Mike Belshe, the founder and CEO of BitGo, talks about one of the biggest problems facing crypto today: security. We discuss some of the ways BitGo has resolved this issue, whether that still leads to single points of failure, and what the company’s recent acquisition of Kingdom Trust (a “qualified custodian” as defined by the 1940 Investment Company Act) means for the space — hint, it may have to do with ETFs. We also discuss the recent violent crimes against people in crypto and how everyday people should go about protecting their funds.
Mike Belshe: https://twitter.com/mikebelshe
A Wired article on the BitGo acquisition of Kingdom Trust: https://www.wired.com/story/why-a-tiny-kentucky-firm-rules-a-corner-of-the-crypto-market/
New York Times article on crimes against crypto holders: https://www.nytimes.com/2018/02/18/technology/virtual-currency-extortion.html
Thank you to our sponsors:
Hi everyone and welcome to Unchained, the podcast where we hear from innovators, pioneers and thought leaders in the world of blockchain and cryptocurrency. I’m your host, Laura Shin and independent journalists covering all things crypto. As you heard on the podcast last week, I was at South by Southwest where I moderated panels and spoke with people at several crypto events. I just wanted to take a moment to thank everyone who came out and also to those of you who came up to say hello. I love meeting listeners. It really means a lot to hear from you, especially since when I started this podcast. I never, ever, ever would have dreamed that it would grow to become this popular and actually ever be something other people cared about. Since I’m looking back to when I first started and when this podcast had a tiny audience, I also want to take this moment to thank my first sponsor Onramp and to thank Matt Roszak who introduced me to them.
Laura Shin: 00:00:51
I also want to thank Chris Curran at Fractal Recording who is such a pleasure to work with because he is so chill and to Elaine Zelby who is a master of all things podcast related. Most of all, thank you to all you listeners who have tuned into this show, even though for most of the time I’ve done this podcast, I’ve had pretty much no idea what I’m doing. I’ll be at more conferences in April and May, and so if you see me in person, please don’t be shy about saying hi. Unchained is sponsored by Preciate. Founded by Ed Stevens. Preciate is building the most valuable relationships on earth. Today, Preciate is recognizing someone for a big achievement in the crypto space. Who will we recognize today for their achievements? Stay tuned to find out.
This episode is brought to you by StartEngine. Leaders and innovators in the crypto world are coming together at the StartEngine ICO 2.0 summit on April 20th in Santa Monica. To register and receive a 20% discount, visit startengine.com and enter the code: unchained20.
This episode of Unchained is brought to you by Bitwise asset management. Last year, bit wise, created the world’s first cryptocurrency index fund. The Bitwise HOLD 10. Which holds the top 10 cryptocurrencies and rebalances monthly. The fund has several hundred LPs and is currently accepting accredited investors. To learn more and invest in the Bitwise cryptocurrency index fund, visit is www.bitwiseinvestments.com/unchained.
Laura Shin: 00:02:15
Today’s guest is Mike Belshe, founder and CEO of crypto security company, BitGo. Welcome Mike.
Mike Belshe: 00:02:22
Hello Laura. How are you?
Laura Shin: 00:02:25
Doing great. Thanks for joining the show.
Mike Belshe: 00:02:26
Thanks for having me.
Laura Shin: 00:02:28
We’re going to get into a whole bunch of topics around security including the physical dangers people who hold crypto right now are facing. We’re going to talk about the challenges institutions face with custody. But, I wanted to dive into your background first because I think yours is sort of the classic case of someone needing something and then just deciding to build it yourself. And you actually were on the podcast before, did a SegWit2x, which for the listeners who don’t know what is, there was an attempted hard fork that didn’t quite manage to succeed and maybe a good episode for you to check out if you’re not familiar with that would be the one with New York Times reporter Nathaniel Popper where we discuss the aftermath. But Mike, let’s fill in your personal history. Can you tell us about your pre Bitcoin career, how you got into the space and how you came to found BitGo?
Mike Belshe: 00:03:31
Sure, I’ve been a technologist for 25 years. Doing mostly startups in Silicon Valley? My first startup where I got the taste for, it was Netscape back before that was a public company, back in the mid-nineties. I’ve always enjoyed, kind of the early phase of building product ever since then. So that’s kind of what I’ve done. More recently, I’ve been at Microsoft when they purchased a company I had, which was a email search company before email search was a thing. And, then I landed at Google for a while, where I was one of the first guys on the Chrome team and invented a protocol called Speedy, which later became http 2.0. So if you’re using your web browser right now, you’re probably using that protocol. So that’s a kind of before I got into Bitcoin.
Mike Belshe: 00:04:24
Somewhere thereafter, I started hearing about Bitcoin. I wish like many, I had been a little bit faster to jump in. The first time I heard about Bitcoin, I think I thought it was a scam. The second time I heard about it, I thought it would never work and I don’t know, maybe somewhere around the fourth or fifth time I started reading and then I realized, “Holy cow, this is interesting stuff.” And so I bought some, I helped my friends buy some and kind of being the, the technologist of the crew. I was using cutting edge, state of the art, cold storage, which was on my laptop, which I securely stored underneath my couch at the time. I printed out the backup copies which were securely stored in the laundry room, separate from the laptop. That was a different time and the value on that laptop just continued to grow. And I worried that, something would happen to that laptop. From my history at Chrome, we had seen the stats of malware growing on the Internet and just the rate at which attackers were coming out there. And so I was afraid that someday I would go to plug that thing in and I would get malware on it. I lose the money or whatever.
Mike Belshe: 00:05:41
So I started investigating for a better way and I found a little corner of Bitcoin that was relatively unused, almost completely unused at the time called P2SH. And that’s Pay to Script Hash. And that’s really the underpinnings of multisig technology for Bitcoin. It had been introduced into the Bitcoin network at least a year prior to my having stumbled upon it then. But that looked like a good answer to me because we can start to separate the keys that were used to secure these wallets and build a better system. So that was how I got into Bitcoin. BitGo evolved straight from that.
Laura Shin: 00:06:23
And so for our listeners, let’s just define multisig, which is, I think maybe what a lot of people, when they hear the name BitGo, they think of that as sort of like a signature service that you guys offer. How does that work?
