The Wolf Of All Streets - Your Hardware Wallet Is Not As Cold As You Think | Ruben Merre, Ngrave
Episode Date: November 20, 2022How do you truly own your assets? This session highlights the redefining of ownership in the crypto space. Hosted by Scott Melker with guest Ruben Merre, co-founder and CEO of NGRAVE. Ruben Merre: htt...ps://twitter.com/rubenmerre ►► JOIN THE FREE WOLF DEN NEWSLETTER https://www.getrevue.co/profile/TheWolfDen GET UP TO A $8,000 BONUS IN USDT AND TRADE ALL SPOT PAIRS ON BITGET FOR ZERO FEES! ►► https://thewolfofallstreets.info/bitget Follow Scott Melker: Twitter: https://twitter.com/scottmelker Facebook: https://www.facebook.com/wolfofallstreets Web: https://www.thewolfofallstreets.io Spotify: https://spoti.fi/30N5FDe Apple podcast: https://apple.co/3FASB2c #Ngrave #Wallet #Crypto The views and opinions expressed here are solely my own and should in no way be interpreted as financial advice. This video was created for entertainment. Every investment and trading move involves risk. You should conduct your own research when making a decision. I am not a financial advisor. Nothing contained in this video constitutes or shall be construed as an offering of financial instruments or as investment advice or recommendations of an investment strategy or whether or not to "Buy," "Sell," or "Hold" an investment.
Transcript
Discussion (0)
Everybody's heard the expression, not your keys, not your coins.
And if you understand this expression, it compels you to take your keys off of exchanges and put them on a hardware wallet.
But what if your hardware wallet is not as cold and secure as you think?
I talked with Ruben Meir, the founder of Engrave and the Xero Wallet, about why their wallet is superior
and the issues that might exist with other wallets that you're counting on to secure your assets.
So I know it's approaching the end of the day here,
but this might be one of the most important conversations that you'll hear at this conference or really at any conference.
That's why Ruben flew all the way here from Belgium
to have this conversation with you. And I've known Ruben for quite a long time.
You were one of the first guests on the podcast when we actually moved to video.
As I've said before, this is the actual wallet that I personally use. And it's, in my opinion,
far superior to any other product on the market. And I can probably honestly say that I've tried most of
them. And so the topic today, obviously, about hardware wallets and security, but in this case,
why your hardware wallet may not be as cold as you think. And that's kind of a daunting and scary,
seemingly clickbait title, but it's not. Because there really are a lot of points of failure for
most hardware wallets, right?
Can you talk about maybe some of the immediate concerns you would have,
not targeting any competitive product,
but with hardware wallets in general that you were looking to solve?
Yeah, sure.
So by the way, if anybody's interested by the end of the show,
or if you can't contain yourself,
you can always come and have a look at the OpenFrame prototype.
We are live in shipping, so these things basically ship the next day
if you order one, but it's always good to see what's actually inside the wallet.
And so here you can see an open hardware wallet.
And our wallet is called Zero.
So Engrave is the name of the company, zero is the name of the product.
To your question, Scott, yeah, I mean in your crypto life, in your crypto life
journey, you have to start somewhere, right? And the actual start is how do you
create good private keys, right? How do you create a good first key that will actually protect all your crypto?
And yeah, when we started with building this company, we realized that even that first step,
how do you create such a strong key? We realized that, let's say, our competitors, the other hardware
wallets, even bank solutions, they don't really make good keys.
So we had to, already on that level,
so the first level a hardware wallet needs to do,
creating your keys, so doing that offline
on a hardware device.
Yeah, we needed to revamp the key generation process.
And so on that level, we invented something
that we have patented and we call it the perfect key.
So yeah, everything starts with your key. In our case, the perfect key is the first thing you will make with your
wallet. If you've been following me for the last few months, then you definitely know that I've
been trading and investing on BitGet. Now listen, it took me six months to decide that they were
going to be the sponsor for the newsletter. But once I saw their partnership with Juventus, that they were the world's leading copy trading
platform in crypto, and also that they're a top five exchange by volume, well, I was
sold and I was convinced.
I've been using it ever since to dollar cost average and to invest in Bitcoin.
You can also trade there with leverage, but of course, be careful if you're going to do
that.
And I don't know if you saw the recent news, but they've also done a deal with Lionel Messi. Now you can get up to an $8,000
bonus using my link below and you can trade spot with absolutely no fees. You also get a 15%
discount on trading leverage. Go ahead and sign up right now using the wolf of all streets.info
slash BitGet.
