying security services to traditional financial institutions
manufacturers all sorts of organizations.
And what we're seeing now is almost a little bit of a repeat, I would say.
The types of compromises, the types of data breaches, the things that we would see a decade ago or even two decades ago,
we're starting to see a repeat of that.
And so a lot of what we do is build frameworks internally, build well-oiled machines
so things are constantly being monitored, constantly being acted upon, rather than playing
whack-a-mole. You might think, oh, there's a new vulnerability that came out. The whole company,
the whole security team runs in that direction. We don't. We have people who triage those issues,
see what issues we might be faced internally, and then go through the process of maybe patching
systems or upgrading things or changing the way we do things. I mean, you just said in passing,
the people who are constantly trying to hack us, is it literally never ending?
Yeah. I mean, if you're in crypto, really in any business, you are constantly being,
people are trying things, whether it's social engineering attacks against your support staff. It may be people trying to exploit, try to find flaws on your website or in your mobile
apps, or against your API.
There's constant attacks that are happening.
And then we also, in order to stay in front of that, we employ people who are hackers.
White hat.
Yeah, white hat hackers.
And what we do is they build campaigns, like nation state quality type campaigns,
where they will say we're going to target this part of the business, this set of people, this individual.
And they will go and they will build tools.
They'll write their own malware.
They'll do everything that a real adversary will do.
And they'll launch that against our business.
And I'm usually the only person that knows about it, right?
Like that's the design.
And then our people who are the security team that monitors, books on the engineering team,
our support staff, anybody in that world that might be in the line of sight of when this
stuff happens, it's their job to detect it, report it, and respond to it.
Is the end game, I mean, I guess it can be various things, right?
The end game could be liquidating your guy's treasury, right?
I mean, just stealing all of the coins or whatever.
But then you talk about the social engineering side of it.
Is it about data hacking and then being able to actually attack your customers?
Right, I mean, BlockFi, I think, had the case where one of their, was that one of their customers?
There's been a bunch.
One of their employees was socially engineered.
Yeah, there's been a bunch in the last, I would say.
Happened to Twitter.
Yeah, happened to Twitter.
I mean, just in the last couple of weeks, right, you saw, you know, Cash App, Okta, MailChimp, right?
Several months ago, Robinhood, right?
These types of attacks happen.
You go at a support agent and you get them to click on something.
You get them to install something or you bribe them, right?
Like those types of things can happen. And so we know that's a risk. And we've put things in place
to be able to one, test to see if those things are possible, or two, detect when those things happen.
And so like I said, you know, the end game, is that sort of like you get the information then
on the user and you go attack them? Like is it like to get to your customer's individual to
socially engineer something against them so that you can SIM swap them and then you have the proper information in
place that then they can log in and, you know, go after that person? Or are these really like
they're attacking the exchange as a whole or is it literally all of it? Yeah, I mean, it's probably
all of the above. Yeah, I mean, the, you know, if I'm an attacker and I want to get information
about, like, say, a Kraken client, for example,
I may use that then to, again, in turn, attack them in different ways.
Same thing happens when you hear about big data breaches.
And it says, well, the name, address, phone number, email address of a million clients of this crypto company were exposed.
There's probably going to be phishing attacks, well-crafted phishing attacks,
trying to get them install malware on their computer.
And then the end game is,
let's try to get access to the funds.
Most of the attacks that we see in crypto
or even the world in general
are not like highly technical exploits against some system.
It's mostly, let's just trick somebody
to clicking on a button
or giving up their seed phrases
from their MetaMask wallet.
That's like how most of the NFT compromises that you hear about.
It's not these like zero days that are being burnt on Chrome to be able to get access to like plugins on extensions on Chrome.
They're really social engineering someone to just do what they shouldn't be doing.
Giving up all their seed phrases, the attacker clones their MetaMask wallet and just moves their board apes out.
And it seems like there's this stigma that that's a uniquely crypto thing. But as you said,
I mean, we saw with Twitter, it's not. And there's a lot to be gained by hackers from going after
basically every system at this point. Yeah. Social engineering against people
has been going on since the start of the internet, probably. You hear about scams where even elderly people get
phone calls like, hey, it's Microsoft. Your computer's having problems. Go to this website.
And they go and they install stuff. And then the attackers have access to their online banking.
