Unchained - What’s Next for Wallets After Ledger Recover Outrage? - Ep. 502
Episode Date: June 6, 2023Wallet security was in the spotlight after the announcement of Ledger Recover, but the crypto community doesn’t need to “freak out,” according to Itai Turbahn, co-founder and CEO of Dynamic Labs..., and Ouriel Ohayon, CEO of ZenGo. The two CEOs join the show to talk about the challenges of bringing self-custody to the masses. For many, “not your keys, not your coins” is actually “your keys, your problem.” Listen to the episode on Apple Podcasts, Spotify, Overcast, Podcast Addict, Pocket Casts, Stitcher, Castbox, Google Podcasts, TuneIn, Amazon Music, or on your favorite podcast platform. Show highlights: the problems that may arise when managing your own keys the misconceptions that people have about hardware wallets why Ouriel says that Ledger is going in the right direction but made a major mistake how multi-party computation can be a solution to the problem of securing your own keys what are other ways to solve it, such as Shamir’s secret sharing (SSS) and multisigs the tradeoffs between security and user experience how Dynamic Wallet works by linking multiple wallets to a single account whether “passwordless authentication” is the future of security how can users protect themselves from “bad transactions” and what are companies doing to help whether open source contributes to more security in the wallet landscape how account abstraction will change the user experience whether security is the key to the future of crypto Thank you to our sponsors! Crypto.com Guests: Itai Turbahn, cofounder and CEO of Dynamic Labs Ouriel Ohayon, CEO of ZenGo Previous appearance on Unchained: ZenGo: A Self-Custodial Wallet Minus the Risk of Losing Your Keys Previous coverage of Unchained on wallets: The Ugly Tradeoffs of Ledger’s New Recovery Service Links What is ZenGo Recovery Kit? Cointelegraph: Multiparty computation could offer increased protection for crypto wallets I run a Ledger competitor — But I support it in blow-up over keys Unchained: ‘Backdoor’ for Seed Phrases? Ledger’s New Recovery Feature Spooks Users Tweet from Ouriel that explains the differences between ZenGo and Ledger Solving the crypto adoption problem: making crypto *actually* usable Multi-Party Computation (MPC) Technology Can Ensure Effective Fraud Detection | Nasdaq Web3 Auth 101: What is wallet-based authentication? Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi, everyone. Welcome to Unchained, your no-hype resource for all things Crypto. I'm your host,
Laura Shin, author of The Cryptopians. I started covering crypto eight years ago and as the senior editor,
Forbes, was the first Main Tree Meteor reporter to cover cryptocurrency full-time. This is the June 6th,
2023 episode of Unchained. Buy, trade, and spend crypto on the Crypto.com app. New users can enjoy
zero credit card fees on crypto purchases in the first seven days. Download the Crypto.com app and
get $25 with the code Laura.
Link in the description.
Today's topic is new developments in crypto wallets.
Here to discuss our Itai Torban, co-founder and CEO of Dynamic Labs, and Uriel O'Hayan, CEO of Zengo.
Welcome, Ariel and Itai.
Hi, Aram.
So I'm sure everyone knows wallet security recently became quite a hot topic with the announcement
of Let Your Recovery, which is the service.
that Ledger announced offering people a way to have a backup of their private seed phrase
that would be split up amongst different custodians and also tied to their personal identity.
The community kind of freaked out about this.
And some of the reasons include the fact that it could be possible for the companies to be compelled
by the government to give up the identities of these people.
It could also be because people suddenly realized, oh, right, the code for,
ledger is not open source, there's numerous reasons here. But before we go into all the details
on ledger recover, let's just take a step back because there's actually a lot of issues when it
comes to wallet security. So why don't we just kind of give an overview of what all the different
problems are, the pain points when it comes to especially self-custody of our digital assets.
Oriol, do you want to kick off the conversation? Sure. Thanks, Laura. So just for the
context, we're running a non-costal crypto wallet for four years. So we've been looking at this
problem for some time. The problem of security in crypto wallet is a deep problem unsolved to this
day. You know, the famous not your keys, not your coins happens to be your keys, your problem.
And the reason is because it's really, really hard to protect the seed phrase. It's a single
factor security system where, you know, if you lose it or if you miss it or if someone steals it,
everything is gone. And there is a reason
ledger and other companies are trying
to bring a solution to this problem.
So there is multiple issues with that.
First, there is the system.
The system where a wallet tell you,
by design,
you have to be in charge of your security.
And if you are not doing the right thing,
everything will go away. So that's
already a problem to solve because
most people are not equipped to be good at security.
The second problem is that you have to trust
the system that you are putting your
coins into. And, you know, with Ledger, people have finally realized that they had to trust
ledger at some point. And, you know, people suddenly opened their eyes. You know, they thought the
woman would never betray them and would never leave them. But it happens that in that case,
it was indeed possible that something was going to be broken in the, you know, perceived promise
that the hardware wallet is protecting you because they are part of a wallet system that, you
that is either closed source or that you have to delegate some trust so that the system works for you.
It means that it can protect the private key.
And finally, there is all the problems around the wallet security that has nothing to do with the wallet system itself,
but with the vector of attacks that a user can be exposed to.
And there are many, many, many, from like pure human error to social engineering and more.
And we can discuss those.
So the bottom line is that wallet security is a 360 problem that is extremely hard to resolve.
And the real question that you want to ask yourself is, what do you want to trust?
Who do you want to trust a system?
And then you have to delegate some kind of trust and the question is up to which level.
And then the alternative is do you trust yourself, right?
Can you make the right choices in terms of choosing the right wallet and protecting yourself around that?
and that happens to be a very complicated problem.
So I think that's kind of already some foundations for the conversation.
I'm sure we'll double-click.
Yeah, Etai, what do you think are some of the big pain points and issues that need to be resolved?
Yeah, so, I mean, Oriel made a bunch of really important points.
At the end of the day, this is about trade-offs, right?
Like anything in life, these are all kind of trade-offs.
And the trade-offs are always trade-offs of kind of security, user interface or experience,
kind of recovery, cost, and so on.
And you always have these levers that kind of,
you have to switch between,
and each one of them comes with their own pain points, right?
On the security side,
you can lock everything in this giant castle
and never have anything leave,
but that's not, you know, that has massive costs
and that has massive pain points of accessibility
to your information or your kind of keys.
On the other side,
you can trust someone else with everything,
which gives you the accessibility,
and user experience, but has massive costs on trust and kind of delegating access.