Claim that huge reward and use the world's best trading platform.
Could you talk specifically about what the perfect key is and what those issues are with the previous strategies for creating keys?
Yeah, sure. So essentially, your hardware wallet will create 256 zeros and ones, the computer language.
In 2014, luckily, somebody came around and said,
why can't we make that more simple?
And the 12 or the 24-word seed phrases became a reality.
And now you could say that the logical evolution of that is this perfect key.
And yeah, with 24-word seed phrases,
there is a lot that doesn't add up
i think some of the most let's say visible things is once you make a backup and somebody finds those
24 words they have your key once you lose that backup you have no way of recovering it right
and even in the level where the the wallet would create your 24 words you have no
choice they will always give you a key they will tell you write it down this is it so there are so
many risks involved in just a step of receiving from any kind of third party a key that you need
to basically put all your money on and the perfect key sort of resolves all of those issues.
So what is the perfect key then?
The perfect key is a new key format. So it's basically a 64 hex. What it means is it's
64 characters instead of 256 zeros and ones. And each character has 16 values, 0 to 9,
A to F. You can compare it a bit to the classical way that the private key is used or looks
like. But we use it as a master
seat. So the difference between a private key and a master seat is the master seat is one key
that creates the whole universe of private keys that you need to hold if you want to have five
Bitcoin accounts, 20 Ethereum accounts, infinite number of accounts. But you only need to remember
one key. That's that master key. So the 24 words are today that master key. But as I
mentioned, there are quite a few drawbacks. And that's why we
came up with a hex format. And then obviously, it's about how
you use that hex format to solve all the issues that I
mentioned.
And so outside of key generation, and then we'll talk
about key storage and the way that you actually secure those keys after, what other issues are there potentially with hardware wallets?
Obviously, yours is air-gapped for a reason. You never really have to be attached to the internet. It's working through QR codes, obviously, because this is what I use.
It's a very different system than a lot of other wallets. So talk about the issues you saw with theirs and then how you chose to solve it.
So let's say our core principle that we started with
was we will never compromise on your security, right?
That's the first thing you need to do as a brand.
When we look at any of the other wallets,
we don't see anything even close to that.
And again, the most simple things like
giving you a paper wallet as a backup,
a paper wallet that is literally, you spill water on it and it's game over,
that cannot be a definition of security, right?
So that's an important one.
But if we look at hardware wallets in general,
maybe you should repeat the question so I make sure I...
Yeah, speaking about the problems with existing hardware wallets
that you solved, obviously, by air gapping.
I think I can just list a few off the top of my head
that I've experienced the battery dies.
Like I've had a ledger that I plugged in
and then all of a sudden it wouldn't accept any firmware updates.
People getting confused what they do in the middle of that firmware update
and sending their coins away and they're not coming back.
I mean, there's a lot of issues with the way those things work
and especially when they're updating.
Yeah, and so it's funny when you think about that
because let's say the most used ways today
with hardware wallets is QR code.
Sorry, that's what we do,
but it's USB connection or it's Bluetooth, right?
And the thing is, the first thing is
you're basically working with a black box.
You don't know what's going on inside the Bluetooth connection,
inside that USB connection,
so you might as well sign anything.
What we use is we use QR codes,
and QR codes is something that everybody knows,
everybody uses on a daily basis.
It's intuitive, it's fast, it's a no-brainer,
and you have already adopted it.
But it also happens to be the most secure way of actually interacting. Why? Well, because you never
actually make a connection with an online device. The only thing you do is you show a picture.
On the other side, it shows a picture back. How can you, by showing a picture, hack a device, right?
That's very hard to do.
So in our case, if you would say,
we show you QR code and the QR code says like,
this is a transaction you need to sign.
You can literally take your phone,
just scan it and see what's inside that QR code.
So you basically have security through transparency.
You see what you sign.
And in that sense, you can be closed source, so to say,
as long as the user understands how it works
and can see what he's signing,
there is no reason for, let's say,
panic. Whereas if you do it
with USB or with Bluetooth,
you have absolutely no clue.
And one of my favorite things
about using the QR code,
because I just believe that at some point
I'm going to make some massive error.
And that's why I've referenced the fact so many times.
I think all of us know that every time you send crypto,
you get that little feeling
that you might have done something wrong, right?
I don't care who you are.
I don't care how many times you've done it.
I don't care what size.
Someone even joked that Vitalik Buterin
in one of their earlier ones
still provably sends a small $5 transaction to test
before he even sends it.
And he's a guy who invented it to some degree.