And those types of attacks happen all the time. The criminals are porting it to the crypto
industry. When I was in college,
which was admittedly quite a long time ago, maybe it was 1995, 1996, I was at University of
Pennsylvania and American Express was giving away a free t-shirt for you to sign up on a piece of
paper, a card. And someone, I guess, looked over my shoulder and took my social security number.
It was in the 90s. And it was a nightmare for seven years of my life oh wow like all my credit was frozen because they had to put
all these stuff like you said this is nothing new no yeah it's just a new way and easier way to do
it yeah like identity theft was big in the 90s i remember those stands in college right they'd say
free t-shirt you get a credit card with a hundred dollar limit that's exactly what it was and i fell
for it but i was a 19 year old kid-old kid who had a dirty shirt on.
What's interesting, I think in your position, especially maybe at Kraken, you can correct me if I'm wrong,
you guys are more, I guess, interested in being regulatorily compliant than a lot.
You're a bank now, right?
So you sort of, in your position, have the weight of the entire industry,
not only your clients in your own
business, but it feels like there's major scrutiny. You guys are under a microscope because if
something went wrong, it could basically send shockwaves through these other parts of what
you're doing or even how regulators view us or Congress people and such. Yeah, I mean, we've been
doing this since 2011. So it's like 11 years from a crypto company,
which probably is like five lifetimes in this industry. Most of the companies at events that
you're seeing, they started this year or last year or the year before. So we've been at it for a long,
long time. The security program that we've built is, one, all of our employees are part of the
security program. It is not, we have a security team, and we have people specialized in security, like on the support groups,
and people who specialize in security and engineering,
but everybody's part of security at the company.
And sort of the thing we have internally is everybody's productively paranoid.
So it's not as if people just click links and just go about their business all day,
like just like a mechanical Turk and just do things, whatever they see.
They question, and they will ask the security team for help sometimes
it's completely benign it's like oh yeah this is an email look at it man yeah can you help me out
i don't i didn't expect this or i you know or you know i was conversing via email with somebody a
business partner and now the email address changed right it's like bob at something but now it's bob
at something else is this malicious sometimes it Sometimes it isn't. Sometimes, you know, companies have... Sometimes Bob just responded from his
other email account. From an email account, yeah, but they'll raise that to us. They'll create a,
you know, pull, you know, a pull alarm internally. We have folks that jump in,
help them out. So we do that. And then also from a, you know, when you think about standards,
security standards or regulatory requirements, you know, my mantra around building security
programs is to always just focus on what we
need to do because of the threats that we're faced.
And where that then starts to intersect as the organization matures, where we're at now,
11 years later at Kraken, when we're faced with, here's the regulator saying you need
to do X, Y, and Z, we're already doing X, Y, and Z.
We're doing X, Y, Z, and A,
B, and C as well. Anticipation. Yeah. And just because we're always above and beyond what anybody
else would ask of us. Have you been doing this at Kraken since 2011? I have not. The Kraken has.
Yeah. So I've been with Kraken for just coming up on four years. And then prior to that, I've
been in the security industry. Right. But so so you came in because this was a challenge for you in the security industry?
Or were you already orange-pilled or crypto-involved or interested?
Or is it actually still more of a thing where it's just a job for you and it's a challenge?
No, no.
It's very much.
I'm very much into crypto.
Yeah.
So I first was exposed to crypto around like the 2012, time very early so very early um when i was
um running a research uh security research team it's called spider labs um pretty well known um
i was running that we had labs full of um password crackers which happened to be gpus so we started
to naturally experiment with let's mine so um so that was sort of my first foray and it was mostly
a lot of the researchers started coming to me and say,
hey, we have this rack of GPUs that we use for cracking passwords
when we're doing client engagements.
Do you mind if we mine some Bitcoin?
And I remember thinking, what's Bitcoin?
And so then we got into it and started learning more about it.
And then really, I went from sort of the security industry work
where I was helping clients and building products
that secured clients' environments
to shifted around 2015, 2016 into more of a chief security officer role at an industrial AI company.
And the crypto opportunity approach came to me.
When you think about industrial AI, the threat landscape's not super exciting.
Who really wants to steal data that comes off of a tractor or something like that? Not super
interesting. That landscape isn't too great. But the crypto threat landscape is pretty intense.
