SLP118 Mike Belshe – BitGo Bitcoin Custody

Mike Belshe, CEO of BitGo joins me to talk about his journey with Bitcoin and the challenges BitGo faces in being the world’s largest Bitcoin custodian. We talk about:

Coming into Bitcoin
How secure storage evolved in Bitcoin over time
Technological and Procedural techniques used today to enhance security
Insurance
Contentious forks
The risk of government
Future of Bitcoin Custody

Mike Belshe links:

Twitter: https://twitter.com/mikebelshe
BitGo: https://www.bitgo.com

SLP Bitcoin Custody Series:

https://stephanlivera.com/slp-bitcoin-custody-series

Sponsor links:

Kraken: http://www.kraken.com/?utm_source=podcast&utm_medium=stephanlivera
Unchained Capital: https://www.unchained-capital.com/?utm_source=Stephan%20Livera&utm_medium=Referral&utm_campaign=Affiliate
Bitcoin Outlet: https://bitcoinoutlet.com/ use code: LIVERA for 21% off
GiveBitcoin: https://givebitcoin.io/?grsf=d3nqrm

Stephan Livera links:

Show notes and website: https://stephanlivera.com/
Follow me on twitter: https://twitter.com/stephanlivera
Subscribe to the podcast: https://plinkhq.com/i/1415720320

Podcast Transcript by GiveBitcoin.io:

Stephan Livera: Mike, welcome to the show.

Mike Belshe: Thanks. Nice to meet you, Stephan.

Stephan Livera: Thank you. Mike. I know you’ve got a long history in Bitcoin and I’d love to hear a little bit about your story of how you came to Bitcoin and what was it that interested you?

Mike Belshe: Sure. Um, well, you know, I mean my story is fairly typical. I think of the 2011, 2012 era, I wish I were smarter. I read the Bitcoin white paper. Actually before I read the white paper I’d heard of Bitcoin and I investigated that. I was like, ah, it’s a scam. Later I heard about it again. I said, ah, that’ll never work. And then eventually I read the white paper. I was like, wait a minute, does this really work? And like a lot of computer scientists, you know, once you start reading that and then you start to challenge yourself, like, can I break this? And like others, I start probing and trying to find holes and I couldn’t find holes. And that got me excited. And then you start to think about what the heck is money, you know, and, I’m an American so you know, we are, I think fortunate in America to have a, a very to say stable is, probably the wrong word.

Mike Belshe: I don’t want to connote the wrong thing, but relative to other parts of the world, um, you know, the American economy has had a good run and never really thought about what money was. And you start to think about that. You start to think about the computer science applications. You start to think as a technologist. Um, and that’s what I’ve done for the last 25 years. I spent my time at startups. I like innovation. I like building things from scratch. It gets your mind flowing and I was hooked pretty fast once I really, really dug into it. And you know, you keep digging deeper and you keep trying to find holes and you can’t find holes and you know, gosh darn it, then you get excited about what this thing can do. So I mean that’s how I got started, or interested, pretty typical.

Mike Belshe: And then with regard to, to getting into where BitGo is today. Um, initially I was evangelizing to my friends and saying, I usually get some of this stuff. I thought some of this stuff and, uh, convinced them to and as the technologist and the crew, um, I held it for them. I was secure. I was worried about security and I was playing around at different things. So I did that. I had a laptop, which I, which I air gapped. Um, it was custom built and um, and whatnot. But, um, I threw that underneath my couch and just let it sit there for awhile and then that grew in value and eventually grew in enough value. And I was worried my kids might pull it out. It was just under the couch and I thought they might spilled Coke on it or something and move it.

Mike Belshe: Um, I thought, you know what, there’s gotta be a better way. Um, so, uh, you know, my background prior was I was at, I was at Google, I was one of the first 10 guys on the Chrome team. Chome does a tremendous amount for security. I don’t think that Chrome team gets enough credit for how much they’ve done in terms of securing the web, whether you’re talking about SSL or whether you’re talking about how you patch browsers or whatnot. But there’s a tremendous amount that went on and had been exposed to some of the web crawlers, statistics from Google measuring the amounts of malware on the internet. And it is just an exponential curve, right? It’s the type of viral curve that, uh, you know, any app developer would love to have, which is not good. So I was actually afraid that someday I would go to turn on this laptop or move the coins and they were held in just single signature wallets.