And that comes with its own paypoint.
So it's always, and as we dive in, we'll see this, there's always kind of these tradeoffs
that we have to talk about.
And each comes with its own kind of pros and cons.
And I think specifically we'll dive into this.
But in the ledger example, they kind of went from one side of the tradeoffs to another side
pretty quickly and kind of, you know, communication served a key component there, not necessarily,
not necessarily the technology side, but rather kind of how you deal with communication of tradeoffs,
right? So that's, that's kind of in my, from my perspective, the key thing is these are all kind of
questions of what do you prioritize and what are the challenges for each kind of element that you can get to.
Okay. So yeah, let's dive a little deeper into the level.
to recover situation because obviously that was something that just caused a really big outcry in
the Cota community. So there's, I think, probably multiple issues or problems with the service that
they were offering, or at least reasons to be concerned about it. So why don't you just break down,
and it can be either one of you, what some of the different fundamental issues were with that
service? So just to get started at a high level, I think the first element is the fact that it
exists, right? The possibility that there is a system, even an opt-in system,
you mean that you have to choose it, that can indeed extract in some capacity the holy of holy,
the seed phrase out of the hardware wallet that was not supposed to do that.
And I think there was a massive disconnect between what most people understood about the role
of a hardware wallet and the capability of a firmware, which is part of a hardware,
that has this ability to do basically whatever it wants,
including extracting the private key.
And because Ledger, as part of this code,
that is closed source,
there was no way to actually realize that.
So I think the first fact that it exists is a problem.
And just to expand on that,
so you're saying that previously people had this conception
that when they received a hardware wallet from Ledger,
what that meant was that the key could never be accessed
unless you like had the device.
Is that what you're saying?
That's correct.
Actually, that was actually their actual claim, you know,
that, you know, the private key can never be extracted from the hardware ever.
It was repeated.
It was written.
It was said.
It was communicated.
But there was always a small asterisks, you know, saying that, assuming that you trust on our firmware, right?
And the firmware is this piece of software that, you know, manages the relation with the
hardware and what the user wants to do.
it. And so it so happens that indeed a firmware once updated in, you know, by the fabricant of
this firmware can actually have the capability to, you know, in that case, extract in some way
the private key, the C phrase from the, not the private keep, but the C phrase from the, from the
hardware. So, so that's something that was not understood from the market and that was in part
one of the reason of the outcry because that was something that was never supposed to happen.
Although, to be honest, if you really double-click into the meaning of everything, it was always possible.
So that's something that, you know, I think was the beginning of everything.
But you add to that also how they did it, right?
And, you know, they say it was a misunderstanding and everything.
And it's not a misunderstanding.
They know exactly what they're doing.
And I have to say, you know, building a competitor, I have to kind of give them credit.
I think they're going into the right direction.
but I think they are making some very important tactical, I would say, mistake here.
The tying of the recovery to a KYC and identification which breaks privacy
and can create scenarios which they admitted of coercion and our government coercion,
that's a problem.
Okay, that's a problem.
It's not also very clear that the recovery can be safe of impersonations.
impersonations of ledger and impersonation of the user through the KYC.
And we've seen so much crazy stories that I want to see before I believe it.
So there are other big questions around how it's built.
So the fact that it exists and it's execution,
although I have to say that I think they're going into the right direction.
I think this was probably overblown, but I think this is the right move.
Maybe I, Tai, you have some more on that.
Yeah, so I do want to ask you about the right direction.
thing, but before we move on, I just wanted to comment just, you know, what you talked about,
how people could then fake other people's identities to access those assets. I mean, when,
you know, this rolled out, I remember thinking like, oh, it's so similar to what was happening
with the sim swaps or what continues to happen with the sim swaps, where, you know, people go into,
like, an AT&T store, Verizon or whatever, and they're pretending to be, you know, like, Oriel, like,
I could pretend to be you. And I say, you know, you know, you know, you know, you know,
you know, move my account to Sprint.
And then, you know, from there, I can go into all of your sensitive passwords and click
forgot password and then have the code sent to your phone number, which I now have.
And, you know, change all your passwords, lock you out and do whatever I want with your
accounts.
So, you know, it felt like, okay, that's opening up that level of attack, which, you know,
has been very prevalent in the crypto community.
Yeah.
And, you know, accessing fake KYC document today and even mimicking.
with deep fake videos and AI today a person,
it's a problem we know really well
because we do live-ness biometrics at Zango
is actually extremely easy.
So I think there is a lot of questions
about how this is going to be actually secure
and not to mention even the impersonation of ledger as a brand, right?
I mean, you know, you remember they were hacked in the past,
their e-commerce website was hacked
and there was a massive amount of campaigns
around impersonating ledger
into, you know, tricking people to give the C phrases.
So it's not like there is not a past around this problem.
It's very, very real.
It's very serious.
And so I want to see it before I can give a stamp of approval on an approval,
but at least I understand better the security model around what they're building.
Anitai, what were your thoughts about some of the issues with the Ledger Recovery Service?
Yeah.
So I think, first, I think their hearts in the right place, right?
So they, if you, if I put myself in their shoes, I would assume one of the challenge they face
from their end is folks lose their ledgers, right?
Folks kind of literally just kind of store a lot of information on it or a lot of
crypto on it and then it disappears, right?
And at that point, they have a challenge to solve, which is the challenge of how do you
deal with customers that can't, they don't remember their passwords, but don't actually
physically remember what they put their ledger, right?
second challenge that they face is a challenge of they have a one-time purchase business, right? And they
have to start moving to a subscription business in order to build a kind of company value. Right. And so
there is this economic challenge and there's this user challenge that they have to face, right? So
it starts from there and their heart is in the right place. I think the approach of creating some
sort of recovery solution is not a terrible idea. It's actually a pretty important concept, which is, you
No, let us help you make sure that if something happens, we can help you.
But Oriel mentioned this.
There's how ledger is perceived, which is ledger is perceived as a device that is really as close as you can get to your keys, your crypto.
Right.
And all of a sudden, within a single day for most people, there's a break in that promise, which essentially says, well, your device, your keys, your crypto.
But we can actually kind of with a firmware update, extract kind of shares of that storage
and store them on additional devices.
So there's a lot of the challenge isn't just necessarily kind of a security challenge.
And again, I think their approach is correct.
I think the fact that you should be able to store information and recover it.