Mike Belshe: 00:06:40
Sure. Well when you get into security, really what it’s mostly about is continually breaking down any single point of failure. So a single point of failure, a simple example is while it’s at the time, we are just a single private key, right? So you had an address which is the hash of the public key and the private key protected it. But if you lose that private key, if you encrypt it and forget the password, if your hard disk crashes, if you get malware on your machine that’s able to compromise it, that’s a single key that can be lost. So to secure it tighter, you can split that into multiple keys. So the simplest example is you split it into two keys and now an attacker would have to get two keys. And then you can then take those two keys, you can put them on two machines, you can take those two machines and give them to two people. You could take those two people and you can put them in different organizations, you can take those organizations, put them in different countries. Put them in different jurisdictions, geographies, et cetera. So you just keep splitting it apart and then he can go from two to three to four. So each one of these can add additional security and there’s other techniques that we use also with multisig related to helping with kind of backups. And the sad truth of public key infrastructure is that humans can and will lose key material. And so if you have a wallet which is dependent upon to two keys and one of those keys is lost or compromised in any way. You could be out of your money. So we’ll use backup keys and this is where we’re using MofN model. So we used two of three mostly at BitGo. So additionally, you can create kind of a backup key where instead of just having two out of two signatures or three out of three, you can do it so there’s two out of three or two at a four and you keep a couple of backup keys in case people do lose their keys. So all in all, that’s what we do at the lowest level with multisignature and its the underpinnings for a number of other security mechanisms that we provide on top of that.
Laura Shin: 00:08:38
Well, so one thing that I was wondering about what you were describing here is I feel like there’s a tension, right? If I have money, if I have some sort of crypto, then I totally get the security of splitting up the keys between different people and across different geographies and jurisdictions. But, if it’s my personal money then I need to suddenly let these other people who hold part of my private keys know what I’m sort of doing with my money at any given time. Right. So how does that part of it work?
Mike Belshe: 00:09:23
That’s right. It’s all a trade off. So at the simplest level of having two or three technologies, fantastic. We can bury this behind technology in ways that you don’t even see it. So it really looks just like any other single signature wallet and we can do some automated co-signing or some of those keys are running automated rules that are set up in advance. You can do others that are with close friends so that they’re actually approving, or you could do remote friends, or other companies and obviously the more parties involved and the farther away they are geographically, especially if there’s time zone differences that can cause delays. But, at some level for the deepest security, you do want more of that. I think increasingly this year, we’re going to see multi-tiered wallets coming out where at the coldest level, they’re using a number of people that are hard to pull together and do take time to get together. And then at the shallowest level, the more hot wallets, it’s almost completely automated. So, you can use a blend of this and it allows you to mix the needs of fast access with the needs of deep cold storage.
Laura Shin: 00:10:29
OK. So no matter what, essentially I do have to give up some privacy to do the multisig. Like there’s no way around that?
Mike Belshe: 00:10:38
Well, there I was referring to time to access your funds more than privacy. Privacy is another issue. But, I think for the most part, folks that are looking for this type of security, of course they’re looking for privacy of their overall balances. But that’s been less of an issue. I mean keeping it safe is first and foremost what they need and the privacy that you give up here is I think minimal. But yeah, that’s a concern.
Laura Shin: 00:11:07 OK.
And then when you talked about time, is that some sort of like built into delay for transactions over a certain threshold?
Mike Belshe: 00:11:16
It certainly can be. So that’s one of the policies that we do offer is just the ability to say, “Hey, look, if you have a transaction that’s more than $10 million, I want to have a 24 hour delay on it and we want to be notifying these 10 people regularly during that 24 hour period.” You can do that.
Laura Shin: 00:11:33
Is that from Emin Gun Sirer’s idea? Because he was on the podcast and talked about something like that. I actually forget the name of it.
Mike Belshe: 00:11:44
There’s been time-locked transactions, there’s a number of technology mechanisms for implementing this. He had a vault proposal that he had put together, which was sound and I forget the specific details, but it probably had something like this. I think he was trying to push these rules all the way down to the chain, which I believe is a good idea by the way. BitGo sits on top of the chain in many ways. We use multisig at the chain level and then we provide a couple of layers of security on top of that. But the safest way to store your coins is actually move these rules into the blockchain directly. So that hasn’t happened in Bitcoin. It could be that someday we see a secure coin that actually does push it all the way down to the chain.
Laura Shin: 00:12:30
Yeah. I feel like I actually might have even seen on Twitter that he said something like, “Oh, there’s this new token that is incorporating this idea.” But I don’t remember which one it was. We’ve been kind of getting into the weeds, but I actually want to step back and just ask you, what do you feel are the main problems around security and crypto overall?
Mike Belshe: 00:12:53
Well, I think we’ve continued to see breaches. I guess in my view, the digital world is inheriting a problem that our banks never solved, which is they never solved the security and they’ve been digitally moving money in traditional banking systems for quite some time, but they guard it and mask it with human labor and slow policies and layers and layers of insurance basically. With your Visa, Mastercard, of course, we’re all familiar with paying 3-5% between the purchaser and the seller. Back to Visa, Mastercard, and that covers the fraud, right? Why is there fraud? Because they never fully solved security. At the banking level, we have the same issues. We have wire transfers that go at the low level, say less than 100,000 dollars to $50,000 fraudulently, thousands of times per day. It’s a major problem. This is because identity is not fully solved for banks.
Mike Belshe: 00:13:59
So as we come into the digital world, where the escape is so easy, once you manage to get your hands on the digital money, you’re out in an irreversible way. The consequences of not having the security layers or security points solved is far more severe. And we’re seeing that. So exchanges keep getting hacked. Other businesses keep getting hacked. I think primarily it’s that people are trying to move fast. It’s a competitive world. They’re trying to build products and while we all say that we want to put security first, it’s actually very hard in practice for companies to do that. So oftentimes they learn the hard way and consumers deal with it. So we do know how to secure these digital assets, it’s hard. It’s not always the fastest thing to do. Somewhat ironically, it does mean going back to some of the policies that traditional finance uses in terms of making sure that human guards are in place. But, it’s a complicated problem.
Laura Shin: 00:15:04
Hopefully in the future we wouldn’t need human guards and we could solve it with software somehow. Let’s now dive into the exact products and services that BitGo offers and how those have evolved over time. We’ve sort of touched on this a little bit, but I just want you to give the overview of all your main products and which ones you started with and when, and then why you added on these new services?
