The Wolf Of All Streets - If You Own Crypto, Here Is How You Should Store It | Jameson Lopp, Casa
Episode Date: April 14, 2024Jameson Lopp is the co-founder and CTO of Casa. As a cypherpunk, he is passionate about building tools to empower individual sovereignty and has been building Bitcoin wallets since 2015. In this episo...de of The Wolf Of All Streets podcast Jameson tells how to securely store your Bitcoin in such a way that if someone wants to steal it from you, they won't be able to do it even if they destroy the entire continent (I hope it never happens!). Jameson Lopp: https://twitter.com/lopp ►► Sponsored by iTrust Capital Invest in Bitcoin, Crypto Assets & Gold with Your IRA Using iTrust Capital. 👉 https://bit.ly/itrust-scott ►► JOIN THE FREE WOLF DEN NEWSLETTER, DELIVERED EVERY WEEKDAY! 👉https://thewolfden.substack.com/ ►►OKX SIGN UP FOR AN OKX TRADING ACCOUNT THEN DEPOSIT & TRADE TO UNLOCK MYSTERY BOX REWARDS OF UP TO $60,000! 👉 https://www.okx.com/join/SCOTTMELKER ►►TRADING ALPHA READY TO TRADE LIKE THE PROS? THE BEST TRADERS IN CRYPTO ARE RELYING ON THESE INDICATORS TO MAKE TRADES. USE CODE ‘25OFF’ FOR 25% OFF WHEN VISITING MY LINK. 👉 https://tradingalpha.io/?via=scottmelker ►►NGRAVE This is the coldest hardware wallet in the world and the only one that I personally use. 👉https://www.ngrave.io/?sca_ref=4531319.pgXuTYJlYd ►►NORD VPN GET EXCLUSIVE NORDVPN DEAL - 40% DISCOUNT! IT’S RISK-FREE WITH NORD’S 30-DAY MONEY-BACK GUARANTEE. PROTECT YOUR PRIVACY! 👉 https://nordvpn.com/WolfOfAllStreets Follow Scott Melker: Twitter: https://twitter.com/scottmelker Web: https://www.thewolfofallstreets.io Spotify: https://spoti.fi/30N5FDe Apple podcast: https://apple.co/3FASB2c #Bitcoin #Crypto #Wallet Timestamps: 0:00 Intro 1:17 The enemy is custodians 2:35 Improvements in self-custody 5:57 iTrustCapital 6:55 Inheritance 9:10 Multi-key setups 12:05 Are you dead? 13:55 Storing seed phrases 16:07 Cryptography vs quantum computing 17:07 Evolution of risks 18:45 The risk of ETF custodians 21:49 ETFs vs self-custody 24:35 Market evolution 26:55 Challenges 31:15 Identity and AI 33:35 Hacking & phishing 37:40 Security of DeFi assets 39:15 Securing other coins 41:45 Security is very personal 43:15 Follow Jameson Lopp The views and opinions expressed here are solely my own and should in no way be interpreted as financial advice. This video was created for entertainment. Every investment and trading move involves risk. You should conduct your own research when making a decision. I am not a financial advisor. Nothing contained in this video constitutes or shall be construed as an offering of financial instruments or as investment advice or recommendations of an investment strategy or whether or not to "Buy," "Sell," or "Hold" an investment.
Transcript
Discussion (0)
We're a private key management company.
Yeah, it's security, but I thought that Kasa's next business was going to be launching a meme coin on Solana called Lopsbeard.
Just the price and hype and whatever is the fact that we're getting old.
It gives people the ability to defend against crazy level, even nation state level attacks in ways that you can never do with your physical property.
That's a really good way to put it,
because the stupidest version of myself is really stupid.
Self-custody industry has been constantly evolving
since Bitcoin was created.
One of the leading companies, of course, is Kasa,
and their founder, Jamison Lopp and I
sit down every few months to talk about
the evolution of self-custody,
what's new, what people should know, and why it's important in the first place.