And I think doing it with Shamir secret chair and being able to store different and kind of in a less
risky way where you have one kind of a tech vector to a single partner, but rather storing it
across three is actually a super smart way of doing it. But it's a break of a customer promise that you
have to do over months and years of communication done in the single day very, very quickly.
And that, in my opinion, is the biggest problem they face is not necessarily a security problem
or around their product approach,
and I feel for their product managers,
looking at this from the outside in,
I really feel for the product management experience,
but that to me is the biggest challenge
is actually a PR challenge versus the actual security challenge
is a break of customer promise for what you expect from Ledger.
I do think that if you fast forward to years,
this solution will come back in a second iteration,
and we'll talk about this,
but to a Riel's point, it'll come back kind of as an open source type of solution.
I'll come back potentially with alternative forms of ID verification that don't rely on biometrics
or image, but rather rely on kind of more privacy preserving information.
But the solution itself and the concept of making sure that if you lose your device, not everything is lost, is not a terrible idea.
Okay.
So both of you have kind of indicated that certain aspects of the way Ledger recover is designed
were correct directionally, at least both of you have said things like that. So what about this
service was in the correct direction, as you both indicated? I mean, we've been doing Wallet Recovery
Cloud Wallet Recovery for four years. We actually invented that approach. We do it for free,
without KYC, and very successfully at scale. So we can only be, you know, in favor of that
that approach. We've always said, and, you know, ledger.
recognize it even on their website that the seed phrase model is problematic, right?
They even put on their website testimonies of users who lost their seat phrases from their own
hardware wallets, and that's something that's very, very common.
So I think the approach of relying on what we call the two-man rule versus the one-man rule,
meaning you distribute the security and the recovery instead of like making the user trust himself,
which is a terrible idea eventually, is.
directionally correct. There is a set of problems here is that indeed, you know, it's KYC based.
And so privacy issues, easy impersonation. And so, you know, we have to see how they play it,
right? But, you know, they do use like three parties to kind of allow people to distribute the
secrets, one of which is ledger itself. It's already, you know, possibly an issue because now
they're part of the recovery. And another is,
a company called CoinCover, which also provides some insurance in some capacity, but it's not clear how.
And finally, EsproTech, which is a company we have brought to crypto four years ago.
So using the same company that the one that we've been using for four years ago.
So it's like directionally, there is something that makes sense there, but the execution is problematic.
So they started with a close source approach where they forced also the firmware update to everyone.
and now what they're trying to kind of go towards is open sourcing that solution
and making it mandatory only from certain devices.
But I'm not sure it solves the problem because even if you open source the recovery only,
the wallet itself has a massive amount of code that is closed source.
So it's not really resolving the problem.
Second, it's a paid service.
So the question is what happens if you stop paying?
Like, are you losing your recovery, right?
It's not very clear what happens there.
then what will be the system of resistance to coercion, right?
If a government sends a subpoena, they admitted that they would comply
and that they would give away, you know, the parts.
And so that's a problem.
In our wallet, for example, if we receive a subpoena, we can give something, but it's useless.
So there is nothing that can give away the user account, right?
So there is a set of questions around how is that resistance.
to a government state attack, right, which is a very real thing.
We know it happens.
And so I think there are still a lot of unresolved questions.
And we'll see how they play that out.
I mean, you know, I think they are version one.
And like I said, probably in the future they will do better.
I want also to make a prediction today.
I'm fairly convinced that it's not the last company to try to do that, right?
I mean, we were the first, the coming second.
And I can already know and tell you that there is other companies that will do that.
Because directionally, there is no way to stay sane and tell to your users if you lose your seed.
You know, trust us, but if you lose your seed, you lose everything.
That can't be the future.
Everyone knows it.
And so I'm sure there will be more and more of that.
So I think there will be iterations of that model towards something that is more resilient to government attacks
that will probably take the price down or to free, as we always did, for example.
and that will have a more robust security system that doesn't rely just on KYC.
Well, now that we've kind of explored all the different issues there,
Oriel, you obviously have a, you know, as you mentioned, a competitor,
and it has quite a different model.
So why don't you describe how it is that Zengo secures users' crypto?
So it starts with the foundation.
We don't use it phrases and private keys, which, you know, is the mother of all issues.
by the way, even with a recovery system, like ledger recover,
you still have to back up manually 24 words or 12 words somewhere safe, right?
And so that's the mother of all problems.
Even if you have a recovery service in place,
you are still likely to give that away to a fissure
or to some sort of attacker, physical or digital,
all sorts of problems that can happen around that.
So we don't use that.
We use MPC, multi-party computation,
which by default and by design,
does not generate private keys, but distributed independent secrets.
So there is no magic here.
You still generate secrets, but they are never in the same place at the same time
so that there is no single point of failure.
So if you lose one secret, you don't compromise the entire system.
So that's kind of the first point of difference.
The second point of difference is we have created on top of that
a system of authentication that does not rely on passwords
and does not rely on pass codes or pin codes, right?
So in a wallet, you traditionally have some sort of pin or a code or something to get in.
We created an authentication mechanism that is multi-factor and does not rely on passwords
and rely, among other things, on Liveness Biometrics, which is a way to identify
that you are who you are at scale very, very securely.
It's already been deployed at scale millions and millions of users.
So the authentication mechanism is also a guarantee that no one else, but you can access.
your wallet. And finally, there is an element of security at the transaction level where the wallet
tells you what's going to happen before you hit the send button so that you avoid transactional
risks, like, you know, connecting to a malicious app, for example. So the wallet is designed in a way
that makes it extremely resilient to traditional attack vectors related to seat phrases, related to
human errors, related to sim swapping, related to phishing attacks. You know, to this day, we had zero
account theft, zero. We have nearly a million users. So that's really remarkable when you think about
the security system and it's kind of its proof and its validity. And it's because it's designed by
default very differently. Just maybe I'll add one one maybe distinction that I think we might want to
dive into at one point, but as a key distinction is, you know, we talk about all this stuff as MPC
and, you know, Riehl mentions kind of the approach of Zengo. There's a nuance of kind of, kind of
technologies within it.
So one thing we should probably touch on is ledger uses Shamir Secret Chair,
which essentially says we will take a key that exists and then we will split that key
versus a Zengo approach or a coin-based wallet service or a lot of providers kind of
that say the key will not exist to begin with, but rather independently you will
calculate the result from kind of independent chair.
So there's a lot of nuance that isn't necessarily clear in the market on what does MPC or what does the splitting of keys actually means and whether a key has existed to begin with.