Mike Belshe: 00:15:35
We started out as a non-custodial wallet and we used multisig as a mechanism to do it. So, although securing digital currencies is difficult, we very much believe in the ethos of what you get from Bitcoin, which is the ability to kind of hold your own asset and stay secure. So we’ve been trying to make that work, I think fairly successfully for the last several years.
Laura Shin: 00:16:02
Just for people who… some of this is a little bit jargony, when he says non-custodial wallet, that means BitGo isn’t holding the funds, in like offline servers or anything like that. Like you still remain in control of your funds.
Mike Belshe: 00:16:14
That’s right. What we mean by a non custodial is that, you’re not trusting a third party, like BitGo to keep everything safe. Literally with our non-custodial product BitGo can disappear off the face of the earth suddenly. And you still have all of your money. And that’s a key critical elements of the first phase of what we’ve done. That solution has been deployed to hundreds of exchanges and broker dealers and payment processors. Even some hedge funds out there, all around the world and they like it a lot because they don’t want to trust somebody else to keep everything safe. You hear a lot in the Bitcoin ecosystem about trusted third parties. And if you talk to security experts, they’ll tell you, trusted third parties are very difficult to manage over the long-term. They often become the problem.
Mike Belshe: 00:17:09
And, one of the great things about Bitcoin is that it’s created a mechanism where you can control your own assets and can have control yourself. However, Bitcoin hasn’t fully solved the problem from a usability perspective. Which is that frankly, none of us are security experts and securing your own keys when it’s $200, $1,000, maybe $10,000 is OK. But I can’t tell you how many people I’ve spoken to you that are absolutely terrified that they’ve got $150,000 or $15 million or $50 million that is completely at their own security level. Like they’re responsible for everything. So the backups, did you put them in banks properly or are you protected if your house burns down? Do you have malware on any of your computers? Is someone trying to attack you? Is there spear phishing going on? I mean, all of these threats are real and we usually don’t think about them.
Mike Belshe: 00:18:01
Just to give an example. We had we had a customer sign up with us. I think it was mid last year as Ethereum was really going gangbusters and they were excited. They love the BitGo multisig wallet that they were getting with ether. We signed them up and they started using the product. About four weeks later, they called me up. They’d been hacked. Now they hadn’t lost a dime through BitGo. BitGo was safe. And in fact, they’re still a customer today. But they had lost on the same day, $1.5 million on Kraken and half a million on Coinbase. And what had happened is that they just didn’t realize how important the security elements, which they needed to walk through are. They’ve seen metaphors with their traditional finance, like your wellsfargo account, which led them to think they were safe. Specifically, they wanted to be able to trade on the exchanges. They created a shared account with a shared email address so that a couple of guys at their firm could trade and they thought, “Well gee, we’re not going to use two factor auth. I mean, we don’t need it for a wellsfargo account. We’ll probably be fine, and if we turn it on then he can use the account, but I can’t use the account.” Right? So net result is they didn’t use two factor auth. Long story short, their email had been compromised before they ever even owned a bitcoin. The hackers were already in their email servers. So the hacker saw that the signups coming from Coinbase and Kraken and waited for the money to get deposited and took it all out. So, this is an example of how the onus was on them to secure their coin. They didn’t really understand how to do it. They didn’t understand how important it was, the metaphors that they have from traditional finance did not lead them to success. And as soon as they got out of a system which requires independent usernames, passwords, a shared wallets. Bitgo does all of these things. Bitgo requires two factor auth. You can’t get out of it. And that’s why their BitGo, was not compromised, but the other accounts were. Anyway, securing assets is something that we’re just not familiar with.
Laura Shin: 00:20:06
So for something like that, do you have any products or services that would help someone keep their coins on an exchange? Secure?
Mike Belshe: 00:20:16
Yes. So in terms of the Bitgo product line, first we have the non-custodial wallet, which is what they’ve been using, so they have two keys themselves and we walked them through, a more complicated provisioning process for setting up the wallet and, those wallets were kept secure. Additionally, BitGo has just entered into an agreement to purchase Kingdom Trust, which is a state chartered trust company, which is a limited purposes bank out of South Dakota. And the purpose of us acquiring that company, which is pending regulatory approval at this time, is to start to offer custodial services. So as much as it’s powerful and important to make sure that we are not trusting third parties to keep us secure all the time. There’s a number of cases where people really do need it. So if you have a business, and of course there’s multiple parties at the business, maybe you’re running a hedge fund. You very much want to have a security system in place that protects against insider theft, coercion, of course, all of the basic losses, password loss, hard disk crash, malware, et cetera. And it’s really difficult to do this inside of your office. So a hedge fund, for instance, has never taken direct custody of assets for any other asset class, but the idea that they would do it for digital assets is scary to them. And the types of money that they’re talking about, which is hundreds of millions of dollars, makes it really important. So they do have oftentimes fiduciary responsibilities to their customers to find the best way to secure their assets and they have traditionally used banks, trusts, and others that are really experts in securing whatever the asset is. So, for these folks we’re building a custodial solution. This is one where you actually do give the keys to a trusted third party. I think we will continue to evolve those solutions over time so that the trust is not the same as the trust was with a traditional bank like, you may have put your money with a particular hedge fund advisor, maybe you put your money with Bernie Madoff and trusted that he had the assets, which he didn’t. We can make it, thanks to blockchain technology, we can make it far more transparent so that customers still get benefits of knowing that their assets are there, being able to monitor them, while also getting benefits of the security that comes with hiring professionals to take care of the keys.
Laura Shin: 00:22:48
So how does that work… let’s say that I’m a hedge fund and I want to use what will eventually be your new custody solution if this goes through…. I’ve talked to some of the crypto hedge funds in this space and I know for instance, they are buying hardware wallets like a ledger or trezor or whatever and putting coins on there and then they have this elaborate method for ensuring that nobody tampers with it. I don’t know if people have heard Ari Paul talk about this, but he says that they wrap them in bubble wrap and then, they create a pattern on the bubble wrap in glitter nail Polish. And the reason that they do that is because then they, I suppose photographs the pattern that it creates. And then when they go to open it they can see whether or not the, the glitter nail Polish has a different pattern or not. But obviously this is something that he’s doing in person. So he needs to be able to physically access those devices. I don’t know. Is your solution something different? Because I don’t imagine you’re just gonna put a whole bunch of different physical locations all across the world’s for people to access. So how will that work?