Casa has an incredible new inheritance product that we talked about today,
but are also constantly innovating and looking for new ways to help people
be self-sovereign and secure their assets.
You don't want to miss this conversation because self-custody is really important. I think we've had frequent talks, you know, every six months
to a year over the past few years. have there been any major moves in the self
custody space since last we spoke any huge innovations anything making it a more obvious
play for the mainstream all these people coming in through etfs are they going to eventually uh
land in self-custody or do you think that that's a whole different ballgame now? Yeah, I mean, that is, I think, one of the big competitors that we're fighting against.
It's funny to see some of the infighting within the self-custody ecosystem, because I think that we should all really come to the realization that the enemy is the custodians. If we're just fighting over a shrinking portion of pie,
then it's not going to end well for us.
And in fact, it could lead to systemic risks
for the entire ecosystem.
Obviously, we don't want to get captured by TradFi.
The convenience that is offered by the ETFs
does make it a very tantalizing thing for the average person.
So this is something we're just going to have to keep beating the drums about. of some improved Bitcoin scripting and protocol stuff that is slowly over time starting to filter
through the hardware and software ecosystem.
But that's still pretty complicated
and is not supported by a large amount
of the software and hardware that's out there.
So it's still a very niche thing.
And Casa is trying to push forward and make things as available to as many people as possible
as early and as easily as possible.
So we're innovating as well.
And this is, I think, part of the game of continuing to come up with new security models that offer new tradeoffs between security and convenience.
I have to imagine that that evolution takes time because even if you have a great idea and you think it works, there's got to be an incredible amount of testing before you would allow something like that out into the wild.
For sure. So, you know, we just announced our inheritance products and I
would say we spent about six months working on that. And it's not even our first attempt at
inheritance. Like we've had an inheritance product for, I think about three years, but it was so
involved. It took a lot of handholding and also had personal information, light KYC type of requirements.
And it essentially resulted in us having to work with people's trusts and estates and stuff.
It was only offered at our very highest level, which of course is very expensive.
And it's really for people that are probably securing tens or hundreds of millions of dollars worth of assets. The primary goals of this
revamp of inheritance was going to take all of the things that we've learned over the past few years,
try to shave away a lot of those rough edges and points of friction and come up with a way of really walking this tight rope where the way I see it, you've got
you've got like self-custody issues where you want to create a security model for self-custody
where you're the only one that is able to spend those funds. The flip side of that and why
inheritance is so tricky to get right is that you want this sort of magical switch to flip when
you pass away so that the security model changes from one where only you have access to it to now
some other designated person or set of people have access to it and since you know none of these
blockchains or crypto networks have any concept of you being alive or dead, you could call this the Oracle problem.
You have to figure out how do we do this in such a way that isn't reliant upon single points of failures like dead man switches is something you probably hear about a fair amount.
And I've evaluated every one
that I came across. And suffice to say, I wouldn't trust my entirety of my assets to any of these
dead man switches because they can also fail. And how do you know if it's going to fail or not?
Crypto investors in the United States face some major challenges. One of them is that there's
almost no way to get exposure to the asset class inside of
your traditional investment vehicles. The other thing is the taxes. They are absolutely atrocious.
What if I told you there was a way to solve both of these problems? Well, there is, and it's with
a self-directed IRA from iTrust Capital. Guys, not only can you open a new self-directed IRA and fund
it with the limits each year, but you can actually convert over from your 401k, your Roth IRA, any other IRA that you already have, and you can do
that tax-free, just transferring over the balance, and then you can go to cash, buy as much Bitcoin
and not pay taxes when you sell it. You absolutely have to try this if you are in the United States. Use the link down below. It's bit.ly
slash itrust-scott. That's B-I-T dot L-Y slash I-T-R-U-S-T dash S-C-O-T-T. You have to try this
now. Yeah. So talk about the problem with inheritance in general then, because I think
just to give people context, what we're talking about here is that you have, obviously, a ton of assets in self-custody.