Mike Belshe: And you know, if there were malware on my machine, would I lose it all? And some of it was my own money and it was substantial, but, more was not belonging to me. It was belonging to people that have much more money. And so that led me to dig and, uh, dug around and found this thing called P2SH, which is a obscure portion of Bitcoin had been already around for I think about a year by the time I found it. Um, and nobody was using it. There were literally zero wallets that could utilize P2SH as part of them, there was multisignature transactions, but it’s a different experience, um, requires a lot more kind of manual work. So, I wrote a little paper about, Hey, maybe we could do this with a kind of a, a three party key system to mitigate both theft and loss. And I circulated that and got a lot of positive feedback. So next thing you know, BitGo was born out of that.

Stephan Livera: Fantastic. And when, when roughly was this, just so we can situate it in terms of the timeline of, you know, the security and improvements that came in Bitcoin,

Mike Belshe: that was early 2013. The summer of 2013 was, was me coding. It was actually a big slog. Um, it was, uh, it was me coding server side, client side, learning about Bitcoin at the same time, putting all together, um, not knowing exactly what direction it would ultimately take. But, you know, a lot of innovation and uh, you know, startup type of work is trial and error. Um, it’s meeting with people is trying to understand what do, what do people want? What’s missing, how can you do something that’s meaningful, um, you know, things like that. So, uh, the early versions of BitGo are kind of a consumer grade, web based wallet multisig and wasn’t sure if it was going to be a consumer type of thing or whatnot, but quickly started defined as I learned who was interested. The large value holders were interested in, right?

Mike Belshe: They were interested in securing large amounts of money in it. It’s, it’s pretty common sense, but the more value you have, the more time and money and effort you spend securing it. Right? So the amount of security you would apply to a $1 million problem is very different than the amount of security you would apply to. A $1 billion problem. And I think that’s played out. In pretty much throughout BitGo’s history and I think it’ll continue to go this way. We back in that era, we were talking about million dollar wallets and that was a lot of money. Remember all of Bitcoin was about $6 billion at the time. Market capital, so million dollar ish wallets were big. And then, uh, you know, that grew to $10 million wallets and then, you know, eventually that grew to $100 million wallets than billion dollar wallets. And now we’re having to think about is like, how are we going to secure not $1 billion wallet, but a trillion dollar wallet. I’ve done a couple of talks on what securing trillion dollars looks like. Um, I’m not sure I have a perfect answer, but the point is, is that you’re constantly upgrading security. You’re never done. You just keep working on it. You just keep raising the bar. Um, and uh, it’ll continue that way forever.

Stephan Livera: Yeah, that’s really fascinating. And I think it’s important to situate it correctly because in early 2013, there was no hardware wallets then and I think a probably Armory Wallet was one of the early wallets that was around and at that point probably one of the more secure setups you could do then was an offline armory wallet. So you would have the full nodes, how, uh, you know, connected to the internet and then the case held on an offline armory. And I suppose that was one of the more secure ways back then. How did a the BitGo model evolve and compare against some of the other early secure ways to store your Bitcoin?

Mike Belshe: Yeah. Um, well Trezor, was just getting kind of funded and developed. Uh, I think late 2013, maybe early 2014 I might have the date wrong on that. Um, armory was a single sig cold storage wallet at the time. They didn’t have their multisig variants in place until a few years later. So, um, you know, actually a usable deployment for multisig it was kind of the first of its kind at that point. And BitGo is, you know, I didn’t, I’m a technologist, right? So the idea of a regulatory framework, money transmission, things like that. I was really much more interested in the software side of things. And so the, the BitGo at the time was just BitGo go holds one key and you hold two keys. And at that time did that mean you’re a bank? Did that mean you’re a money transmitter? Did you have to have regulatory was very unclear.