Mike Belshe: 00:24:16
I think it is a great example. In that case, he’s taking responsibility for physical security of those small personal devices. That means he has to protect it from fire, so he has to have a backup somehow. He has to protect it from tampering. That’s what he’s doing with the bubble wrap. He needs to protect it from just being hacked. It’s only got a small pin code, if somebody knows your pin code, that’s a problem. He needs to protect it from insider theft. What if the people that are legitimately at the firm, that do know how to access it, decide that it’s time to take the hundred million dollars and go, it’s difficult to securely protect things. We don’t have anything else. Fund managers have never taken physical security of assets on anything else. So he’s trying to solve a difficult problem. Another, often forgotten problem that can emerge just like, OK, let’s say he does that and then heaven forbid, you know, he should become incapacitated or pass away or whatever unexpectedly. How does the firm recover the funds? Did he put in sufficient backups with instructions to others such that they can recover the funds and if he did, how do you do that so that he didn’t expose his customers to other forms of insider theft, where now there’s two or three or 10 people at the firm that would have the ability to access the funds. Now all these things are manageable and solvable. You can come up with mechanisms for backups and you print them and you’ve got the USB storage and you can protect it from different types of attacks and you can put that into bank vaults and you then can have one in New York and one in San Diego. But, most people have not had to secure assets where they think about all of these edge cases. So as a custodian, we can think about all these edge cases. We do take care of backups that are stored across geographies. We do take care of making sure that no single person has access to enough key material. We are able to do key ceremonies to make sure that the keys are securely generated. We’re able to do all of these processes and procedures to keep your money safe.
Laura Shin: 00:26:26
So if the Kingdom Trust deal goes through how is that going to look? Let’s say that I’m a crypto hedge fund and I decided that I want to do business with you then is it a similar thing where my coins are going to be held on physical devices that are somehow in your control or I don’t know how this works because presumably things need to be kept off line, right?
Mike Belshe: 00:26:47
First off the product is available today, so BitGo and Kingdom have been working together for a couple of years now and evolving this product. So one of the reasons the merger of the two companies made a lot of sense is because we have a history of working together. We’ve been providing both individual accounts, individual retirement accounts, security as well as for funds for some time. And the way we do it is multiple, offline vaults. So yeah, everything is air gapped. Nothing is online. We know the procedures and processes for using the software offline. We use, a system of checks and balances actually for a fund where, it starts out with a fund requesting a transaction to be made that’s verified both electronically and out of band, not electronically. And then a second request is made from Kingdom Trust over to a secondary vault, which is in a remote location. And there it has to be again, out of band verified that this really is Kingdom Trust and then it gets verified all the way back to the customer again. So you’ve kinda got this checks and balances system, where all of the parties involved are checking all of the other parties and we think it is very secure and it’s all offline and it uses best practices and state of the art.
Laura Shin: 00:28:04
So then in terms of protecting against insider fraud or theft, then is it that this is split between, for instance, let’s say the hedge fund itself as well as BitGo and then, do you know what I’m saying? Like is that how…
Mike Belshe: 00:28:24
So in the case of where, who holds the keys. No, usually we don’t give the hedge fund a key actually, because even if you give one key, they tend to lose them, forget passwords, et cetera. And that creates a big problem for everybody, including the hedge fund. But we do separate all the keys across different groups. No single group of people has access to multiple keys. And in fact, even myself, I cannot actually go and get people to put together enough key material. One of the things you’ve been reading in the press lately is about physical threats where people kidnap you and force you to do stuff until you get a transaction signed. So we of course, are very concerned about the safety of our employees. And we have built a system where we believe that that is just not possible. Banks have been doing this actually for some time. Like the bank vaults, at your traditional Finance Bank, they only open during certain hours and you simply cannot open those vaults. They won’t open in middle of the night. You can’t kidnap the CEO of bank, take them down to the vault and make them open it. By using multiple unknown locations for where the keys are and using many of those keys across separate teams. Then by not disclosing to any one person who all of those teams are, we can actually take out this threat.
Laura Shin: 00:29:49
But all of those teams are within BitGo?
Mike Belshe: 00:29:52
Technically. Yes. But nobody knows who they all are.
Laura Shin: 00:29:59
It almost sounds like a single point of failure almost.
Mike Belshe: 00:30:03
It is true. I mean, you’re correct. Like when you’re trusting a third party, you’re trusting a third party, but the problem is, is that when you have a fiduciary responsibility for $100 million or a billion dollars, who’s going to be able to deal with that? Are you going to take it to a bank? Or, are you going to take it and try to build all the security mechanisms in your hedge fund? Of course, the hedge fund can’t do it. So I think over time we’ll build these systems, you know better and better and you’ll have control over your funds, and yet we’ll also be able to solve these security mitigations.
Laura Shin: 00:30:38
We’re going to discuss best security practices, violent crimes against people in crypto and more. But first I’d like to take a quick break to hear from our fabulous sponsors. Founded by Ed Stevens. Preciate is building the most valuable relationships on earth. In each episode of Unchained. Preciate sponsors the recognition of an individual or group in crypto for an achievement. This week we’re recognizing Jinglan Wang, executive director of the Blockchain Education Network for a cool achievement. Jinglan hosted a party in San Francisco for women in blockchain to have fun and make a new friend. She made it happen by getting donations, organizing the event at a club, and then making sure everyone had fun. Awesome job Jinglan for going above and beyond.
Bitwise asset management is the creator of the world’s first cryptocurrency index fund. The bitwise HOLD 10. The fund holds the top 10 cryptocurrencies by five year diluted market cap, rebalances monthly, and takes care of secure storage and taxes. It’s an easy secure way for long-term investors to get diversified exposure. Bitwise is backed by Kholsa Ventures. General Catalysts, Blockchain Capital, Naval Ravikant, and several others. They’re a trusted partner to individual investors, wealth managers, family offices, and large institutions who are navigating the crypto space. The fund has several hundred LPs and is currently accepting accredited investors. To learn more about the Bitwise cryptocurrency index fund or download research, visit www.bitwiseinvestments.com/unchained.