But one of the things I like about the QR code
is that you don't have to type in that,
or copy and paste and type in a really complicated address.
There's really no way to mess it up.
It either reads the QR code or it doesn't, right?
Yeah, yeah.
And so for me, that simplifies the process massively.
Exactly.
And just a note on every of these online solutions,
because USB, what you're doing intrinsically
is you connect to an online device, right?
If you do it with Bluetooth,
so you're always making a connection.
And once you make a connection,
you're opening the box of Pandora, right?
Any kind of attacker literally has at least one point
that he can use to attack your
solution. With QR codes, you don't have that. And just to give you one example of how
devastating a USB connection can be, in 2014, there was a virus called the Stuxnet virus.
It was reportedly developed by an intelligence agency at the US side.
And the main goal was to completely mess up the nuclear enrichment program in Iran.
So in their nuclear power plants, fully offline power plants.
So what they did was they built a virus that would just sort of replicate itself over USB drivers. So if you would put your USB into your computer,
it would have a way to replicate into other computers
and then go onto those USB sticks.
It would never activate up until the moment
where it would be in the right environment,
being a nuclear power plant.
So this is one of those famous viruses
that literally just went through a simple USB connection.
But that is just a way to let you hopefully understand
that it is dangerous to use
whichever kind of tiny connection there is
because the hackers are smarter than us.
So if we are offline, really offline like we are,
how do you attack an offline solution
from 500 kilometers away, right?
If you're not an offline solution like that,
do the hackers eventually find a way no matter what?
As you said, the hackers are smarter than us.
It seems like an impossible job basically
to be a security expert because you can only really react.
It's very hard to predict what a hacker you've never seen
is going to do, right?
Yeah, and I mean, if you just think about the fact that,
let's say in North Korea, you have the Lazarus do, right? Yeah, and I mean, if you just think about the fact that, let's say in North Korea, you have the Lazarus Group, right?
They do only one thing every day long,
and that's they attack solutions
and they try to steal crypto.
It's a few billion dollars a year that they find.
So the only thing you can say about that
is the moment that they decide that you are a target,
you have already lost.
So the only way you can really
protect is to adhere fully to the concept of you need to be offline. So our device is
zero, it cannot connect, there is no 4G, no Wi-Fi, no Bluetooth or USB connection that
is ever used to actually sign transactions or do any kind of interaction with your computer.
Right and it charges, I mean it can charge through a cord,
but that can be plugged into the wall rather than into the computer.
Correct, correct.
And obviously, we also still have to do firmware updates.
So that was sort of a point where we said,
how can we do that if we never, ever go online, right?
And so that actually got us to do something really amazing
because we have a USB port.
That's the part that is going to be connected to your computer
if you want to do a firmware update.
But we were able to certify our operating system
for the highest security certification in the world,
which is called EAL7, Common Criteria EAL7.
And so it's the most accepted standard for security worldwide.
So let's say the US, Canada, Germany, France,
they all accept this as the standard.
Apple Pay, credit cards, they have EAL 5 security.
The best bank goes up to five and a half, six.
And Xero, our hardware wallet,
is the only thing with the EAL 7 security certification.
So we don't have an equal on that level.
It's the most secure financial product in the world.
And the only reason why we did it
is because we need to live up to our own promise,
which is we never compromise on your security.
So if we do a firmware update,
it's taken care of by EAL-7 security,
which is inherently artificially unbreakable.
But yeah. Have you ever actually had an issue which is inherently artificially unbreakable.
Have you ever actually had an issue where someone has attempted unsuccessfully
or you've seen an actual hack happen with the device or never?
With our device?
Yeah, so we have gone through extreme testing.
So one of the people on our team,
his name is Jean-Jacques Quisquater.
He's, you could say, one of the foremost pioneers in the world
on everything that's hardware security.
77 years old, more than 50 years of career,
he started with the first smart cards,
the first chips,
the first backdooring of those chips
because it is a reality
that the chips inside hardware wallets,
they're all backdoors.
And to the point where he said,
when he was 75 or something,
engrave, zero, the way they create keys,
that's for him the future of hardware.
So that's why he invested, why he became an advisor.
So yeah, these are the kind of people that help us think
even more deeply than we can
to make this the best solution in the market.
So what do you say to somebody who's new into the crypto space
and opens a, say, Coinbase account,
and they buy a little bit of crypto
and then they don't even think beyond that?
I mean, there's a lot of people, I would say,
who come into crypto, especially the mainstream,
that don't even know hardware wallets exist.