Mike Belshe: Um, and by the way, it wasn’t until just May of this year at least for the United States and other countries all vary. But in the United States, a FinCEN came out with guidance just May 9th of this year. And they said very clearly they vindicated all of what BitGo has done for the last six years, you know, holding a single signature, a single key and a tri-party wallet is not money transmission. Um, it’s good to finally hear that. Back at the time I was saying, I had this two factor litmus test, which was like, look, I can disappear off the face of the earth and you still have your money. And on top of that, you know, I can never transact unless you participate. So my conclusion from that is that if those two tests pass, that I’m not holding the money. But that’s very much the layman’s description.

Mike Belshe: It has nothing to do with the law lawyers crafty, they’re clever lawmakers or even more crafty, more clever. Um, you know, regulators and lawmakers weren’t sure. I did a, this is funny. I did a talk at the California Senate. Um, I was called in to talk about multisig, uh, probably 2014. And, you know, they were considering whether they should pass a, uh, a law here in California, um, around cryptocurrency. And it must have been 2015 or 16. Actually, I think it was, I think it was too early. But, um, they wanted to understand multi-sig because remember, we’ve never had financial assets before that had these software like properties, right? Where you can actually now have multiple participants be required. We’ve had multi-party checking account systems, but we’ve never had them with cryptography in a way that you can mathematically prove that it works.

Mike Belshe: So, so this was new. They didn’t understand it. They want to understand why. So I got up on stage and I started my talk by pulling a a hundred dollar bill out of my wallet. And I said, okay, who has custody of this hundred dollar bills? And they’re like, okay, I guess you do. All right, fine. I handed it to a guy in the front row and I said, now who has custody? They’re like, okay, he does. And I take it back after he progressingly gives me back my $100 and I rip it in half. I give him half and I keep half. And I said, now who has custody? And I think all of the senators were in shock. They’re like, did he just rip $100 bill at the State Capitol building? But the point was made, right? Which is that with multisig you can create these combinations where multiple parties are mathematically required to participate in money and it’s a door that opens all kinds of avenues.

Mike Belshe: Um, you know, the two of three is a simple case to reason about, especially for retail. There’s reasons why that works easier than other things do. But even at the business level, you know, as you can go down from two or three to three of five or four of seven and there’s pros and cons of all that there’s features on the chain that are helpful, some features on the chain that you wish were there. Um, but as software gets better as we figured out what type of money works best for us as people as opposed to as best for us as governments, there’s a ton of opportunities. So, anyway, that’s a little bit about how we got started.

Stephan Livera: Yeah, no, that’s, I think that’s really interesting. Because I think we can look at it now and see there’s a bit more of a plethora of options coming. One question I had was around making sure that, so in that example, even if it go where to go away, can the customer still recover it on their own and so on. And I guess part of that is having all the right xPubs and the redeem scripts and so on so that you know, the customer is able to do that and they need to make sure they’ve got the right technical competence to be able to execute that correctly. Do you have any comments around around that?

Mike Belshe: Yeah, I mean this question has come up a zillion times for us. So we publish open source tools where clients can verify that at work. So when you create your wallet as part of that provisioning process, you get what we call a key card, um, which is a representation of the keys involved with your wallet. Now we have one and the client only has the public version of that and the client has two and they’ve got a couple of different versions of how they can store that. And then we have a little bit of backup in case they forget their password because frankly, even though we’re mostly worried about theft, I mean that’s the thing that scares us, keeps us up at night. Frankly, we are our own worst enemies and we are far more likely to lose it than to actually have it stolen.

Mike Belshe: But, because of that, we have a backup procedure where BitGo doesn’t have access, but we can help you recover your, your backup key in certain cases. Anyway, we gave you that key and then there’s open source software and it’s been tested and tried by many people, to verify that yes, indeed, if BitGo disappears off the face of the earth, you can absolutely get all your money back. There’s, there’s no code escrow. You don’t have to go to some third party, you can do it yourself. Now the only challenge that really remains there is that, you know, cryptocurrency is a pretty technical beast and you know, an average person that’s not a developer would have a hard time walking through that. But the point is that the software is open source. You could hire a guy relatively cheaply who basically understands the basics of multisig and Bitcoin and he’d be able to recover the funds for it.