And you're trapped because either you have to hold all that information yourself and basically create a scavenger hunt for your family when you're gone.
Right?
Some complex thing.
Or you have to trust someone and share all of your information while you're alive.
So how are you actually solving for that now?
You talked about kind of abstracting away the
complexity, shaving off the rough edges, but what does that actually look like as a product?
Yeah. So first of all, I think most people who are doing self-custody are just using a single
signature wallet. Hopefully they're at least using a hardware device like a Trezor, Ledger,
cold card, whatever, to at least keep those keys offline. But most people are only using
one single key to access all of those assets. So in that case, obviously, that's a single point
of failure in and of itself. If you lose that, tough luck, like there's no one who can help you.
But going back to what we were talking about of walking this tightrope okay well how do you how do you share that key with someone so that they can't
access it until after you're dead and the most common thing that we see is what we generally
refer to as like the treasure hunt scenario where someone you know maybe they encrypt their seed phrase, maybe they just put it on a metal
plate and then they hide it somewhere where no one will find it and they create this convoluted set
of instructions. And maybe they put the set of instructions in a safety deposit box that has
beneficiaries listed on it so that the beneficiaries can only access the instructions once they pass.
Some people may actually just put the seed phrase in a safety deposit box with beneficiaries,
but that's a single point of failure in and of itself. Safety deposit boxes can and have been
compromised by both bank employees or nation state actors or whatever.
So this is where I think some of the magic of multi-key setups comes into play
because you have a lot more flexibility
when you're constructing your security models.
And essentially what we do is we start to create sharing
of specific keys.
And to give you a concrete example of like one of the most basic, straightforward CASA setups and how the inheritance would work is that one of our entry level plans is a two out of three multi-sig setup.
There are several different ways you can set it up,
but the default way you come in, you have a key that gets generated on your mobile app.
That key has an encrypted backup made that goes to your cloud. And of course, because that's
encrypted, your cloud provider can't compromise it. Kasa doesn't have it anywhere on its systems.
But that key is interesting because while it is a hot key, it is connected to the internet,
so it's weaker than what you would have on a cold storage device. It's almost impossible to lose
that key because of the backup functionality. your phone gets lost or destroyed or whatever,
no problem.
You log into your new phone, your new Casa app,
your new cloud account,
and it actually gets reconstituted on your device there.
And then normally you'll have one other hardware device
that'll be a cold storage, Trezor, Ledger, cold card,
whatever, we support a number of different things.
And during your normal signing flow, you'll be signing with the mobile key and then traveling,
hopefully somewhere to some secure location where that device is and adding that second signature.
Well, the third key and another aspect of this that makes it a fairly unique setup is that CASA holds what we call the emergency recovery key.
And that's offline cold storage only really meant to be used in emergency situations.
How does the inheritance work? Well, it involves relying upon the Kasa key, which of course we have multiple redundant offline backups for.
That key is not going to get lost.
You basically have to destroy the entire continent in order to have that key get lost.
Point of failure.
Yeah.
Continental destruction.
Probably have bigger problems in that case.
Yeah. continental destruction probably have bigger problems in that case yeah um and then uh the the real trick here is that you share uh one of your keys with uh whoever you want to be the
designated recipient for your inheritance and so the easy way to do that is we've actually made it
possible for you to and share that encrypted mobile key. Basically a QR code that you pass over to your designated recipient.
And once again, you're sharing this encrypted key with them.
So they don't even have that key itself.
Right.
And what happens, and we've set up some game theory around this,
is that your recipient will have a copy of the Kasa app.
They'll have that encrypted key.
But during normal operations, while you're alive, they can't see your wallet, your transactions, your balances.
They can't actually see the seed phrase itself really the only thing that they can do is tap a button
that says i'm going to request to kick off the inheritance process and once they do that we start
sending a lot of alerts and notifications to you to the primary account owner we're like hey are
you dead this person yeah this person says you're dead. If you're not dead, please click this link, give us a call, contact us.