Yeah, I mean, I think the narrative there is,
the proof is out there, right?
I mean, every major crypto exchange
has been hacked in the last five years,
the last even three years.
Literally weeks ago,
one of the biggest had suffered a hack,
maybe not directly on the exchange,
but still a lot of money.
The DeFi platforms that are supposedly decentralized,
they're as centralized as it gets, and they're failing and their users are losing everything they have.
So I would say if you have a Coinbase account, I mean, there is a certain level of trust you have because it's a good brand, they've done a good job, but you always have that inherent risk right so for example if you look at hot wallets with metamask is the biggest hot wallet mobile app in the world for crypto right now 30 million
users a month but the the core thing in your experience with metamask is it's anxiety it's
shit all my crypto that i have on it might be stolen tomorrow because they gave me a little
json file i put it on my computer.
So they give you a key online,
which is already like, don't do that.
And the nice thing is that we actually
define the QR code standard with them
behind the scenes,
which we will be launching in the next few weeks.
And you will actually be able to use your Xero,
have the keys,
your MetaMask becomes your interface, but there
is no more crypto to be stolen. You can just do your DeFi or token swap, whatever it is,
and nobody can steal from you because it's all offline on our device.
And that's different than using, say, a ledger when you're interacting with MetaMask because
you're plugged in via USB to be able to do that interaction?
Well, in the theoretical sense,
there still are quite some risks with that,
but it's also about usability, right?
In our case, QR codes are super fast.
You tell MetaMask, I want to sign a transaction,
one QR code later, it's already on the grid.
So the nice thing about Xero,
and we also notice it with our customers,
is it's the cold the grid. So the nice thing about Xero, and we also noticed it with our customers,
is it's the coldest wallet, right?
But it's actually temperature agnostic because it's fast.
It's almost as fast as hot.
And in the future,
you will also be able to place limit orders
offline on a DEX.
So you literally don't even need money on an exchange,
but you can still say,
I'm going to buy some Bitcoin and I'm going to buy it with Ethereum without any risk to losing the actual transaction.
That's huge. Now you talked about actual key storage. Once you get your keys in the hex format
that you've described, most people say, write it down on a piece of paper, put it in a booklet,
lock it in a safe, cut that in half, put half of it in your mom's safe and half it.
And we know it gets a bit absurd.
You guys obviously have the graphene solution.
Can you talk about?
Yeah.
So obviously what we do is we do end-to-end security.
So we don't stop with, let's say, creating a key, then giving you your wallet and then saying now it's up to you and make sure you don't lose your key and if you do too
bad right unfortunately that is literally the narrative of all the
wallets right now they give you a piece of paper if you think about just that
aspect it's I just can't understand why they don't do incremental innovations
such as making it water spill proof making it inshreddable those are things
that are easy to do.
In our case, if you buy the wallet,
so this here is the zero hardware wallet, right?
So if you buy only the wallet,
you do get a paper wallet, of course, as a backup.
It's unshreddable.
You can spill water on it.
Nothing will happen to it.
This for us seems the most logical thing to do
with the most basic backup you can have.
But obviously that was for us not the end goal
because we saw three big challenges, right?
So the first one is,
and this beautiful thing here is called graphene.
That's our backup solution.
So there are three things we wanted to solve.
One was if your house burns down or if you spill water on it,
that thing needs to survive.
It's more important than your hardware wallet.
You can lose your hardware wallet 100 times
as long as you have your backup, it's all fine.
So this is stainless steel,
which burns at, I'm European,
so 1,660 degrees Celsius.
Your house burns down at the maximum temperature of about 1000.
So this thing is smiling back at you when your house is fully burned to the ground.
And that's the first goal of a good backup, right?
But it goes well beyond this.
Let's say the second thing you need to look at is,
okay, somebody finds my backup.
What happens?
They find my 24 words.
They know my key.
Game over. I cut it in two parts
of 12 they find 12 words they have a lot of information on my key right it's sort of game over
so what we were able to do with the perfect key is and i'm not going to explain it in detail but
this thing basically consists of two plates and the upper plate is sort of uniquely configured to make holes through as
you can see this has like all of these different little tiny holes you make holes through this
upper plate into a lower stainless steel sheet that in the end will have holes in it that
for the let's say the person who looks at just holes on this key, on this plate, they will not
be able to make anything of it, right? So there is not a single piece of information they have
when they find this. And you have to put this one exactly on top of the other one. And it's always
a unique configuration. So if you want to find your key back, it's the two plates you have to
put together. And so that was the second point.