The growing crypto ecosystem is being challenged by uncertainties and regulations and StartEngine is here to help. The SEC, CFTC and state administrators have been issuing subpoenas by the dozens. How’s this going to affect ICOs and exchanges? This is why StartEngine is launching its second edition of the ICO 2.0 summit cosponsored by tZero on April 20th in Santa Monica. This year’s theme is the path to liquidity. Leaders in the crypto world will be coming together to discuss how to move forward with regulated ICOs and regulated exchanges. Come and hear, crypto innovators such as Patrick Byrne, tZero’s CEO. Gil Penchina, Nathan Latka, and many more. To register now, and receive a 20% discount. Visit startengine.com and enter the code: “unchained20” to attend this incredible summit.
Laura Shin: 00:32:56
I’m speaking with Mike Belshe, the CEO of BitGo. We’ve talked about the Kingdom Trust deal, but haven’t explored it fully. What is the significance of that deal?
Mike Belshe: 00:33:03
Well, for the last several years people have gotten very excited about Bitcoin, digital currencies, mostly in the retail space. And the institutional markets have been unable to participate. So we don’t have funds really. We don’t have a lot of the traditional market participants and we’re still figuring these things out. But, when you do start to look at what a hedge fund, an asset manager or any traditional finance company would need in order to participate in digital currencies, they’re looking for custodians. And we’ve had this thing called the 1940 Investment Act around since 1940. It defines a notion of a qualified custodian and `the markets that we have and the structure that we have for stocks, bonds, pretty much any asset other than crypto is very different than what we see in the crypto world. Now you can love it, you can hate it, but part of its design is around safety of money, which I think everyone actually appreciates.
Mike Belshe: 00:34:04
So where we’re all familiar with Bernie Madoff. He was a guy that said he was holding onto a bunch of assets on behalf of his investors and he was not. And so, the SEC made updates to this just a few years ago and declared that, “Hey, if you have a fund, an SEC regulated fund with more than a $150 million worth of assets in it, you are required to use a qualified custodian.” So in order for those types of folks to participate in digital currencies, we simply have to have custodians. They play a real role which keeps owners and businesses alike safe. And we think that this BitGo plus Kingdom approach is the first of its kind. And it’s going to be enabling a whole new set of financial products and a whole new set of institutions to participate in digital.
Laura Shin: 00:34:52
And what are some examples of those new products and new institutions that you think can participate in this ecosystem?
Mike Belshe: 00:34:58
Well, we’ve been hearing about them for the last several years. I’m not sure how many folks tried have to put together ETFs and the SEC has come down every time and said, no, no, no. But, just in January, the SEC issued a new letter and they outlined a set of questions. So they set a fairly high bar, frankly, for what’s needed in order for an ETF to be approved by the SEC. But at number two on their list is custody and they called out this exact issue, which I just described, which is, all right, if you’re going to have an ETF that’s going to hold these digital assets, who is the qualified custodian? This is standard par for the course for how the SEC would look at any ETF, non-digital. They’re just looking for similar analog in the digital world.
Laura Shin: 00:35:42
And can you define “qualified custodian” for me?
Mike Belshe: 00:35:44
Well a qualified custodian is defined by the 1940 investment act. It’s a custodian that adheres to that legislation and regulation. Kingdom Trust is a qualified custodian, for instance. What custodians do, it sounds like it’s complex, but it’s actually fairly simple. At the bottom of it is safe keeping of the assets. Obviously you need to keep everything secure in the digital world. That’s primarily technology and security. Above that you have a bit of compliance that happens. It’s about, make sure you’ve got a AML/KYC of the customers. Making sure that the daily prices or the value of the asset is marked in a regular way back to US dollar in an audit-able and verifiable way. And that’s pretty much what a custodian does.
Laura Shin: 00:36:34
And who are some other people that can benefit from a qualified custodian?
Mike Belshe: 00:36:39
Right now BitGo is primarily focused on the institutions that are moving more aggressively and that is a number of funds, index funds, maybe in the not too distant future it’ll be ETFs. But actually, pretty much any financial institution that’s holding Bitcoin for any reason, probably wants to rely on a custodian. So if you think about how you hold bitcoin when it’s yourself, that’s one thing you could hold the key, you trust yourself, et cetera. But it’s very hard to have that within a business organization where you aren’t opening yourself up to insider theft. So generally, anybody that’s holding on behalf of others is going to want to use that. Another place though, where custodianship becomes interesting is even for just large net worth individuals. So ironically, although digital is great because you hold your own keys, you can keep yourself, it’s very difficult to do that. And unlike any other asset, whether it’s real estate or whether it’s your bank accounts, your stocks and bonds, there’s nobody you can go to if you lose the keys. So, if you lose the deed to your house, you go down to the city and you get them to give you a new copy of it. If you lose your driver’s license and all your ID in a fire or whatever, you can go down to the DMV, you can go to the banks, you can them in order. But with your digital assets, you can’t, so once an individual gets to a large amount of digital asset, they run into this problem like, “wait a minute, how do I store it and how do I store it in a way that I can pass these millions of dollars onto my heirs?” So thinking about the problem of like, “all right, I want to pass this on to my heirs, but if I leave instructions with my lawyer describing how to access the private key, how do I ensure that my lawyer isn’t going to run away with the money right now.” He’s a lawyer. Maybe you trust it and maybe you don’t maybe you split it into multiple parts. It’s a relatively easy to shard a key. It’s a little harder to shard a lawyer.
Laura Shin: 00:36:39
So how does that work. He would use a qualified custodian? Is that what you’re saying?
Mike Belshe: 00:38:32
Custodians certainly are a very good answer right now, I mean with a custodian, of course you have to choose your custodian wisely, but you can set up beneficiaries, right when you create your account and then should you pass on, there is a very known process for how your trust or your heirs can access those assets.
Laura Shin: 00:38:51
And something else I was wondering about, is digital custody different from other kinds of custody?
Mike Belshe: 00:39:00
Part yes, and part no. We talked about, safe keeping and compliance, verification, record keeping. The rules which apply to being a custodian of a digital asset are the same as what it would be for any other asset and from a regulatory perspective or legislative perspective, I think that’s the way it should be. However, when we think about custodianship, we think about banking. When we start to think about the existing models that we have in our industry about how banks and custodians work and some of that we like, when they keep our assets safe. And, some of that we don’t like, when they lose it. With digital assets, we have an opportunity to modify custodianship so that we can still have the benefits of the digital world. For instance, seeing your funds transparently on the blockchain, anytime even though it’s with a custodian, you can actually verify this. So then the second thing we can do is we can use multiple signature in very interesting ways so that you always are a participant in transactions that are related to you. So you can still have someone else have custody, but you can participate in it. And that’s a mathematical, verifiable thing so that no one can say that you authorized something that you didn’t actually authorize.