And basically, if they're trying to screw you over, you can then immediately revoke
and kick them out and make sure that they can't go any further.
And so that process continues for six months.
At regular intervals, we'll keep pinging and trying to reach out to you.
And once that six-month time window passes,
then the designated recipient is finally allowed to unlock
and sign a transaction with that key
and then request that CASA signs a recovery transaction.
So pretty straightforward.
There are several variations of this model
because Kasa has several variations
of our different multi-sig key sets.
Asking for a friend who has a three of five,
not naming names,
similar process I would imagine
just slightly more complex.
Do you share two?
Yes.
Or do you just share the mobile? Yeah. two? Yes. You just share the mobile.
Yeah.
Yeah, exactly.
You would share the mobile
and you would want to share,
you know, one seed phrase
from one of your other what, three
hardware devices.
Yeah.
In my recollection,
maybe it's changed
and it's a good hint
that I need to call you guys
and do some updating,
which is very likely.
But you didn't actually have seed phrases on the individual devices when you set up your vault. a good hint that I need to call you guys and do some updating, which is very likely, but
you didn't actually have seed phrases on the individual devices when you set up your vault.
Yeah.
So if you did not save any of those seed phrases, then you'll probably want to do a key rotation.
And that's a fairly straightforward process, completely possible to do that in the app.
Our recommendation around storing seed phrases basically comes down to trying to understand
the trade-offs between having a quorum of unencrypted, in the clear seed phrases laying
around that could be used to spend your funds versus having enough redundancy
that you could recover from potential catastrophic losses. So for the three of five, these days,
our general recommendation is you have one of those devices with a seed phrase backup.
And the main reason for that is the once it's similar to the, like the whole continent getting destroyed scenario,
but a scenario where all three of your hardware devices got destroyed simultaneously.
And, you know, assuming you have all three of your hardware devices geographically dispersed
per our recommendations. You don't put them all in your drawer together? Yeah. Don't recommend that. Really, the only way that I can really see that happening
is with maybe like a huge EMP that like wipes out.
Like a electromagnetic pulse, yeah.
Yeah, it would have to like wipe out, you know,
basically a whole continent once again.
And, you know, if that happened,
probably have bigger problems to deal with.
It's like when people talk about how bitcoin
is susceptible to attacks once quantum computing happens and that's going to be the end of the
bitcoin network and my brain goes if they can do that they can probably access the nuclear codes
so what am i worried about more here the entire internet would be broken you know all e-commerce
as we know it would be broken if a quantum
computer with sufficient level of qubits processing power suddenly appeared out of nowhere. And
this is the nature of cryptography is that cryptography degrades over time because our
ability to break cryptography, both from a understanding of math perspective and from
a pure hardware capability perspective,
is always increasing year over year. And as a result, it's very rare that any form of cryptography
just magically gets broken overnight. You usually have many years of heads up that, hey, we're
probably going to be able to break this specific type of cryptography some years down the line.
How much does that rationale translate to the
systems we have in place for protecting our assets like what you've built? Have there been
any meaningful evolution of attack vectors that have ever made you think, not specifically to
multi-sig, but hardware wallets won't work at some point in the future because bad actors have become so sophisticated
that they've figured out a way to do X or Y? Well, every hardware wallet is different,
right? And a lot of people ask me, what's the best hardware wallet? And I don't have an answer
for that because they all have pros and cons, trade-offs. And that kind of sums up why our philosophy at Kasa
is to use multi-vendor, multi-sig.
Use multiple types of hardware
with multiple types of firmware and software,
because the name of the game of security
is that there will always be vulnerabilities.
The question is how do you compartmentalize
these vulnerabilities so that if a weakness gets exploited,
it's not catastrophic.
And we basically do that through this thing
that's the magic of additive security.