It's like somebody finds this, there's nothing they can do with that. Somebody finds that,
the other plate, there's nothing they can do with that. So we obliterate your key into
two parts that are completely meaningless. And then the third big challenge is, of course,
like what happens if I lose this again game over right so in our case
there are like there is like an ultimate recovery code on the the bottom of the of this plate
keep that somewhere else right but if all else fails you give us that code and we can recover
this part of your solution we have no idea what you did with this, so we cannot find your key.
And here we typically, let's say to a normal retail customer,
we just say buy two of these. Then you have your own backup.
This is the cheapest part of the whole solution.
I think the most fun part about buying your wallet is actually doing the punching.
I picked up the tool. Anyone who watches my live streams,
they used to make fun of me. People were like, why are you holding a weapon?
Because I just had it on my desk for whatever reason.
I'm talking and I've got this thing like here,
I'm sliding around.
But I will warn you that it's really loud.
The first time that I did one,
it was like 5.15 in the morning.
I was like, ah, nobody's awake in my house.
I'm gonna go ahead and get this done.
Boom, screaming kids.
Like really loud.
I woke up my entire family.
So I would just say do it in the afternoon, maybe.
Do it when you have stress because it's a good stress reliever actually.
Yeah, it's pretty incredible. Basically just pounding these holes into the metal.
So we're at a certain point obviously in the development of this, but you've already had
a version one and a version two and you're constantly innovating. Is there anything
that you still want to do with it that you haven't been able to,
or maybe the technology doesn't exist,
or maybe even the hot wallets you're interacting with
aren't at the point where you can do it.
But in a perfect world, I know, obviously,
being able to trade directly off of that
without putting your funds on an exchange
or connecting to the internet, that's incredible.
Incredible.
But what else are you thinking of or planning?
We have a huge roadmap so to say
so for us it's all about we want to protect people right so that's that's our goal you don't see many
companies like this in crypto because uh in the time frame we built this about four years you
could have done a lot of token raises and you can be wealthy quite quite fast and quite easily
but for us it's all about the purpose and the purpose-drivenness of protecting more people
on a daily basis.
So our personal big, hairy, audacious goal,
if you want to call it like that,
is to protect 500 million people by 2032 with our technology.
And it goes well beyond just the B2C segment, right?
So we're already working with businesses,
with big asset managers to sort of incorporate this
into what they do.
If we look, for example, at the level of new things
we would invent and bring to market,
it's the next step of this is how,
because now it's all still on you, right?
If you lose this and you lose your backup key,
so to say, it's still game over.
So the next thing we're going to build is a solution where you can literally never lose your keys again and so the way that works is this thing for you will be one share of your
initial key engraved so we will have a second share of that key and a third party will have a third share of that key.
So basically what it means is that if you lose this,
we will send you our share, the third party will send their share and your zero will be able to recreate with two of the three keys,
the actual initial key of your wallet.
You could say this is something that's pretty similar to Shamiro's secret sharing,
which is sort of cryptography principle in crypto already.
But if that's the case and you lose this, you didn't lose your keys.
And that's what we're all waiting for, right?
A solution where we at least know on that front that we're good.
What does an institutional solution look like you're talking about?
Because obviously they have risk procedures in order
where it can't be one person with a wallet
who controls all the funds for that institution.
So is that something where it's a multi-signer
or something like you just described where it's three people?
Does it have to be seven people?
Is it some sort of custody solution that's not actually hardware?
Yep.
So the beauty of that is actually that this thing
has the highest security certification in the world,
which is obviously overkill for a random person
who wants some crypto and be at home with his wife and his kids.
But once you go into B2B, this is a game changer.
Because imagine you have to protect $500 million
with an EL5 solution or anAL 7 solution for the same price.
Which one do you choose?
So when you go into B2B, and this beauty already can do everything,
B2B is more about governance and about business requirements.
So if they say, look, we're 10 managers, if 7 out of the 8 can sign a transaction, then it's good.
They can have 7 or 10 of these devices
and they can literally do that.
So it's sort of a multi-signature setup, for example,
and that's almost peanuts to build.
It's just on the software level
and the devices already exist.
So that's just something that they have to basically,
a system that's built in,
but doesn't change the hardware in any way, shape or form.
And I know that talking to you,
multi-sig is obviously very popular.
In a multisig solution, you'd actually want to have
a variety of different wallets to sign transactions.
But actually, ideally, as secure as this wallet is,
you wouldn't want it to be seven of these.
No.
So ideally, indeed, in multisig setups,
you use different hardware wallets.