And so someone who had been at that point 21 years in the security industry, I was like,
this is awesome. It's like live fire all the time. The biggest challenge you can actually have. So you've got to be a bit of an adrenaline junkie.
Yeah, I mean, you see, I have a lot of passion about this.
I'm really excited about it.
Yeah, so I don't want things to be boring.
So there's always constant activity happening from all directions, and it's super exciting.
Right, so listen, we probably have a lot of people who listen to these that scratch their head when they think about security and are probably missing
even the most basic and simple tactics that they can use to secure their assets. What would you
say to the average person who's new to crypto and just doesn't have anyone guiding them,
telling them what to do? I know that Kraken has their procedures in place, educational content,
but I'm a guy, I'm signing up.
What do I do after I buy this thing?
Yeah, the biggest piece is focus on personal security first,
even before you go to sign up and buy some crypto.
So personal security, when I talk about that,
the basics are make sure your email account has a unique strong password.
Do you have 2FA?
If you can get a security key. Almost nobody
does. Right? Do that because your email account is the hub of your whole digital life. And if I
get asked your email account, I'm going to reset all of your passwords in various places. I'm going
to put filters on your email account so that when you get alerts from various banks or crypto
exchanges, you're not going to see them. Go to someone else. Right? They're going to come to me
or they're going to go into a junk folder someplace.
So that's a really big piece that people often overlook.
And then if you're in your journey,
you're going to sign up for Kraken,
you're going to create an account on another exchange
or someplace else.
Maybe you're going to create five different accounts
because you want to see what it's like.
Make sure that you're using unique passwords.
Silo everything.
Yeah, silo everything.
Get a password manager, right?
Make sure that your whole life is sort of secure in that way.
And then once you go and you start buying,
so say you sign up on Kraken,
you download our Kraken app,
you buy some Bitcoin,
you can keep it there, right?
If it's small amounts,
but if it turns into this like significant portion
of your net worth and you're buying crypto
and you're investing in that,
we even recommend, like you might not want to keep it on your exchange account, right?
Get yourself a hardware wallet.
Such a, like, it's such a buy pull, like, it's such an interesting spot for exchanges to be in
to say, we are really good at securing your assets, but maybe take them off.
Yeah, yeah.
Yeah, I mean, you know, we have folks who stake, you know, a great deal of assets on our exchange.
We have people who trade constantly, right?
So they have to have assets on our exchange.
And we're a very safe place for doing that.
But for individuals who maybe are just getting into personal security and doing things,
if you're going to keep a large amount of Bitcoin on the exchange or other cryptocurrencies,
get a hardware wallet.
Just learn how to move it there and keep that in a safe place.
If you're just in a deposit-only sort of mode, you want to buy or you're holding, you're not going to sell it.
Just, you know, have it, just siphon it over there.
Keep enough for you to like dabble in things that you want to, oh, there's a new coin that we listed, a new crypto listed.
Your trading account is on the exchange.
And then have your savings, your long-term savings on a hardware wallet.
But then people, that's so scary to people. It is the right move, but being your own bank is
terrifying because then you become your single point of failure, right? You do. I lost the thing.
I don't know where I put the password, the paper keys. My dog ate my keys, right? Yeah. Well,
then you have to pay attention to that. You have to really take it seriously.
The hardware wallet vendors, they give you instructions, they give you warnings.
They say write down the seed words, put it someplace that's not in your house.
Humans are humans.
But people don't.
I have heard horror stories where individuals have had lots of crypto on a hardware wallet, forgot the pin.
What do you do?
Forget the pin.
Forgot the pin, that's okay if you have the seed words.
Oh, I don't know where the seed words are.
Then you're in sort of a bind. and there have been there are like crypto wallet recovery
companies we have kraken security labs we found exploits in hardware wallets that would allow you
to recover the seed phrases but it's not like a silver bullet because even when we do it you know
we're security researchers when we do it we might brick five or six hardware wallets yeah because
we're doing it for the research yeah we're not doing it to recover a thousand Bitcoin from someone's hardware wallet.
Guys, I have a serious question for you.
How much interest are you earning in your bank account?
Is it 0.00001% or something similar?
We all know by now that there's a better way in crypto,
but you want to be using the best platform possible,
and that is Vauld.