Laura Shin: 00:40:12
That all sounds very interesting. So what do you think are the best things for everyone from users to businesses to do, to manage their crypto? Let’s say that I’m just starting out and I meet you, at a bar or something and I’m telling you, “Oh, I just bought some bitcoin.” What would you recommend to me to keep it secure?
Mike Belshe: 00:40:45
Well, first, I need more information? So for everybody, it depends on how much value you’re securing. The amount of time and money that you spend securing an asset is proportional to the value of the asset. So if you bought your first $10,000 worth of Bitcoin, I would tell you to go put it into an online BitGo wallet and not worry about it. You could also use a hardware device if you like, that the ledger devices are very good. They’re designed for individuals and consumers. So they work great. If you’re an individual and you are storing millions of dollars, then you have some more issues. So A, you would need to use the more advanced security features, which takes some time. You can use a lot of them directly from BitGo. Specifically, you’d want to have some amount of redundancy in case something should happen to you so that you can pass your assets on to your heirs. And there’s some mechanism for doing that. You may actually, if you want to just avoid the technology, you may just want to be able to give it to a bank. So a Kingdom style individual account could be useful for a small, multiple million dollar type of account where you need a beneficiary and whatnot.
Mike Belshe: 00:42:00
Now if you’re a business it’s a different story. Businesses come in all forms. Some are looking to just buy and hold, others are transacting and depending on the situation there, you may need multiple wallets and you may need just one wallet. And then how you secure it is going to depend on how much money’s in with it. With a institution typically we’ll help the institution identify key players that will be active participants in the wallet. We’ll make sure that the backups are all setup right and we’ll lead them into cold storage.
Laura Shin: 00:42:37
And earlier when you were talking about how if one of the key players died or something, then they would still need to let people know how to get in. How do you manage something like that?
Mike Belshe: 00:42:50
So BitGo provides that today. That’s something we’ve been doing for several years now. So with BitGo, you can have multiple people on a wallet that share that wallet in a secure way. One of the challenges of Bitcoin and digital currencies is that the blockchain just knows about keys right. So you can create a wallet with many keys, but to the blockchain, all of those keys are equal. It doesn’t know that one of those keys is held by the CFO, or one of those keys is a controller and one of those keys is a lower ranking employee. BitGo allows you to have a layer on top of the blockchain which defines all this. So you can give particular rights to the CFO. That’s differentiated from the folks that are spending money, which is differentiated from a secondary team, which is for backup purposes. You can then route approvals between these teams as appropriate for your business. What we find is that each of the businesses that comes to us has slightly different needs in terms of how they run their back office and how they want to manage their compliance and their risk. Hopefully that makes sense.
Laura Shin: 00:43:59
I wanted to also go back to this question about exchanges. Obviously last year or two years ago now, there was an issue where Bitfinex was hacked and BitGo was involved in helping to secure the funds on Bitfinex. So what exactly happened there?
Mike Belshe: 00:44:22
Bitfinex has never fully released the details of what happened. I’ll tell you a few things. Bitfinex was breached. They were hacked. They were pretty significantly breached for a long period of time. And, eventually the hacker was able to steal the money.
Laura Shin: 00:44:42
But what service were you providing? Because presumably it was a service where that shouldn’t have been able to happen. Correct?
Mike Belshe: 00:44:49
Well, in the non-custodial model, remember the customer still has two keys and is a critical part of security. In this case, the customer did not keep all of their authorizations separate, on separate machines, independent from everybody, and it did lead to a breach. So, I would love it if Bitfinex would publish the full report so that everyone could know exactly what happened. Obviously for confidentiality of our customers, we can’t release it ourselves. But, they did admit fault within just 24 hours or so publicly that it was on them.
Laura Shin: 00:45:28
So this is the kind of thing where for the service you were offering, there was a way to do it that would keep things secure and they didn’t follow that protocol. Is that what you’re saying?
Mike Belshe: 00:45:41
That’s absolutely right. So, after that event, of course, there were a number of audits, both internal and external done on the BitGo service. The Bitgo service itself did not have any flaw, was not breached in any way. Obviously, if you don’t keep your keys and your credentials safe and secure and you let attackers get them, then things can happen. And we made a couple of changes. We no longer trust our customers to keep their, policies protected. We no longer trust that they will keep their policies protected and we lock them down more. But there was nothing wrong with the model that they were using. It’s also a good example of why custody actually is necessary in a lot of cases. At the end of the day, Bitfinex, they have a lot of things to do. They want to run an exchange, they’d probably never actually wanted to hold the asset directly. If you look at other types of exchanges for other asset classes. The exchange never holds the asset. This is a pattern which is unique to digital currencies. So their job is to go make a great trading application, yet they are saddled with security and what they really want to do is to be able to have their cold storage just be super secure. I don’t think that they are ever going to be the best at doing that. And hiring that out to somebody else could be a beneficial thing for everyone involved.
Laura Shin: 00:47:13
Wait, so there was something I didn’t quite follow there. You’re saying that most exchange actually don’t handle their cold storage?
Mike Belshe: 00:47:25
I didn’t say that. No. The way digital currency exchanges have evolved, initially there was no bank you go to, there was no custodial solution, so they had no choice except to take custody directly. And in fact, even today, there’s basically none. There’s no independent custodian that will hold digital currencies for you. Now Kingdom and BitGo are the first one here in the United States. So now these solutions are emerging. Anyway, these guys grew up, these exchanges grew up without having the option of giving someone else custody. They didn’t have any reputable vendors. But this is emerging as the foundation of the ecosystem gets stronger. By the way, are you familiar with… did you see the SEC letter that came out mid January about what would it take to have ETFs be successful?
Laura Shin: 00:48:13
I don’t think so. No. Why?