And the reason behind it is just that if you have,
let's say you use all of the same technology
and somebody finds out how to break them,
then it's game over as well.
So it's better to use different ones
so that you know they have to break all of them
to actually be able to get to the outcome you don't want.
Yeah, one of the pioneers of multi-sig is Jameson Lopp.
A lot of you have probably heard of him who owns Kasa,
but he's one of the original cypherpunks.
And he sort of famously disappeared from the entire world
to see if he could do it.
But in one of my conversations with him,
he made a great piece of advice that I just want to share,
having nothing to do with the multisig setup,
where he said, I tell people that they should consider their security
at 10x whatever their current value of their crypto is.
So if you have $10,000 in crypto,
don't think about how you would secure $10,000 in crypto. Think how if you have $10,000 in crypto, don't think about how you would
secure $10,000 in crypto, think how you would secure $100,000. Because it could go up 10x in
six months, and then all of a sudden, you're scrambling for a solution that's secure enough
for a million or 10 million or $100 million. I mean, is that sort of a shared idea that?
Yeah, for sure. I mean, I think in crypto,
whenever you buy crypto,
you don't think it's $5,000.
You think it's $5,000,
but it's actually $50,000.
Yeah, I agree with that.
So you also have to think about it in the sense of I'm protecting that money
and not sort of your moon portfolio, so to say.
Yeah, you've alluded to this before,
but do you think that hardware wallets
are a solution for everyone?
I hate to say dumb, but most people are just maybe some people are too uneducated about it or haven't
done the work and then they become their single point of failure and completely blow it because
even if you do all of this and then you lose the plate yeah well i think if someone puts all of it
in one flimsy safe and somebody carries the safe out of the... Yeah, I mean, on that perspective,
I think there is really more like a spectrum.
And some people say, look, I want to be my own bank
and I don't trust anybody.
On the other side, you have somebody who says,
look, I just want to outsource it.
I don't care.
I mean, somebody needs to do that for me.
So we have outsourcers and you have people
who just want to do it all on their own.
So let's say banks, they start there and they're trying to get more decentralized.
We start here and we're like we're going to build solutions like the one I explained where you can have three parties
that actually make the outsourcing part easy for you.
So in the end, it might be that we also build a custody platform because we have superior hardware.
We know how to build end-to-end solutions. So we know how to build software custody platform. Because we have superior hardware, we know how to build end-to-end solutions,
so we know how to build software as well.
And when we look at what exists,
we already see gaps that need to be improved.
Yeah, that makes perfect sense.
Do you see yourself ever actually working
with the exchanges as their custody solution?
Well, so actually, so we're closing a round right now,
and one of the top five exchanges in the world
is leading this round.
And there are many, let's say, different facets to this deal.
It's not just equity investment.
It's really like commercial partnerships and so on.
They have millions of customers,
so that's interesting to push the solution.
But they're also, of course, interested in
what can this mean for their own institutional
custody.
So it's sort of all coming together in a really great way for us because we will have a lot
of experimentation possibility into how does this fit perfectly into custodial institutional
custody or in the B2B, B2C setup.
So yeah, it's definitely part of our longer-term roadmap.
One of the more popular on-chain metrics
that traders love to look at
is inflows and outflows from exchanges, right?
And they say if there's money coming into the exchange,
somebody huge is looking to sell.
If it's going out, people are looking to hold,
and those huge entities are taking it off.
I have a different take on that,
and maybe you can tell me that I'm right or wrong.
I think that right now,
the reason we're seeing massive outflows from exchanges,
which people think are bullish,
is because so many platforms have collapsed
and people are finally looking to get their coins,
really seeing evidence
that they need to get their coins off exchanges.
Is that confirmed by your sales?
I would think you would actually sell well in the bear market
where people are concerned about.
Yeah, I mean, we clearly see that there is a change
in how people think about this, and rightfully so, right?
I mean, these DeFi platforms,
they're even worse than centralized platforms
because at least with a bank,
you know you have to sort of level of money is guaranteed
or whatever it is.
These DeFi platforms don't give you back anything. you know you have to sort of level of money is guaranteed or whatever it is these defy platforms
don't give you back anything um and unfortunately it's always such a unfortunate event that
suddenly gives you that light bulb in your head when it's too late um so yeah hardware wallets
are sort of booming in that sense because people understand more and more that if you own your own
keys and let's say right now it's just your crypto,
but in the near future, it will be your identity, your house,
your basically, if you think about Facebook today,
with Facebook, you can ask Facebook, you log in with your password,
and you say, look, I want to change my relationship status.