I have been using it myself
now for quite a while, earning the highest interest rates in the industry. 12.68% on stable
coins, 6.7% on ETH and Bitcoin, and earning yield on a ton of other assets. But it's so much more
than that, guys. They have a robust exchange. You can swap your coins, and they have the amazing
automatic investment
plan where you can dollar cost average, or more importantly, buy the dip automatically. We know
that when the dip actually comes, nobody buys it because they're scared. Well, you can automate
that process now with Vauld. Guys, this platform is absolutely incredible. It does everything.
They're backed by Pantera and Coinbase Ventures. You really can't ask for anything more. And if you use the link right down below, you get a 40% kickback on trading fees,
5% commission on interest payouts, and 5% commission on loan interest. Guys, sign up
right now at thewolfofallstreets.info slash VAULD. That's V-A-U-L-D. Do it now, seriously.
I'm currently wearing the most comfortable clothing
on the planet.
Are you?
Unless you're wearing Vori,
then your answer is obviously no.
Guys, if you've listened to my live streams,
then you've probably heard me rant and rave
about this incredible company.
We love them so much that we reached out
and did a sponsorship deal
after I've already been talking about them for months.
Yes, it's athletic wear,
but you can wear it almost anywhere
and it's the majority of my wardrobe. Seriously, I wear these clothes all the time. If they would
make a tuxedo, I would have worn it to my wedding. And you can feel great about wearing these clothes
as well because they're offsetting 100% of both their carbon and plastic footprint. Guys, wearing
Vori is an investment in your happiness and your comfort. I am serious.
These clothing are incredible.
Get 20% off of your first purchase at Vori.com slash Melker.
That's V-U-O-R-I dot com slash M-E-L-K-E-R.
If you're not wearing these clothes yet, you need to go get them right now.
Yeah, I mean, I've always kind of said that it's not a marketing
or PR program. It's just sort of a UX UI problem, right. Which is a good thing because we're early,
but like grandma's not going to get this right. So where are we on the curve to, I know how to do
all of this in the same way that I know how to send people money on PayPal and not worry about
what's happening on my PayPal account. Yeah. I mean, that's what we think a lot about that. So
if you look at our experiences, we have our consumer app and then you have our pro experience,
right? The pro people know what they're doing, right? They're the pro traders. The consumer app,
we're constantly thinking about ways to make it simpler, make security simpler for individuals
so that there's not a million hoops you have to jump through.
There's a couple of things maybe you can do and you're highly secure in that way.
But I do agree.
Like, it is a UI, UX problem.
Not even about security, just in general.
Just in general.
For a lot of people, it's like, how do you send this thing?
Yeah.
I bought it, but now what?
That's a lot of letters and numbers and you're scrutinizing everyone.
We all do it.
Yeah.
Well, even in the security world, like, we spent like a decade telling people, don't scan QR codes.
Yeah.
And now you're scanning QR codes all over the place, right, to spend.
We're at a Bitcoin convention right now.
Somebody hands you a business card with a QR code, check out my thing.
Right, you scan it.
Oops.
Yep.
Right?
I mean, this is like we're sitting in a hacker's paradise.
Yeah.
As we speak.
I laughed when I was walking through and I saw the charging stations.
Put your phone in there, plug it in and walk away.
Leave it. Leave your phone here for a while.
Nobody here would possibly target that.
You said something earlier that was really interesting,
sort of about the fact that a lot of people, you buy this little bit of something.
Yeah.
You don't worry about the
security because it's a little bit, but in this market, that can become a major significant
part of your net worth.
Jameson Lopp years ago said to me something interesting when I was talking to him about
Kasa Multisig.
I said, you know, what level of wealth do people need to be at to use a service like
this or just start taking their security this seriously?
And he said, what I like to say is basically take what you have now,
10 exit and how would you secure that? Right.
Is that how you guys kind of think about security is like, if you got to,
if you have a million, a hundred thousand dollars now,
but what if that was a million?
Yeah. And you, as an individual, you might think about it differently, right?
Like even someone who has $5,000 and now they have 50 to them, that might be might be you know that's like literally everything you can go buy a car with it right now versus just
maybe you're dabbling around with five thousand dollars in crypto yeah certainly you really need
to think about you know there's like even succession planning like you know planning
right like if you have a hardware wallet that only you know the pin for and only you know where the
seed words are and you and you're you have a family, right? How do you manage that?