You can also think of it as diversity, strength through diversity. By having diverse
setups for your different keys, then you won't have one single weakness that can be used to
exploit multiple of your keys simultaneously. I assume there's nothing yet that's come about that is a threat to the
bitcoin network itself uh not not really i mean i think most of the stuff that's going on right now
it's less technical in nature and it's really more about what's going to happen with the custodians
especially with the etf custodians that's one of the things that's top of mind for
me is A, watching all the inflows into the ETFs, and then B, the fact that I think like 85 or 90%
of them are all using Coinbase as the custodian. And so that just like screams single point of
failure to me, even though I'm sure Coinbase is a reputable company. They have great security team. They have a pretty good history
of not suffering large-scale hacks. Of course, there's plenty of people who have had their
Coinbase accounts compromised. Individuals get hacked by the thousands daily, I would imagine.
Yeah. So Coinbase and their hot wallets definitely get accessed through various weaknesses, but as far as I'm aware, we don't know of any exploits against their cold storage, which should be the vast majority Prime Trust, had some sort of incident. So even regulated
trusted custodians, to your point, have failed us. And that's probably because this is still
really complicated. Yeah, there's no shortage of things that can go wrong. And one of the primary
points that I tried to get across
because one of the common pushbacks to self-custody is,
oh, it's hard.
Why shouldn't I just let a team of sophisticated experts
take care of my custody issues for me?
And the short version is if you look at it
from a threat model perspective, all of the things
that could go wrong with your self-custody setup can go wrong with a third-party custody
setup because they are essentially doing self-custody.
It's just you're handing that all off to them.
But additionally, now you have an unknown number of third parties.
It's not just the organization.
There are an unknown number of employees within the organization who are participating in your security model.
And the whole thing seems like they do.
There have been cases where there have been internal attacks at companies.
I think Shapeshift was one of the foremost because Shapeshift was honest enough to actually
publish a postmortem about their internal attack and the employee who compromised a
bunch of their systems.
I always come back to the point that all of this is so terrifying.
And I think to some degree, probably alienates new entrants at first.
When do we get to a point where self-custody, and maybe you can't because if it's simple,
then that defeats the purpose.
But when do we get to a point where there's UX UI that's so simple that the average person
who maybe is considering buying an ETF, but hears about self-sovereignty and self-custody
does it and isn't terrified the second that they try?
Because most people don't make their first $100 Bitcoin purchase and immediately put
it on a hardware wallet, right?
It's kind of a chicken egg.
There's a number of ways that this could go. And I guess it depends on whether or not you're bullish or bearish on sort of the hardware device ecosystem. Obviously, there are entities that are
continuing to iterate on that and try to make the hardware devices better. For example, Block and
their BitKeyey came out recently.
And I think arguably Block was going more towards
the convenience side of things
because they definitely had some security trade-offs there.
But I think this is going to be many years
of continued experimentation to try to find
where the sweet spot is on that.
Casa, we have our own ideas and paths that we're going to be exploring
and kind of related to that.
Just yesterday, we announced an acquisition
of a company called Chamber.
And Chamber is pretty heavy on the cryptography side.
They've been doing some interesting things, playing around with
different self-custody models where people are securing their keys using different types of
encryption, more sophisticated stuff, and trying to do that in a way that is not reliant upon any of these off-the-shelf plug-and-play hardware devices.
Because I think a lot of people, even if they buy a Trezor, Ledger, whatever,
I've heard from a lot of them that even if they buy it,
in a lot of cases, it ends up sitting in their drawer.
Yeah, because they're afraid to even plug it in and start messing around with it.
Yeah, it sits in their drawer or they send like a first transaction of 50 bucks and they start buying a bunch of Bitcoin on Coinbase.
And then they have a date and they forget that they're supposed to move it to self-custody and it just never gets used.
It gets left on the shelf.
I guess that is the big challenge. You talked about at the beginning that the
shrinking pie for the self-custody industry, to some degree. You said,
if the whole pie is getting bigger but ours is shrinking, why are we fighting?
There's not necessarily enough for everybody. Do you find that the pie is actually shrinking,
or do you think it's just not nearly expanding as
much as the other side? Because I would have to imagine that there has to be some trickle down
benefit to self-custody as we see new entrants into the space, regardless of how we come.