So essentially, there are multiple ways to actually think about kind of private public keys, right?
And this is not necessarily related to cryptocurrency.
In general, you generate a, you have a private public key type security.
and it relies on a single private key,
and that kind of lets you interact with the world.
You send your public key to someone.
They can encrypt stuff with their public keys,
and back to you, you can open it.
So that's the kind of the classic kind of crypto,
kind of way to go about the world.
The challenge, and this is what we talked about
for the last 20 minutes,
the challenge is that you have a single private key.
There are multiple technologies out there
to actually address how you solve it.
They are in the categories of multi-party computation.
They're in the categories of multi-sig.
They're in the categories of essentially what we'll call other,
which is storing things in AWS Nitro, enclaves, and things of that sort.
Within MPC, really the categories are the following.
There's MPC, which essentially says take a single key and split it up.
There's multi-sig, which essentially says take a single key and add another
four, five, six, 20 keys on top of that and make sure all keys need to unlock.
And then there's a third category, which is take a key and store it in a very safe place,
either on a cloud or in other way and create kind of architecture that makes it really hard to
access the privacy.
Those are kind of three approaches.
Within MPC, if you double click on that and sorry to create this weird tree of MPC,
multi-sig and other, but within MPC, there are actually two technologies.
There's what's called Shamir Secret Chair and there's threshold signature scheme.
Shamir Secret Chair is this really cool 1970s technology that is, like, works really well,
which does the following, which essentially says we can take a key, we can split it into
two, three, et cetera, and then we can create this calculation where the key is usually
separated. So parts or shares of the key aren't stored at the same place at the same time,
lowering the risk of, let's call it a hack of someone kind of knocking on your door and taking
your private key because it's not stored in a single location. The challenge with Shamir's
secret chair is that the way that math works means that at a certain point of time, the key is
reconstructed to sign a message. So essentially you have shares, right? You
took a single and single kind of key broken into three, but then you reconstructed it to actually
create a signature. That's what Ledger does, for instance, right? So Ledger, and the reason they do
this is because they started with kind of a single key, they broke it up, and then they reconstructed.
There's a second approach with MPC, and that's what's used by Zengo. That's what's used by
fireblocks or, you know, Coinbase wallet as a service or curve that was sold to PayPal.
or another kind of couple of solutions out there, fortify, et cetera.
There, essentially, the approach is a key never has to exist in the first place.
There are three shares, and through coordination, they independently kind of create the
result or an outcome.
I'll call it math magic.
And I know Riedel actually has the details around actually how this works, but there's
some really cool math magic there with proofs.
around the coordination, but essentially while maintaining independent shares of keys,
you get to an outcome of the kind of assigning of calculation.
That's really cool because essentially it's this math magic of a key has never existed to
begin with, but you still have the same effect.
And so what you see companies, again, that secure billions of dollars like a fireblocks
or a Zengo or Coinbase Wall of Service use,
is they use kind of threshold signature scheme,
kind of that subset of MPC, to actually do things.
And the world, and we'll talk about this,
there are multiple Waldo Service companies
moving exactly to that model as a way to kind of secure private keys
in a much more scalable way.
So that's kind of the breakdown.
But again, coming back to just Ledger uses Shamir Secret Chair
because they start with a private key.
Zengo uses threshold signatures,
SAFE uses a combination of multi-sig and account abstraction now.
There are multiple approaches to this.
And just to complete on what it I described,
what that means in effect in terms of security consequences
is that in the world of Shamir secret execution,
if the parts are attacked or coerced, right?
You can reconstruct the private key
and therefore take away the funds, right?
Very, very easy to do.
Right, if you have the minimum threshold to get them,
two out of three, three out of four, whatever.
In the case of ledger, it's two out of three,
then it's game over.
In the world of threshold signature,
even if there is a takeover of the server of the wallet operator,
right, in that case, Zango or Fireblocks or whoever operates by that cryptography,
nothing can be done.
It's impossible to take away the funds because there is never a private case that existed in the first place.
And the threshold to obtain the permission to withdraw the funds as to be completed on the user side.
And obviously, the system doesn't have access to the user side.
So I think it's like there's a very fundamental difference in terms of security system
and guarantee that you have with one that you don't have with others.
All right.
So in a moment, we're going to talk about the downsides of NBC Wall.
because it's all a game of trade-offs,
but first a quick word from the sponsors
who make this show possible.
Join over 80 million people using crypto.com,
one of the easiest places to buy, trade,
and spend over 250 cryptocurrencies.
With the crypto.com visa card,
you can spend your crypto anywhere
and get rewarded at every step.
Up to 5% cash back instantly,
plus 100% rebates for your Netflix and Spotify subscriptions,
and zero annual fees.
New user.
Enjoy $0 credit card fees on crypto purchases in their first seven days.
Download the crypto.com app and get $25 with the code Laura.
Link in the description.
The scorebed app here with trusted stats and real-time sports news.
Yeah, hey, who should I take in the Boston game?
Well, statistically speaking.
Nah, no more statistically speaking.
I want hot takes.
I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
The score bet.
Trusted sports content,
seamless sports betting.
Download today.
19 plus, Ontario only.
If you have questions or concerns
about your gambling or the gambling
of someone close to you,
please go to conicsonterio.ca.
With Amex Platinum,
$400 in annual credits for travel and dining
means you not only satisfy your travel bug,
but your taste buds too.
That's the powerful backing of Amex.
Conditions apply.
Local news is in decline
across Canada. And this is bad news for all of us. With less local news, noise, rumors, and misinformation fill the void.
And it gets harder to separate truth from fiction. That's why CBC News is putting more journalists in more
places across Canada, reporting on the ground from where you live, telling the stories that matter to all of us.
Because local news is big news. Choose news, not noise. CBC News.
Back to my conversation with Oriol and ETI.
So as we discussed in many ways, MPC wallets are more secure.
But there are some downsides in terms of computation.
So can you run through those?
Sure.
I mean, there is obviously security risk at the cryptographic level, right?
You know, the cryptography could not be maybe, you know, solid enough or robust enough in its randomness and its calculations so that the private key could be extract.
in some kind of way. Recently, there was a disclosure made by file blocks around what BitGo
made for their TSS threshold signature library and reveal that there was a possibility to extract
the private key out of the way the secretures were computed. So it's not like 100% security.
There's never 100% security. It's always about how you execute it, how you better test it,
how you audit it, how you improve it all over time.