Mike Belshe: 00:48:14
Well, it’s a great letter. The SEC set a very high bar in terms of what needs to happen in order for ETFs to be approved. They raised a number of questions about market manipulation and other things, but a huge part of that was custody. The SEC said, “How can we have an ETF until we have a good, reliable 1940 Investment Act compliant custodial solution available for digital currencies.” I think that very much is relevant here. So the exchanges that exists today, there like financial institutions, but they’ve haven’t had anyone that they could go to as an independent qualified custodian in the past and that’s changing.
Laura Shin: 00:49:05
That’s actually something I was going to ask you about because earlier when you said that Kingdom, the service that you’ll offer with Kingdom Trust is the only one like that. So obviously we’ve had this announcement about Coinbase custody and then Ledger is offering… I’m just blanking on the name, is it Ledger Enterprise I think is the name? Which is their own custody solution. And then there’s also another project that I know about or that hasn’t been announced yet. So how does your service offer different from those other ones?
Mike Belshe: 00:49:41
Well the main thing is that it is shipping today and probably the largest cold storage installations in the world. So Coinbase did announce that they’re going to have a product. And, I’m sure they will have a good product. They do a lot of good stuff, but Coinbase is a consumer company. Their main job is signing up 100,000 new consumers every day. And I think they do that reasonably well. Obviously they’ve had a lot of site outages at peak periods, but I think that’s going to be their main focus, whereas we’re an institutional product. I think Coinbase getting into the institutional space is going to be a different challenge for them. Ledger is a great solution. They’ve been building hardware wallets. You can use actually a ledger device as part of a BitGo solution if you want. We do support that as like one key of many in the BitGo products. They’re a little bit more of a role it yourself, so they provide, underlying technology. And then if you want to go and open up satellite offices in multiple geographies so that you can do multisig around the world, you can do that, but they don’t provide a service around it. Actually, I’m not a hundred percent familiar with all of what they’re offering on their enterprise product. But when I last spoke with them, they made it pretty clear that they wanted to support the underpinning hardware and technology. So it’s more of a role it yourself type of solution.
Laura Shin: 00:51:09
But what you were saying about Coinbase earlier about how they mainly are more retail focused. I actually think, with GDAX as far as I understand, that the clients there are institutional players or tend to be a little bit more. So I don’t know if this is like exactly completely new for them because, who do you think are the customers for these kinds of products?
Mike Belshe: 00:51:38
Well, I think you could ask Coinbase better if you want to know who their customers are…
Laura Shin: 00:51:45
You know generally including for what you’re doing with Kingdom Trust?
Mike Belshe: 00:51:49
A tremendous number of folks have come out of Coinbase to BitGo actually in the last six months. I think the first thing that really highlighted it for hedge funds was when we had the Bitcoin Cash fork back last August. At that time, a number of these folks had literally hundred million dollar balances that they had just stored at Coinbase. And these were long hold players. And suddenly they realized, “Wait, I’ve got millions of dollars in Bitcoin Cash and I can’t get it. How do I get it?” And that was when they realized that there’s a big danger in not having access to the keys themselves. Now Coinbase, they finally did release the Bitcoin Cash, but it opened people’s eyes to this issue of how do I make sure that I’ve got a custodian that’s gonna keep me safe through forks and things like that.
Laura Shin: 00:52:36
So let’s also talk about what you’re seeing in terms of the clients that are coming to you. What do you believe is the average crypto hedge fund managers understanding of security best practices?
Mike Belshe: 00:52:53
Well, the early ones that came in are actually relatively good on their understanding, but they don’t have technology solutions combined with policies and procedures that they want. And I think they actually are aware of their own shortcomings. In terms of the average hedge fund. I would say it’s actually really low. I think these guys primarily have been dealing with different types of assets in the past. And their job is around building that fund and that’s their expertise. They’re certainly not security experts. So pretty much all of the funds have been clamoring to find a solution. And a lot of them have been coming to BitGo.
Laura Shin: 00:53:35
And then do you see any misconceptions or sort of outrageous ideas around how to keep things secure where you feel like, “Whoa, whoa. You know, if you’re going to be in charge of other people’s money, maybe you need to get this part straight?”
Mike Belshe: 00:53:52
I think when they’re coming to us, I feel pretty good. I mean, we’re trying to provide that for them. They shouldn’t have to worry about all of these details. So they’re looking for BitGo to help solve those problems. One of the challenges that I have had to answer a few times, but people get it. Sometimes they’ll say, “Hey, you know, we want to be able to make a withdrawal and have the money two minutes later.” Well, that’s OK for small amounts of money, but that’s just not OK for large amounts of money. It’s just a fact that when you want to deeply secure large amounts, I’m talking about hundreds of millions of dollars here. It’s not going to be at your fingertips every minute. So there’s been a little bit of expectation setting there where they kind of want real time access, but they also want it super secure and this is a trade off with that. Of course they have to choose between. And then once they hear the reasons why, they get it. And then you combine that by using a married hot wallet plus Cold War solution. And this is one of the beauties of what BitGo is doing first with the non-custodial hot wallet that we did, now combined with the custodial solutions that we have. You can actually do both and still have real time access and the vast majority of your funds are deeply secured.
Laura Shin: 00:55:07
This thing about using a time delay for security, do you think that that’s something that we won’t need some day? Do you think that the technology could evolve to a certain level where they can store hundreds of millions of dollars but then also have access within two minutes and keep it secure?
Mike Belshe: 00:55:34
Maybe, I think its a far way away. And, I don’t think it’s the right thing to be worried about. I think the first thing we need to be thinking about right now is security of the assets. And the fact is, is that when somebody comes to you and says that they’re Laura Shin, you don’t know that it’s Laura Shin. Right now, I do not know that I’m talking to Laura Shin. I’m pretty sure I met you in person, I recognize your voice, but if I had a staff of customer support people and you’re calling into them and saying, you’re Laura Shin, how do I know your Laura Shin? So obviously we can use technology, we have private keys, we have many private keys, but how do we know that Laura Shin wasn’t hacked on her private key? How do we know that she wasn’t phished on her two factor authentication? All of these things matter. The only way that you can do this today, and this is just the way it is, is to take things slow for the large amounts of money. In the future, maybe we’ll get there, but right now we’ve got big problems. Like if we want this industry to grow up and get serious. We need to solve the security problem. You can’t have the underlying asset disappear. It’s just not acceptable. So the first thing we need to do is lock it down. Even if that does mean it’s a little bit slow to access and then secondarily we can start to figure out how to make that faster.