I mean, listen, we even know people who bought NFTs and bought Doge, some of them,
even if it's 1%, eventually get to Bitcoin, right? Yeah. I mean, as the price goes up, as more people join in, it's kind of twofold.
In the very early years of Casa, what we saw was as the price went up significantly,
then people saw the value of their holdings do a 10x and they re-evaluated their security model.
Then during more of the COVID era, we saw more outsiders and more high net worth individuals order to truly take advantage of all the properties of this asset class, they needed not only financial exposure, but they actually needed the security model that being your own bank offers to you. another major driving factor that we're seeing beyond just price and hype and whatever is the fact that we're getting old.
Basically, we're seeing more people who are in the crypto space, you know, getting married,
having children.
And that is a big trigger point, especially when they start thinking about inheritance, when they start thinking about their portfolio, not as just a means for them to build wealth, but for them to build generational wealth. to ask the question, okay, how do I ensure that my next generation is able to take advantage of
it and access it once again, if I get hit by a truck? So glaring reason for you to have focused
on inheritance and somewhat taken a major step to fix that problem. Are there other glaring problems
that are next on the docket for you guys, not specific to Casa, but specific to
self-custody and those challenges that you think you would tackle next or just in general that are
still huge barriers to adoption? Casa is not just a Bitcoin company or an Ethereum company or a
stablecoin company or a self-custody company. We're a private key
management company. Ultimately, our thesis is that more and more things, more and more valuable
things will be secured and accessed via private keys. And cryptography being this amazing asymmetric defense mechanism you know
it gives people the ability to defend against you know crazy level even nation state level attacks
in ways that you can never do with like your physical property so there's many different avenues that we expect we will go down.
It's not quite clear what the priority will be.
But the short way of how to look at it is, you know, what are the things that are important to people and are either currently digitized or maybe being in the process of being digitized. So really any sort of
sensitive information that's important to you. I think a lot of the document storage systems
that are out there are highly flawed. You see that every day. We seem to see those things hacked.
Yeah. People are losing access to or having their stuff hacked. And this even predates
Bitcoin and crypto stuff. Before we had bearer crypto assets, that was the primary valuable
asset on the internet was sensitive and private information.
So hackers were generally just trying to get into databases, dump stuff, sell it on darknet
markets, do identity theft, so on and so forth.
And that actually leads to identity itself is something that we've been looking at or
keeping an eye on. I think that having a cryptographically secured digital
form of your identity is actually a missing piece of many of these ecosystems. And that's
because I think reputation is a big missing piece from many of these ecosystems. If you
just think about, for example, like all the rug pools that happen, all of the economic interactions that are happening in DeFi or just crypto in
general, while obviously there are pros to anonymity and privacy and so on, when you're
entering into an economic relationship with someone, you generally need to trust
them somewhat.
Or if you're giving money to someone, preferably there should be some sort of reputation there.
You think?
I know.
So I think that having a standard for identities that are cryptographically attested to would be a major
piece of functionality that would boost a lot of the other aspects of DeFi.
And also in conjunction with the fact that AI is getting more and more powerful and deep
fakes are getting easier and easier to do.
This has always theoretically been possible with like PGP and the web of trust. But once again,
nobody uses those tools because they're so difficult. Yeah, I think you touched on one of
the hottest sort of should be talked about topics in crypto, which is the identity and AI is the, this is the one place of all the
stupidity and dumb ideas I've seen for mixing crypto and AI or why they should be. That's the
one that makes so much sense. That's the one that to me, I don't think it's a this cycle thing per
se that we actually see it meaningfully developed, but that's the one place where you can effectively allow AI to
interact with AI on your behalf securely. And of course, deepfakes and such, as you said.
Yeah. I mean, the main thing here is that there's a number of different projects that are working
on identity and we're just trying to keep track of them. Obviously, there are network effects at play
and you don't want to have to have multiple different identities with multiple different
standards and protocols. I'm not so sure that any of the projects that are specific to a specific
crypto network are going to be great because that kind of-
The network may not even win. It's a sort of maximalist position.