And so there is a risk at the cryptographic level.
The second risk is obviously a trade-off at the point of signature,
meaning that when you accept to use a wallet that is based on TSS,
you accept the fact that the co-signer, the wallet operator,
will have to agree to sign the transactions.
If you want absolute guarantee and total control that the signature will happen,
then the TSS model is not perfect for that.
you will never obtain the total equivalent of you alone signing your transaction.
What that means is that in theory, although that has never happened in the past,
the TSS operator, a threshold wallet operator, can stop a transaction, can make it so that
it will not be signed.
There are ways to mitigate that, and we can discuss it, and we have one of them, for example,
but this is a real risk.
And so I would say there is a systemic risk at the cryptographic level, and there is
a design system risk of trust at the signature level so that you can make a transaction and
move your funds out. All right. So now we've done a really deep dive on ZENCO. I Thai, you are
working on dynamic wallet. Why don't you tell us about it? Yeah, absolutely. So we are essentially,
we're the other side of this. I would call it the Switzerland of the wallet industry. We're,
We are essentially an authentication provider.
We work on the application side.
So we have customers like Sound.x, Y, Z and FlipSite Crypto and, you know, and token proof
and others.
And we power their system to interact with wallets, whether it's branded wallets, whether
it's kind of embedded wallets, like a Blockdo, et cetera, or whether it's wallet as
a service wallet, it's like a Coinbase wallet as service or a Magic or a Web3O.
So we get to see kind of the wallet industry as a whole and kind of interact with all types of wallets.
And our customers or developers or sites and apps that interact with these wallets on a day-to-day basis,
we provide both the kind of login services for these wallets for these applications,
the user management, authentication authorization services.
We help end users spin up wallets through MPC or other options.
if they don't have access, but our customers are not necessarily in consumers.
They're actually developers, and we power the entire kind of authentication system for those
developers as they run sites.
They want to interact whether than, rather with email account creation, they want to interact
with wallets.
We, you know, we've been talking about wallets for the last 30 minutes.
And just so everyone knows our vision, we fundamentally believe that's pretty much the world,
the world is going. So in five years, everything becomes a wallet and the way you interact
with sites and apps is not going to be account creation. It's going to be logging in with your
wallet. So that's the future we're essentially building too. And that's why we're so passionate
about wallet security is because for that world to exist, there needs to be a lot of innovation
in that tradeoff of security and experience that let customers kind of move to that model
from trying to kind of create an account and save a passport everywhere,
move through that model where they interact with a wallet,
again, saying that for the 50th time in two minutes,
but interact with a wallet as they log in.
And one thing that I was curious about was that because you can link multiple wallets
to a single account, if a hacker gets control of that account,
then they can access multiple wallets, correct?
Or how does that work?
It's a great question.
So one of the features, to your point, that we offer,
is we realize pretty quickly that customers don't have a single wallet.
They have multiple wallets, right?
They have their social wallet.
They have kind of where they sort their NFTs.
They have their more financial services wallets.
And the number of types of wallets you have are expanding.
And so a service that we offer developers is the ability on their site and siloed to their site help customers link these wallets to a single account.
But the signature itself, the transaction still happens.
on the wallet itself, meaning regardless of the linking or not linking to approve something,
a user has to sign on their own wallet.
So to your point, if a hacker gains access to a dynamic user system of record, they can't
actually do much with it because essentially it's just an association of different wallets
and how they connect together, but the actual transaction, sending something out of your
wallet still is a signature that happens.
your own identity provider, you sign to transfer.
So there's no kind of a tech vector there, you know,
because it's more of an association.
We store associations between wallets,
not the actual kind of content of the private key.
All right.
So let's now just talk about some other aspects of security when it comes to
wallets.
So we've just been talking generally about the wallet itself,
but obviously there's security that can be done around transactions.
And I'm sure you guys have heard that there are a lot of times when people are kind of overcome by a feeling of either FOMO or other sort of urgency or, you know, there's all kinds of social engineering ways to get people to do things that's against their best interest.
So what are some of the ways that either wallets or other kinds of products are protecting users from bad transactions?
So, by the way, before mentioning bad transaction, the first and by far the biggest risk is actually impersonation of wallet brands.
You know, typically someone says, hey, I am ledger, I'm a metamask, you know, give me your sick phrase so I can help you.
Right.
This is very, very common.
It happens at scale.
You know, Reddit is full of pages and testimonies of those.
And there is very, very little that you can do to protect users against that because, I mean, except educating people, but even that is difficult.
Sometimes the system itself gets hacked as it happened with Ledger.
And there is nothing that you can do.
People think they should give their seatphrase.
And so the only protection that you can give them is a system where there is nothing to give away.
And that's why passwordless authentication, I believe, is the future.
That's why Apple is moving there.
Google is moving there.
Microsoft is moving there.
So that there is nothing to give away to a fisher and impersonator.
Then you have the problem of malicious applications, which usually start with
a link, right? It's a link that will look similar to something that you heard of, that you know
of, an NFT program, an influencer, a famous persona, you will click on it, and it will ask you to
connect your wallet, right? And possibly it will be with dynamic or with wallet connect or with
another system. And then you will have to give a permission because that's how smart contracts
interpret with wallet. You give a permission to do certain things. And this permission usually
can become very quickly a wallet drainer,
meaning that it will abusively go way beyond the permission
that it initially asked you to give
and basically remove everything from your wallet,
sometimes at the same moment,
sometimes later on you will not even realize.
And so the way to resolve that
is to actually provide to the user
in the context of the transaction,
a preview of what's about to happen
if you approve the interaction with that wallet.
we have one of that solution.
We call it Clear Sign.
It's a built-in firewall, but there are many others that are providing that as an extension.
And, you know, so it works only on the computer, but, you know, some things will at some point work on the mobile.
And they basically tell you when we tell you, hey, you're about to get your funds removed completely.
Hey, you're about to give your board ape away, right?
Is it really what you want to do?
And so you raise the awareness of the process.
of the problem that's about to happen.
You cannot prevent it because if someone wants to do a transaction,
well, they do it.
If someone wants to die and then he will die.
But at least he knows that he's about to die.
And so you give him a chance to stop before the last step, right?
And so that's kind of a world in itself.
I mean, there are many, many variations, you know, colors and flavors about how this
happened.
It happens all the time until today.