But it's literally Facebook who's going to say, yeah or no.
So you don't own your own
Facebook identity and even at this at this point so if you think about it from
that perspective your private keys are the most important thing you will have
in the next 50 years and if you like I mentioned in the beginning if you create
your your key wrong as the first step, you lose.
And unfortunately, all solutions we have seen
already fail on that level.
So if you can take away something
from this conversation,
it's the only thing you need to remember
about the whole space of crypto.
Any final thoughts before we part?
Anything that I might have missed?
And then I'm actually going to give you guys
an opportunity to ask questions if you do have any.
I know that he ran out, but he had a question.
But any final thoughts?
Anything we didn't touch on?
Do you want to tell people?
Anything we didn't touch on?
If the answer is no, it's fine.
That just means I did a great job.
You did a good job, yeah.
No, I mean, happy to answer your questions.
I think I said enough.
I can imagine there's stuff going on in your head
that might be very challenging
and happy to hear it.
Anybody have any questions that they'd like to ask?
They're in the back.
He's going to bring you a mic
because we're recording
and it'll be less awkward
for people who see the
recording so i guess with um the threats of being attacked physically how do you go about protecting
the anonymity of your clients that purchased your said hardware wallet i guess that simple like yeah
email you know physical address like the ledger hack. Correct.
Exactly.
I wouldn't name it, but it's good that you do.
Because we really respect our, let's say,
direct or indirect competition or substitutes.
But I think what happened there is something you see a lot.
It's sort of when you're growing,
you have growth bias, right?
So let's say all these exchanges,
what they do is they just think about,
I want to have more users, more revenue, more adoption,
and we'll take care of the security and the admin and every supporting part of the infrastructure later on.
And sometimes that turns out a bad idea.
With them, with Ledger in that case,
it was similar to that, right?
But it did indeed send a signal like,
you should always be circling back
and thinking about how is everything following.
And if you're a security company,
that needs to be 10 times harder in your head
going on all day long, right?
So what we do is we basically remove
as much as we can from our users
once we have shipped to them
and we keep everything offline
on secured offline terminals
for the stuff we do want to keep.
So for us, that is sort of what we do.
There's nothing really that you can sort of try to steal
because it's either offline or it's already gone.
I know with wallets, 90% of the hacks that are happening
is not due to the hardware actually being hacked,
but it's users getting phished or interacting
with the wrong smart contract address.
Is there anything that you're doing for the user experience
to fix those issues?
Yeah, that's a good question.
I think what we do there the most is just really trying to
proactively answer all of those questions like,
how do I make sure that what happens if engrave doesn't
exist anymore tomorrow?
What are the cybersecurity hygiene things I need to do to
be better?
So we spend a lot of time in building content like that.
So if you would go to our website, you have an academy,
you have a blog, you have all these different categories
that you can look into.
I think that's where it starts.
And when it comes to using your zero in the open world,
your zero will never disclose your keys.
So unless you're literally sitting here the camera is on top
of you and you're looking and you're like show me my c-trace yeah then then then that's obviously
not what you should do um yeah but i mean phishing and so on this sort of a different aspect of of
the whole the whole story um but for example if you have to download the app on our device you can literally scan a qr code
on zero that will bring you to the app store so you will you don't have to let's say type it in
find it and you download the wrong app you can do it from the device so we're always practically
looking at these small things that might indeed be exploited in the wrong way.
Mike? Misha?
Yeah, I have a question.
Who creates all these devices and systems like the metal plate?
What is the process of innovation, basically?
And who are the people behind it?
You mean like who invented it? I think he means production.
Like how is it actually
physically produced yeah so the the core people behind it that's three people so it's me it's my
co-founder xavier's uh cto and it's my co-founder edward uh cco and together we literally uh
partnered up with a lot of really cool parties all over the world. So, for example, COSIC is one of the most renowned cryptography teams in the world.
They've invented AES-256, which is basically the encryption algorithm in your WhatsApp, in your Telegram.
Even government secrets are kept secret through that algorithm.
They've invented it 20 years ago.
It still hasn't been broken officially.
And now they are the ones who have been selected as the post-quantum cryptography standard. So that's one
of the teams we work with on a very close and regular basis. And what it allows us to do is it
allows us to look into the future because they tell us, look, this is the post-quantum cryptography
thing we have worked on. Maybe it should be part of the wallet well before it comes out.
So people like Jean-Jacques,
we're all part of this team, right?
But at the core, it's the three of us.