Laura Shin: 00:56:43
So in 2017 we saw a number of physical crimes against people who own crypto in different countries around the world. This is something you alluded to earlier and we’ve even seen these crimes here in the US. There was a Japanese woman who was actually murdered over what was a relatively small amount of Bitcoin, I think it was… I did the conversion on it, and it was like $100,000. Most of the other crimes around millions of dollars at least. But there were some other people who were kidnapped for ransom in places like Ukraine and Turkey and then others were held at gunpoint and forced to transfer money from their private crypto address of the mugger. So are there security measures that people can take to keep them from being the victim of such a crime?
Mike Belshe: 00:57:37
Yes, we have a love hate relationship with banks. We forget the part that we love, but these types of physical threats don’t happen kind of on the US dollar side of things today. And yet now they’re happening on the digital side. And why is it? It’s because as individuals, if we have direct access, we can cough up the money to the attacker. But, when it’s at your bank, it’s a lot harder to get away with it. So, the banks are providing a service in terms of keeping safety of asset and, that’s what they’re designed to do. Now what we don’t like about the banks is that they’re slow and cumbersome in process and costs a lot of money. Wire transfers are expensive, et cetera. So can we get to a world that is a better blend of that? I believe we can. I think you do it with a combination of personal and institutionalized storage. So if we really got to a world where a large percentage of your net worth is in crypto, you really probably shouldn’t hold it yourself. If the attackers know that it’s at your house. If the attackers know that they can get you, you are vulnerable. And this is a unique problem to digital. So what you could do is you could take that. Give it to a qualified custodian, which is a regulated trust company type of thing, for the vast majority of your funds and you blend that with a hot wallet. So the hot wallet is a small amount of money. It’s kinda like the cash in your wallet. You don’t want to get mugged, but you know, when you get mugged, you usually don’t get held at gunpoint and murdered and things like that. There’s always some amount of risk that we carry with the cash that we have on person. But we can do the same thing in the crypto world where large amounts of money, they’re stored with professionals far away from you. Make sure that the attackers know this, right? So make sure people don’t think you have tons of bitcoin on you. If they think that you’ve got bitcoin, it’s already too late. Once they’ve kidnapped you, you’ll be in trouble. So I hope this problem gets better fast. But it looks like it’s probably going to get a little worse before it gets better.
Laura Shin: 00:59:46
Why do you say that?
Mike Belshe: 00:59:49
Because I think right now there are a lack of solutions that are institutional holding of money. The people that do have large amounts of bitcoin are prominent and known, and I think, unless you’re storing with a mechanism which is immune to this and making that publicly known, there’s going to be a few more of these.
Laura Shin: 01:00:12
So something that was a little bit funny is that your employee Jameson Lopp replied to a tweet that I made about Nathaniel’s Popper’s story on this topic. He wrote about the different kidnappings and muggings that were happening in this space. And I tweeted that part of the reason it’s happening is that there haven’t been good custody solutions yet. And Jameson Lopp replied that he thought good custody solutions was an oxymoron and it was a regression to legacy trust models. However, in the New York Times story, he’s also featured as one of the people who protects his crypto by letting it be known that he has a gun. So you know, that rich person isn’t going to take these kinds of measures. So I just kind of wanted to get your take on Jameson’s opinion here. So it sounds like you think that reverting to the legacy trust model is sort of the way that this is going to go. Is that correct?
Mike Belshe: 01:01:20
No, let me give you three answers to it. First off, I love Jameson, he’s fantastic for a number of reasons, but frankly he’s a little bit off the deep end in terms of how to secure to your bitcoin. In that article, you see a video of him firing a semi-automatic AR-15, which pretty much the rest of the world wants to ban. So yes, you’re right. If you want to have a small army. That is one way to protect your bitcoin. He’s also publicly made it clear that he is going to take extreme measures and move to a remote undisclosed location. And, kind of wall himself off from the rest of the world. So you’re right, if you like that lifestyle of having your own gun, your AR-15’s in the house and isolating yourself from the world, maybe you don’t need a custodian.
Mike Belshe: 01:02:07
Now, the challenge is how do we get to a world where you’re not having to just trust all custodians and I think we’re gonna see the pendulum swing a little bit both ways. So today, you’re responsible for your own peace. With your own custody. And then that creates a set of problems. The custodial options aren’t there yet. There are not a lot of good brands available that will hold it. That you can trust from a technology perspective. That you can trust from a regulatory perspective. That you can trust from a risk perspective. BitGo is trying to build that with our solution. Now moving to that, you’re right, that could look like the legacy model. But now, can we do something that blends the two? And I think we can. And actually I think the underpinning that we need for it is multisig. And it is a blend of allowing you to have some of the keys but not all of the keys and also to have a set of policies and rules around that wallet which are defined by you and the way you like it. So when you use these things together. It’s a combination of hot and cold wallets. It’s a combination of keys across different parties, we are not going to revert back to the legacy model. So you can see your money on the chain, which is totally different from anything we have with banks today. Anyway, I agree with Jameson in part, if we were to revert back to the legacy models, that would be very bad. But I disagree that all custodianship is just carte blanche. Oh, that’s just the legacy model.
Laura Shin: 01:03:37
Yeah. It sounds like you are painting a future where it’s a little bit like Goldilocks, there’s one extreme and then the other. And then this sounds like some sort of blend that you guys are working on. So maybe we will get there. All right, well it’s been great having you as a guest. Where can people get in touch with you or see your work?
Mike Belshe: 01:03:59
I’m easy to reach at BitGo. I’m [email protected] if you’re interested in our sales, we have [email protected]. All of our products are pretty much available online. You can kick the tires on them and if you like them, give us a call.
Laura Shin: 01:04:13
Great. Well thanks for coming on the show.
Mike Belshe: 01:04:16
Great. Thank you very much for having me, Laura.
Laura Shin: 01:04:18
Thanks so much for joining us today. To learn more about Mike, check out the show notes inside your podcast episode. Also, be sure to follow me on Twitter @LauraShin. New episodes of Unchained come out every single Tuesday. If you haven’t already, rate, review and subscribe on Apple podcasts. If you liked this episode, share it with your friends on Facebook, Twitter, or LinkedIn. Unchained is produced by me, Laura Shin with help from Elaine Zelby and Fractal Recording. Thanks for listening.