Many people fall into it, including the most of the first.
sophisticated people, you know, famously, you know, Kevin Rose, the founder of Moonbird,
clicked on the wrong minting link and many others. And so it's not something that you should
think that it's just about, you know, people falling into it because they don't know.
Even the people who know fall into it because it's so easy, right? It's so easy to perform.
And so the only thing that you can do as a wallet is to provide the right awareness before
things, bad things happened. And so that the user is informed about what he's about to do.
Maybe Tai you want to complete with all the things that you are seeing or aware of.
Yeah, absolutely.
I think your point is right.
I think one example is a company.
There's a company called Stello, which does a browser extension that essentially
simulates transactions before they happen.
And they do a really great job of kind of showing you what you're about to sign.
That's it.
The way I'm thinking about this is I'm thinking about this like the 1990s email, right?
where it was kind of pretty much a wild west.
And over the next 20, 25 years,
there was this constant iteration of how you fight spam,
how you fight fishing emails,
how you fight making sure that you have trusted senders
and things of that sort.
And it was this constant evolution to get email to a safe spot
where you can really trust it.
Right.
So if we remember 15 years ago before the world of Gmail,
it was pretty much terrifying to open links
and kind of make sure you click them and information is collected about you.
Now, that's email, which is an information protocol.
We're now talking about this at a financial protocol.
So the risk of things is kind of 100x as complex, right?
Because it's not just stealing your information, but literally stealing your money, right?
And so both the incentives to create theft and incentives to create fishing attacks, et cetera,
go up exponentially, but also the incentives for companies to tackle this, right?
I think just in Israel alone, I heard of 10 companies trying to create transaction simulations
in order to try to tackle this field.
And so what you'll see is to a reality of a combination of kind of social engineering where
you're going to, you know, there's going to be services that provide wallets with easier
way to tell users what they're about to do.
There's going to be services on the DAP side where dynamic plays to ensure that users cannot
sign for something that is out of scope in some way.
There's going to be kind of this containment of type of functionality you can do to interact
with the wallet.
And wallets over time will close a little bit kind of the types of things you can do with
them.
But it's going to be this massive competition between.
great incentives for people to steal your money,
and massive incentives for companies to then claim,
to then essentially create a structure to compete that.
Very similar to what we saw with email in the 90s,
just on steroids at a far faster clip of innovation.
So that's what we'll see essentially.
And again, you see really cool companies.
Rain, I think, is another one that's trying to do this.
You'll see a bunch of companies try to compete with this,
with a space forte, Florida is another example and so on.
So another thing I wanted to ask about is that people obviously have wallets that they keep
online and then whilst they keep offline.
So can you just talk about how it is that people can kind of secure their wallets
depending on the spectrum of kind of how hot they are?
Yeah, I think maybe I'll start with that one if okay.
First, by the way, on wallets they're stored offline, if we come
back to our first conversation of Ledger, it is a wallet that started as an offline wallet
and is now moving to an online wallet, right? So it's moving from Ledger to Ledger Live to kind of
recovery. So even quote unquote offline wallets are starting to move online because there's value
of not just storing things. The wallet is moving from a storage device to kind of an interaction
authentication device. And so it makes it really hard to just be an offline wallet in that
world. We're moving, the entire concept of Web 3 is not about just storing things in your wallet,
but also using your wallet and using it as a financial devices and authentication devices,
storage device, et cetera. But very similar to how we do everything in life where some things are
very sensitive. We put them in the safe deposit box and some things kind of are in our wallet
on a day-to-day basis. You'll see something similar in crypto, which is over time you'll have
very secure services where you access things once the year, once every several months,
and you store kind of massive amounts of money, et cetera.
And then on the other side of the spectrum, you'll have wallets, which are more your social
wallets or NFT wallets or, you know, wallets where you interact with small transactions,
which you open multiple times a day and there the user experience is a little bit more
important than the security side. So you're going to always have that spectrum of types of wallets.
And the world will, in my opinion, we'll move to is not that there's a winner take-all wallet,
but rather you'll have multiple wallets for different use cases, some of which more secure,
more quote-unquote offline, some slightly more user-friendly with that trade-off, but something you
use 10 times a day. That's what we'll see over time. But again, coming back to the point,
even an offline wallet like Ledger is inherently just moved fully online, right, which is really
interesting. So I think there's also kind of new ways of securing wallet. Some of these we had
discussed in a brief chat before recording. And you mentioned things like magic and turnkey.
You know, I don't even know really what those are, but can you describe a little bit about them?
Sure. Yeah, absolutely. So we talked right at the beginning.
of the conversation about different technologies out there, MPC, multi-sig, and other.
If you double-click on that other category, there are multiple approaches for how you can store
your keys, right? And I think about them a little bit like safe posit boxes in banks, where you
store something in a bank, but the bank can't necessarily access it, right? And it's a different way
of, sorry, information, you have to go to the bank, you have your key, but the bank itself can't
actually open your safe deposit box. Magic or turn.
turnkey are inherently, and I'm simplifying this significantly because they have massive
technology around this and, you know, Magic just raised a massive round around this.
But Magic and Turnkey are inherently technologies that apply that safe deposit box type
approach, which say, we will store your key in kind of an AWS enclave, like a nitro
or something of that sort.
We will secure it.
We will ensure you get the benefit, the massive benefit of.
of security there, but we'll build it in a way where we can't access it.
So you still enjoy the non-custody element of kind of, you know, you're the only one that
can access your information, but rather than storing that in your pocket like a ledger,
you will store it in giant server farms of folks that do this for a living, right?
So those are technologies which are inherently are the safe deposit box on the cloud.
And I'm simplifying.
I'm hope I'm not hurting magic or turnkey's feeling here because I think they're actually,
these are super innovative and super smart technology.
So this analogy hopefully is a compliment, not a thing.
But these are kind of really cool approaches that are complete different from MPC to solve the same fundamental problem,
which is how do you think about recovery, storage, etc, while maintaining.
that you're going to lose the thing that you have in your pocket,
which is like that ledger device over time.
So those are magic turnkey and other approaches there as well,
which are really cool companies in this space.
To complete on what you said and you described really well,
is that what happens is that the world of wallet is becoming more complex
and more articulated.
Historically, we've known the world of wallets,
which were personal primary wallets, right?
Whether they are hardware or software,
this is something that the user chooses to install or to buy and put its coins or NFTs on it, right?
This is what we've been knowing for the past basically 12 years.
Now you have an entire new category of what we could call embedded wallet, right?