I literally go through this in my house
every time I leave town.
Here's where this is.
Here's how you do it.
Here's who you can call that's trusted, right?
That can help people out, right?
It's insane.
Yeah, you have to do that
because you are your own bank.
But you're also your own bank
with like all of these assets
that don't have similar storage or you know like
explaining somebody how to recover your assets for multi-sig is not the same as say telling them how
to go to an individual wallet or you know it's really yeah it is very complicated problematic
and i think you know we're very early i mean even still right like even though we've been around for
almost 11 years i i sort of see patterns, similar patterns.
I was very early in the security industry in the 90s.
I worked at security companies, big conference centers.
There's like 20 booths, and that's it, tables.
So that's where I grew up.
And I see similar patterns to where this is a natural evolution.
There will be breakthroughs.
There will be new innovations that will get us to a place where security sort of fades into the background.
Yeah, it's not your only concern all the time.
And you have peace of mind as a consumer or someone who's just
using crypto, right? And there's things built in there. There's still work to do.
We're still very early on.
We're on that trajectory, obviously. I'm already like a lot of exchanges starting to talk about like eliminating passwords right or it's all ub key based or facial recognition and all
the things it seems like each one of these comes with their own unique challenge or again attack
vector but like if you could imagine now the perfect security setup for your average user in
five or ten years yeah was i looked is it like there's a chip in my brain and I look at it and only I can open my account
with my, you know?
Maybe.
Yeah, maybe.
Maybe there's some, you know, you know, with Elon Musk working on the, you know, the neuro.
He's busy with Twitter now.
Yeah.
Now he's trying to fix the edit feature in Twitter, right?
So, yeah, I mean, I think there's, there will be ways to authenticate in new ways that will be more seamless.
Yes, putting your username, password, using another device.
I mean, that's what we sort of have as sort of like the best from an individual standpoint.
I get a little wary even as a security person that if your authentication is just plugging a key in.
Then that's it.
It's a single factor, right? Like your key's on your desk or whatever, and you go out to lunch.
Someone's like, oh, and they get into your account.
You literally have to secure the key every single time you walk out.
Right.
So it pushes more and more onto the consumer.
So I would say we'll get to a place where spending of crypto becomes more ubiquitous.
Everybody starts having lightning wallets on their phone.
And especially in small amounts,
face ID, touch ID is fine, right?
I mean, the funny thing is, frankly,
if it was all insured, it wouldn't matter that much.
Right.
I mean, we all know that our American Express,
these companies do a great job of calling you
when there's a potential fraud or transaction, but we all know that there's going to be fraud on our credit cards and bank
accounts and tax. We just don't fear that we'll never get the money back. Right. So we talk about
the security side, but shouldn't the regulators be or regulators, banks, everybody be looking at
this from the other side and saying, yeah, you are allowed to own this stuff. And you know what?
If you lose it, we'll insure it or cover you. And by the way, we do see that from wormhole attacks and all this stuff. We are seeing
people refunded, but that's not the same. It is a different paradigm shift. Like you said,
personally, if someone got my credit card number, I would care less, right? It happens.
It might suck for a day when you're changing a bunch of things.
Yeah, it happens, man. I've gone to hotels and those hotel systems got hacked and now my credit
card's out there. So I've had that happen.
And crypto is a very big paradigm shift.
You can't call 1-800-BITCOIN and say, my wallet's empty.
Let me talk to the manager.
Yeah, let me talk to the manager.
My wallet's empty.
Oh, okay.
Can you refund me?
Nope, that's not happening.
So it is more under the be your own bank and you have to be your own chief security officer.
I guess that's the whole thing, though.
If we do get all those systems I'm talking about, then we're just like everyone else
and you've sort of lost the self-sovereignty anyways.
That's correct.
You're just a part of this legacy system that you're supposed to be raging, the machine
you're raging against in the first place.
I mean, that's where the whole, we're trying to foster the global adoption of cryptocurrency,
right?
So accelerate that. And the outcome that we see is independence, self-sovereignty, inclusion, right? There are
a lot of people who can't go to a bank and open an account. And if they can be their own bank,
that's incredible. And we've seen success stories with that, even with Ukraine, right? People who
have been able to leave Ukraine with all their crypto and no one was able to, you know, unfortunately, their bank in their city was blown up.
Like, what do you do?