Then there's the distributed ID project that's been ongoing for a number of years.
And I think is actually tied to through Microsoft or at least Microsoft
was pushing it forward for a while.
It seems promising, but it has been kind of slow going.
So Casa is not in the business of rolling our own crypto or writing our own smart contracts.
We're trying to create our own standards to push out to the rest of the world.
We generally want to be early adopters of whatever we believe the technologies are that
are going to ultimately have the network effects.
Yeah, it's security, but I thought that Casa's next business was going to be launching a
meme coin on Solana called Lopsbeard.
There's so many ways that we could go with it, but...
It's insane.
Yeah, you talked about...
I giggled, actually, when you talked about reputation
and you think that if you were entering
into a financial transaction with someone,
there would have to be some level of trust,
whether that's knowing them or not.
Obviously, you need to have some level of trust.
And we're in an environment right now
where somebody who's anonymous on Twitter can post a Solana address and have people send $30 million literally in 30 minutes to that address.
And then that tweet can be deleted.
Hard to believe.
But is that encouraging for your business?
Or does it give you a big head shake and say most of these people are just never going to get it?
Or they're just not your customers because those aren't Bitcoiners, those are gamblers.
We do not really facilitate any of the degen DeFi stuff.
It's fine if people want to do that on their own.
Take whatever risks you want to do.
But you'll notice that if you look at the actual statistics of loss in the wider crypto ecosystem, and this is something that I track as part of my annual report at the end of year. For the past four or five years, the amount of Bitcoin that
is getting lost and stolen is steadily going down while the amount of Ether, Solana, and
other tokens is going up. And in general, it's mostly not happening anymore because of just like hacks on custodians.
It's really all has to do with exploiting smart contracts and the fact that people,
they're willing to sign transactions for things that they don't really know what they're authorizing.
And so this is what all the wallet drainers and phishing scams
are. I mean, I hear from people on almost a weekly basis of like, I thought I was safe because I was
using a Trezor or a Ledger. And then I got, and this is one of the things that really pisses me
off, people that are actually getting the bankruptcy emails through Kroll or whatever.
People got crushed on the Voyager bankruptcy emails.
They got hacked, right?
The bankruptcy provider got hacked.
So all of that private information gets leaked.
And so now all of those creditors get spearfished and they're told, hey, you click on this and sign this transaction and we'll actually give you your money back.
And it seems like a legitimate thing because they're expecting to get their money back sometime around now.
But what they're actually doing is they're authorizing a wallet drainer to take all of their money.
It's insane.
And you talked about people have their lull to sleep somewhat by the fact that it's on a ledger or treasure. If you sign the transaction to send your coins away, it doesn't matter how
you have them secured. But it really is incredible to your point that it's less now about there were
the cycles where it was always a bridge being hacked. And we still see those things, but these
sort of major exploits. But those were generally from a huge wallet or from a protocol, not from
individuals one by one. So it's really sad, actually, when you put it in the context that
you did that we're seeing maybe larger dollar amounts being stolen and that's distributed among
thousands of percent more people. So this is, we were joking almost a few months ago,
it's like if you buy a Bored Ape, you might as well consider a 75% chance
that it somehow disappears from your wallet.
Yeah.
It seems that way.
You could say this is somewhat a limitation
of the hardware devices themselves.
They generally, it just pops up and it's like,
hey, do you want to sign this message?
And then it's like a bunch of hex code.
It doesn't tell you in plain English what
you're actually signing. That's absolutely true.
So people are like, well, I guess I have to sign this in order for it to work. And so they
do and that's game over. Is there a reliable way for those people to secure those types of assets
now? Generally, I think it's about compartmentalization,
right? So if you're doing riskier DeFi stuff, then you should only have a small amount of assets
in your daily driver wallet. Basically, you have to think about it as every time you're touching your private keys, this is a very sensitive and risky act
because there are many things that can go wrong.