And every single decision when it comes to
which chips should be on there,
should we tailor the chip to be more secure,
which resistor, whatever.
So every single decision we had to make,
it was us who made that final decision
on what it needed to be.
And obviously we had a lot of help
in hackers trying to break it open
and then telling us,
maybe you should change this or that.
By now, there are literally governments
trying to break it open
and they haven't succeeded.
So that's good news.
And we will hope we can share that in the near future but it's always it is always sort of you co-create with the end user
right you do still need to adhere to its maximum security and we're not going to give in in any
points and still be able to marry all of those things together and that's that's the that's the
actual challenge um so that you keep everybody happy because if it
sucks in UI, nobody's going to use it. If it's not safe, then nobody's going to use it after it's
been broken. So yeah, it's a continuous process that just keeps iterating, make sure that everybody's
involved. And then if you're lucky and persistent, then this is what comes out at the end of the...
And it's a touchscreen, which is awesome.
Yeah.
I don't know if you've ever used a ledger
and you have to use the two little buttons
and scroll through and it's a constant headache,
but it's as intuitive as an iPhone.
And we used to, when we did our Indiegogo campaign
two years ago, you could choose colors.
And so Scott, I think he only has white ones, right?
Yeah.
So he has like the real cold white versions of it.
Yeah, that's awesome.
Any other questions before we hear behind you, Mike?
There's another one back there.
Okay, so if our personal information is on blockchain,
then we use that as how do we...
So when I use my personal information in the future,
how do I keep people from seeing all my information?
Because on blockchain, everything's visible in my wallet.
So how are you going to separate in that wallet
verification of who I am,
but only limited what I let that person see?
Yeah, I mean, let's say you're on your centralized exchange
and you have created keys on your hardware wallet.
So you know the address it
needs to be sent to you send it from the exchange you can send all your bitcoin from the exchange
to that address there is no kyc done let's say on the level of the wallet so you have sent it
somewhere it might be to yourself it might be to a friend it might be to another third party
so there is of course still a trace there, right?
Let's say hardware wallet is not necessarily built
to be fully anonymous
in the way you explain.
You can do so many things, right?
You can put your Bitcoin
in a mixer, it comes out,
nobody knows anymore
which Bitcoin is from who,
and then you send it
to a hardware wallet, right?
So there's a lot of things
you can do.
But in essence, I mean, send it to your hardware wallet
and nobody knows that that hardware wallet is yours.
And we're going to do one last question
and then I know we need to go.
We had one last question right over here.
Hey, real quick, just like to double check in a way.
You're going to have a ton of QR codes then, right?
You're using it for all these services.
So will these be static machine readable QR codes or using right? You're using it for all these services. So will these be static machine-readable QR codes or are you using
a dynamic database?
You mean will we also use dynamic QR codes?
Is that the question? Yeah.
Yeah, we do. Yeah, correct. How will you
stop man-in-the-middle attacks on the dynamic
QR codes?
You mean like if somebody would hijack the QR code?
Yeah.
Yeah.
What we do is we always have that
verification part.
So whatever is being scanned,
you will have to look at it
and you will have to tell to the device,
okay, I want to actually sign this, right?
So that's basically it.
Or I would say the dynamic QR codes
are generally more for synchronization.
So let's say the first time you have your wallet,
you have created all your keys,
you're going to share your public keys with the app,
and then you will have your dynamic QR code from the device.
And what you're sharing is just your public addresses.
But let's say that a random person out there
can literally scan all our QR codes
and see if at some point we fuck up
or whatever it may be,
and we will be called out on that, right?
So, yeah.
And, well, yeah, I'm also focusing on, like,
the database itself getting changed
so that you still see it's the same QR code,
but it will send you to a phishing site
or a different domain.
Because that would only be on dynamic, you know.
Well, the first, let's say you create a QR code
on your device, on your app, right?
The zero will scan that.
So the zero will not go to any random website.
It's impossible.
Yeah, it interacts between your phone,
an app on your phone and the actual device.
So you have to go back and forth
from one to the other multiple times.
Okay, good, good.
There are known QR code attacks,
like let's say a buffer overflow on a QR code or something,
but those things don't work on our device.
That's all I got, guys.
And like you said, I really encourage you to come put it in your hands,
check it out, because it's pretty amazing,
especially if you've ever held another one of these kind of devices
in your hand and attempted to use it.
So everybody, please give it up for Ruben.
Thank you, guys. Thank you very much.
Have a wonderful night.
Thank you. Thank you, Scott.