And the charity side of obviously the donations.
But the thing is that I find interesting is obviously Ukraine is the victim.
So it's the bigger narrative.
But your average Russian person is really screwed right now.
Right. Because Swift is gone.
They can't even sell their stocks.
Their money is worth nothing.
They don't have access to it.
No bank cards, no credit cards.
Yeah, the average Russian who also could be the one who's protesting in the streets.
That's what I'm saying.
It's like you can't indiscriminately say that this is where your house is.
So now, but we've cut, I mean, the world has cut off your average person from any access to the money.
Yeah, we haven't.
Heck, back in.
Yeah, we haven't.
They've asked you to.
Russians still can't have access to their accounts, right?
No, of course, we are a U.S.-based company.
You're going to...
There are sanctions, right?
Banks have been sanctioned.
Individuals have been sanctioned.
We have a very large compliance department
that works around the clock on these types of things.
So, of course, if those banks or those individuals that were in that world,
they no longer have access, unfortunately, to Kraken.
But individuals on the street, if they have a Kraken account, that's great.
If they want to move their funds on Kraken.
Which might literally be saving their lives right now.
Of course. They want to buy some, on Kraken. Which might literally be saving their lives right now. Of course.
They want to buy some, you know, they have some crypto.
They need to convert it to Bitcoin, move it to a wallet so they can buy food for their family.
They can do that as well.
Yeah.
I always love to ask people or think about what all of this looks like at scale, right? We talk about mainstream adoption, but we're still talking about tens of millions of people, certainly in the United States.
If we go to billions of people who are crypto native, and listen, all of our kids are going to be crypto native, right?
They're not going to live in the world.
How does your side of the business have to scale?
Three billion people want to do this.
How do we secure the assets from the institutional side, from your side?
Yeah, I mean, for us, doing things, even know, doing things a little, you know, even going
down sort of like the segregated on-chain wallets for individuals, right? Like that's an
unique path versus like, you know, in most exchanges are more like omnibus wallets, right?
It all goes together. How many Bitcoin you have is in a ledger. You want to remove it, you know.
Which is funny how that works, kind of a centralized ledger. Yeah, and that's just how exchanges
operate, right? That's what we do.
And the value there is because we also have all the connections to all dozens and dozens of banks.
So people can move fiat on, they can exchange, they can move it off to their hardware wallet.
It's just sort of this ecosystem that we have.
But yeah, I mean, I think security at this scale will be a problem,
especially when you're talking about the UX piece, which we were chatting about.
Early adopters can get it.
The early adopters can fumble through certain things.
But try to tell your grandma, go buy some Bitcoin and then secure it, grandma.
Send it to me.
Buy it for me and send it to me.
How does she do that?
I think we're getting there.
It is still very early days, but I'd say 10 years from now, you and I would be having a very different conversation.
I hope that one year from now we're having a very different conversation.
But you're right. But I think everybody wants it now, actually.
So that's a joke because I think the mentality of a lot of people in this space is always like, well, it's get rich quick.
But also just the expectation that like we need full mainstream adoption now.
We need all these tools now.
It's just we're so, so early.
Yeah.
Yeah.
And that's what we're, you know, we've been doing this for over a decade.
And we're, you know, our consumer facing app has really only been around for a little more than a year.
So we were always very much, you know, people who really understand it, people who are traders,
and now we have a really nice, beautiful experience
that we constantly, every two weeks,
my engineering team is putting out releases
and we're working with our designers and our UX researchers
to try to make it better, to try to get to that
more utopian view where anybody's grandma can go and use it.
And I would argue that most people's
grandmas probably could use Kraken's. I think they can figure it out now.
Yeah. They've figured it out. That's awesome. So where can everybody follow you and keep up
with you after this conversation? Yeah. Really, the only place on social
media is Twitter. For all of us.
Yeah. Yeah. So it's C75, the letter C, the number seven, the word five. You can follow me on Twitter.
Well, I look forward to having this conversation then in a couple of years and see if we were right or if we were wrong and
what's coming. And I'm glad we have people like you securing our assets. Oh, thank you. Thanks,
Ed. Yeah. Thank you so much for listening to this episode. If you haven't already left a rating or
review on Apple Podcasts or Spotify, please do that now. Spotify just added ratings, so please go ahead
and click that five star. I'll see you guys next time.