As long as you're not touching your private keys
and they're securely backed up,
then nothing's gonna go wrong.
So especially if you're signing various authorizations
to your smart contract wallets,
then you should assume that at some point you may slip up.
Even if you're a highly sophisticated technical person, we make mistakes.
It's very easy to get a notification or an email late at night,
or maybe when you're sick, you're just not thinking clearly, maybe you've been partying a little bit too much. And, and you might not have the same
level of guard and caution that you normally do. So I guess one way to look at it is you should
consider yourself to be a single point of failure. You are not always in top condition,
the sharpest mindset. So you need to guard against what the stupidest version of yourself might do.
That's a really good way to put it. Because the stupidest version of myself is really stupid.
It can only, I mean, it can be that one moment.
I'm yet to knock on something,
but I know, to your point, very smart people.
And we all know exceptionally OG,
respected, tech-savvy, security-conscious people in this space who have been massively hacked.
Yep.
So does that mean they should just only have Bitcoin and a multi-sig and call today
or Ethereum, I guess, at this point? Are you guys offering things beyond? Can you do all the ERC-20s?
I haven't even asked. Or is it just Ethereum and Bitcoin? Okay. So we have theoretical capability
to do any ERC-20. Once again, it's a question of risk. So I can tell you for sure, we are never going to just
open the floodgates on all of the tokens that you can add, because that's a security issue in and of
itself. People create the fake tokens that they look like they have the same ticker signal,
but it's actually a malicious smart contract. So we'll be vetting and whitelist thing
on a case by case basis, you know,
depending on what demand we're seeing from people.
That makes perfect sense.
How many times do you get the when Solana question now
that it's gone up so much in this cycle?
I don't think we've really gotten much on the Solana side,
but you know, it also seems like the Solana stuff is mostly more in the D-gen space.
And I think that those folks tend not to be looking for our type of generational wealth services.
But, you know, it very well could be that another cycle goes by and that changes.
Because you could argue that, you know, 2017 era for Ethereum was... Same, it's Lana now.
Space. And what happens? Well, you know, you throw a bunch of stuff against the wall and then 90%
of it fades away, but whatever is left, if there's still enough value there, then you may have people
that are holding on to generational wealth. So I wouldn't be surprised if that cycle repeats
from that perspective. And are you working on it yet? No, no, we've got higher priorities.
I think that aligns well with the ethos of your company and the Jamison that I've known
for all these years. So anything else you want to touch on before I let you go that we might have
missed? Well, you know, security, it's a complicated
subject. It's also a very personal thing. And this is another reason why I think that a lot of the
sort of do-it-yourself custody setups can be so overwhelming for people. Because what you don't
realize until you really start to go down that path and get into it is that
there are a lot of decisions that need to be made.
And these are not decisions that you can just find,
self-custody 101 guide for,
because everybody's situation is different.
So while you can think of Kasa as providing
technical solutions and software and security models
that are easy to get into, one of our big value adds is just the fact that we have really
high level of support.
If you want, especially if you're on our premium plans, we will get on the phone with you.
We will do a video call with you. We will walk through any
questions and issues you have, and we'll help you make these decisions by informing you exactly what
the convenience and security trade-offs of each specific decision is. Yeah, it's an incredible
service. So I can't wait to see it evolve. And I hope, as always, that more people find their way there.
Maybe the next conversation, we'll talk about all the risks of the ETFs more deeply. But yeah,
save that one for another day. Where can everybody follow you? And of course,
check out Casa and all the products you've discussed. It's easy to find me on X,
formerly known as Twitter. The handle is just L-O-P-P.
And if you want to check out CASA, it's just C-A-S-A
dot I-O.
Love it, man. Well, thank you so much for your time.
As always, I can't wait to dig into the
Inheritance product. It's been a
huge problem, and
as a customer, it's time I give you guys a call
and figure that out. So thank you for
developing that. Absolutely. we'll be standing by
that's dope