They're not destination where people go and, you know, choose their, you know, to create their wallet as they do for Wiesango or Ledger or Metamask.
But they are choosing an app which can be a game or.
or a social network, a network, and by creating an account there,
at the same time behind the scene,
they're basically creating an embedded wallet,
which is tied to this application.
So that means that you have a wallet that is associated to the app
that you have chosen to use,
not because you need a wallet,
but just because you want to participate and enjoy the game or the app
that you want to use.
And so they have become with a big tradeoff in security
because now your wallet security depends on the security system of that application.
So, for example, if you choose to create your account with, let's say, a Google Connect or a Facebook
connect or a Twitter connect, your security is as good as your Twitter account or your Gmail account,
which we all know is not necessarily the best security in place.
And so the trade-off comes with greater convenience because you don't need to think about
creating a personal primary wallet and you have a wallet tied or embedded into that application,
but with a tradeoff around the security around that.
And that category is growing.
And so I think we're going to see a world where you will have in parallel primary personal
wallets where people will have their base, their home, where they put what they want to use
first.
And some will be for their day-to-day usage or, as it has said, in a vault that is frozen
and offline or possibly not offline.
and might have some announcement on that very soon,
but that for larger amounts.
And then you'll have embedded wallets,
which are tied to applications,
which like much lighter security
and all sorts of like, you know,
risk that can happen that you don't have usually
with a personal wallet,
but greater convenience because it's just right there
and you don't need to think about it.
So I also wanted to just address something,
which we've kind of talked about here and there
during the episode,
but I just want to have a dedicated
moment to discuss it.
During the ledger outcry,
people were concerned with the fact
that ledger's code is not open source.
And of course, the company pointed out,
well, it's, you know, always been like that.
So how do you guys
think about, you know, that
factor when it comes to users
choosing amongst different
wallets? Like, how important is it for a wallet
to be open source or how
concerned should they be about
close source?
So open source is
a great addition,
but it's not
a perfect medicine for any disease in security.
I know the proof of that, by the way, is that recently a Treasure, which is a competitive
of Lager hardware, which is fully open sourced, was cracked by a security company, right?
So that, you know, open sourcing brings more transparency because you actually see what happens,
but also by showing what happens, you also allow attackers to know exactly how the sausage
is made and basically you can actually deconstruct it and break it.
And so even though open source brings more transparency and possibly even more
increases security because by being more transparent, you allow the community to contribute
to a better system.
In our case, for example, we open source our cryptography and our MPC library has
become more robust because of that.
So I think it's a good thing, but it would be also very dangerous to consider that because
something is open source, it's resilient to any sort of attack and security risk. Sometimes it's
even the opposite. Just as an example, trust wallet used to be fully open source, which is a mobile
wallet, and they came back from it and they went to close source because there were too many
attacks on their wallet. And recently, their extension was hacked. And so that's not something that
is necessarily a good thing. And, you know, I understand why Leger decided to kind of open source is
like a way to kind of calm down the community that wanted to kind of get more transparency.
But make no mistake, it's not a solution. It doesn't bring any kind of additional comfort.
And people who are domestically repeating, if you're not open source, you're not secure,
are hiding very important realities behind it. All right. And Ita, do you have any thoughts?
I would just say, I actually, I think coming back to on open source, you know, earlier in the conversation made a point that actually ties into open source.
Open source also carries some risks with it, which is at times what people do is take an open source library and fork it, right?
And kind of build it as their own.
And as a good example in math heavy libraries like MPC, you now have a lot of companies rely on.
on kind of code that they haven't written.
And so it carries open source essentially kind of opens what you did to the world,
but then let someone else take it, implement it,
and potentially launch things on top of it,
and create risks where if you made the first mistake,
someone will make mistakes on top of it,
and there's going to be this ongoing cycle.
So there's a lot of NPC companies today,
which are built on open source libraries as an example,
where they don't necessarily have the fundamental,
understanding of kind of the cryptographic ceremonies that happen in the background or things
of that sort, which brings in additional risks, right? So there's the vertical of open source as
kind of a way to have someone validate that your code is secure and you implemented things correctly,
but there are kind of second order effects of open sourcing that create these massive issues.
And by the way, there are alternatives to open sourcing, right? So there's audits you can do,
Trail of bits or other kind of security audits that you can do on your code that at times bring the same result while not open sourcing.
These are all, again, tradeoffs, right?
They're massive benefits to open sourcing.
In Ledger's case, I think they have no way around it.
And I think that is fundamentally their only path forward along with auditing, et cetera.
It is not a silver bullet solution to anything.
it is at times also just a marketing thing.
It's not a kind of yes-no type solution.
And just to complete and maybe to conclude,
while open sourcing reduces the spectrum of attacks of the system
because you understand better what's going on,
it does not reduce in any way the risk that are user-centric,
the type of errors that a human can make
by using a crypto wallet,
namely backing up the C phrases, somewhere safe.
You know, traditionally they write it on a piece of paper.
Most wallets provide this famous piece of paper.
And people make a mistake usually there.
They forgot to write about it or they write it the wrong place.
They put it in a place that they thought was safe.
And then it's not.
They give it away in a fishing scam.
And so the wallet can be perfectly open source and perfectly kosher.
And yet the user and the risk around him,
because he is a simple human, will still be there.
And so I think it is very, very important to say and repeat and make it extremely clear that something being open source is far from enough in terms of protecting the user and protecting the user from his own mistakes and the risk that are related to the user itself.
All right.
So let's talk a little bit about the future of where wallets are going.
Ethereum is looking to implement account abstraction.
How will that change the user?
experience. I guess I can start on that front. I think there, so we, we need to think about
key management and account management. And I think they're, they're tied together, but they're not
necessarily essentially the same thing. Right. So until now in this conversation, we actually
talked about key management, kind of the offline, you have a key, do you break it? Where do you store it?
How is it access, et cetera. Then the second question is, now that you have this key, what can you do
with it.
Right?
And until today, to your point, most of it was EOAs, externally owned accounts.
You can essentially just sign things, do very basic activities and so on.
Now, to your point, we're moving to a point where instead of EOAs, you move to account
abstraction, which means that you can have a lot more logic that your account has.
Right.
So it's first an important part to remember, it's not, again, it's not a competitor to like an
MPC technology or a, you know, a threshold signature from your secret chair, et cetera,
but rather a way to expand the capabilities of what a wallet can do.
It's a super exciting technology.
We just actually announced kind of a collaboration on that front to spin up kind of ad hoc
account obstruction accounts on dynamic as you log in.
What it allows you to do, though, is allows you to do more clever things on an account.
So as an example, you can now easily sponsor someone else's gas.
So if you're running a game and you want to make sure that someone buys something and only pays for that thing and not doesn't pay for gas, you can do that with account of extraction.
You can also collect 50 batch signatures and essentially, and I'm simplifying this, but essentially to make sure that the game that you're playing does not ask you to sign a private.
key or sign a transaction every time. You can start doing things around social recovery and how
the ownership of your account moves between folks, right? So it allows you to expand, you can start
abstracting payments. So you can start abstracting it. So instead of paying an eth, you pay in
USC, and it happens to be in the background. So it essentially enhances, it kind of takes a very
simple concept of an account inputs, kind of enhances the capabilities of it very, very quickly.
And the beauty, especially about account abstraction, how it's implemented on Ethereum with
4337, is that it does it without requiring an entire change to the kind of Ethereum protocol,
right, without requiring massive upgrades or anything of that sort.
So short answer is it's an extremely exciting thing.
it operates at a different level than everything we talked about on key management,
which it can work very closely hand in hand with.
And just generally, where do you see the direction of wallets going in the future?
What are some new developments you're keeping your eye on?
Or, you know, what are your thoughts generally on where the industry is headed?
So I would say the keyword is security.
It's very obvious that the field is, I mean, this is a podcast.
about, we talk essentially about that, but it's not just by chance, it's because it's still a
massive problem in the industry. You know, I think there's a reason why ledger, which is a
leader in the hardware space, has decided to go that way, because there is still a very
systemic problem with the way people think about their security, or better said, don't think
about their security. And the question is, what kind of design system can you build so that
they don't have to think about all these things? You abstract it away.
so that they can just use it and don't have to go through all this insane decisions about
where to store a piece of paper or where to distribute pieces of code here and there
and how to protect themselves from scammers.
I mean, if that was like that in Web 2, there is no way we would use the Internet as we do today.
So something better has to happen.
And so I believe that the iterations that we will see in the world of wallets,
whether this is through account abstraction, which I think is going to increase security
or MPC, which is sort of account abstraction on steroid,
because it enables you to do the same things as account obstruction,
but on any blockchain, including Bitcoin,
then will enhance the user experience and increase the security
by having to make less decisions about how you think about your security,
about how the authentication works, about how the recovery works,
how you connect to applications, about the transactions that you are about to send,
about all sorts of kind of crazy edge cases that today are on results.
So to me, the direction the industry has to go into is not so much into,
because people talk about always improving the user experience,
but I think it's a false debate.
The real problem that the industry has not solved in the wallet space is the security
user experience, meaning the number of things a user has to think of,
as to do, as to decide, as to remember in order to be protected by default, not by toggling on an
option that costs $999 per month and providing a KYC.
Those things should be a default period and it should be free.
Otherwise, there is no future to crypto.
It's impossible to think that this industry can go on like that.
So to me, the most important thing is doubling down on security and improving all those
elements that we have discussed by iterations of the cryptography, iterations of authentications,
better connectivity, like systems that ITI and dynamic are building up to connect wallets and
applications and to allow users to make better decisions when they connect to apps.
To me, this is really really the future.
And I think we're already multiple steps into it.
I think we start to see already very significant progress, you know, safe wallet, the, you
know, the formerly gnosis is probably the best wallet in terms of account obstruction today.
I mean, it sounds like it's a account obstruction is a new thing, but it's not. They've been
added for many, many years and they have a really, really nice executed wallet. And you
point to me, please, how many times they were hacked. I don't think there was even once that
it happened. So I think we're already in the future, but I think the problem is that the awareness
is still not there. People still believe that the right way to protect themselves is
by choosing open source systems and writing down pieces, you know, 24 words on a piece of paper.
And this is the past.
This cannot be the future if people are comfortable with that so big.
But there is still a billion people to bring to crypto, and that can be the future.
Maybe I'll just add to that.
I think one thing we're very bullish about is that everything on your phone turns into a wallet.
Essentially, you're going to, if you open Robin Hood in two years, that app will probably have an additional tab.
which is a wallet.
And if you open Twitter in two years,
that app will probably have a tab,
which is a wallet.
And the same goes with Coinbase Today
and any other application.
So what you'll see,
I think, in the next two,
three, four years is that everything,
all your existing applications turn into wallets.
In addition,
what you'll see as a part of that
is essentially this hypothesis
of the professionalism of key management
and things of that sort.
You see companies like Coinbase
bring out Coinbase,
bring out Coinbase Wildis Service, which essentially say, or Portal as another example,
essentially say, hey, this is actually going to become extremely complex to manage on your own.
Wallets should not actually be in the key management business.
Let us kind of outsource the MPC solutions for you.
So you're going to see, and we're super excited about everything within kind of, you know,
what's called Wildis Service or even at the more abstracted layer, just key management and
MPC infrastructure or alternatives on kind of on steroids that are going to essentially turn
everything on your phone or everything on your browser into a wallet.
Today you have even at the browser level, you have Brave, you have, you know, Oprah,
which have turned into wallets on your browser.
There's no reason why Chrome doesn't become a wallet within the next one, two, three years.
It is clearly going to go in that direction.
And that's, that's essentially what we're extremely.
extremely bullish about is essentially everything just toggles on into a wallet, which we play on the other
side of, you know, where that means you will interact with every side of an app via that wallet
that's on your phone.
Great.
Well, this has been a fascinating discussion.
Thank you so much for sharing your thoughts.
Where can people learn more about each of you and your work?
Just go to Zengu.com or add Zengo on Twitter.
And for Dynamic, just Dynamic.XYZ, if anyone's curious to play around with the product, there's a walkthrough video.
And if you haven't gotten bored of me talking for the last hour on this podcast, you can listen to Me Talk for another 10 minutes with a walkthrough of Dynamic.
Perfect.
Well, it's been a pleasure having you both on Unchained.
Thank you so much for having us.
Thanks so much for joining us today.
To learn more about Oriole and Etay and Crypto Wallets, check out the show notes for this episode.
Unchained is produced by me, Laura Shin, without from Kevin Fuchs, Matt Pilchard, Zach Seward,
Juana Ranovich, Sam Shreve, Ginny Hogan, Jeff Benson, Leandro Camino, Pamma Jimdar,
Shishonk, and Market Korea.
Thanks for listening.