Mike Belshe: Right. Uh, and can you give us just a bit of an overview around the different service range that BitGo offers today? Sure. Well, we started out as a software technology company. And my belief is that a good crypto custodian or financial services player today has to still be extremely capable and competent at the technical layer. I mean, there’s a ton of innovation that’s going on. There’s new coins that are coming out, there’s even massive changes within Bitcoin itself. We’ve got Schnorr signatures coming, taproot coming. What does that mean? What features are different? How do you provide your service differently in light of those changes? So it’s a heavy duty technical component, but things have changed a bit since 2013 when we got started. Uh, 2013 I thought, you know what, we’ll build this technology and software stack with hardware, software, et cetera, and we will sell that to banks and financial institutions and others that know how to provide service around it.

Mike Belshe: Trust me, the last thing I ever wanted to do was to become a banker. Um, but you know, here I am and that’s kind of where we find ourselves. We’re not, we’re not a bank. We’re a trust company, which is slightly different. But we are a fiduciary. We are regulated and we have a lot of oversight. Now we run our own technology, which I think is important because if you don’t run your own technology in this day and age, maybe someday we’ll get past this. I think it’s a precarious perch, but different topic. But what happened was the early days of crypto were at a smaller level of security and they were very much individual-based. And the great thing about crypto and Bitcoin is that as an individual, you’re on the same playing field with the bankers. That’s the first time ever, right? Like as an individual, try getting money outside of crypto from here to China, you can’t do it right.

Mike Belshe: I guess you could put in the mail, good luck. I hope it doesn’t get stolen. But with crypto, you’re on the same level playing field with them. So that’s phenomenal, right? But when you get to large amounts of wealth, large amounts of storage, and you can think about this for yourself and try to reason about it. You know, Bitcoin is like cash. We don’t like to keep all our assets and cash stuffed in our mattress and taking on security as individuals that are uh, not generally familiar with security. How would you do it? Would you put bars on your windows? Would you put a security guard outside your front door? Um, yes. The math, the crypto gives you a lot of protections, but it doesn’t solve against fire, doesn’t solve against death. That doesn’t solve against someone coming and putting a gun to your head.

Mike Belshe: So banks do actually play a valuable role. We kind of hate the way banks have evolved, but there’s a piece of what they do that actually value. And actually right now at this point in time, BitGo seeing a tremendous number of folks coming to us from kind of the high net worth family office perspective. They used to hold the money on their own. They’re like, you know what? This is just, it’s too rich. I can’t do this. I need someone who knows how to do this. I want to hire somebody. So when you want to hire somebody else to hold your money, you’re looking at a fiduciary and frankly, whether it’s Bitcoin or gold or stocks or any other type of asset, when you’re holding money on behalf of someone else, we expect a higher bar. We expect somebody that is not going to be selling an asset yet recommending it to you, right?

Mike Belshe: We expect somebody that is not going to front run us. We expect somebody that’s gonna know how to securely store it. We expect something that knows the industry. We expect something that’s got a capital balance sheet. We expect somebody that’s got backstops in case they fail, right? All these things matter. Um, unfortunately with digital assets, because they are so new, so revolutionary, so potentially disruptive to the existing incumbents, the existing com incumbents have a inverse relationship between risk and reward. The risk is much, much higher to them than the rewards or profits today. So they just haven’t come in and we are getting there. We’re making great inroads, but the financial setup isn’t right for the large incumbent financial services companies to get in. So BitGo decided to go and become a financial services company, decided to become a fiduciary. We can now hold money on behalf of others and help others who are fiduciaries, hold, hold money and crypto assets, um, safely so that they can build additional products.

Mike Belshe: Right. As I understand today, BitGo serves many exchanges around the world who are themselves holding on behalf of their own customers. That’s right. Yeah. I mean a BitStamp just announced that they’re moving all their cold storage to BitGo. Um, others do it as some are public about it, some are private about it. I think it’s pretty clear that BitGo is the global leader in terms of, both transactional, real time wallet needs as well as cold storage needs. Um, a little known fact, uh, that is that actually BitGo is over 20% by volume of all Bitcoin transactions today, globally. And that’s because we have, you know, a lot of the larger clients, higher higher volume clients use it using BitGo. Um, so we’re, we’re proud of that. Um, it’s a, it’s a heavy burden and that’s why BitGo has moved to a level of security that’s actually pretty far beyond what most of the smaller players are about.

Stephan Livera: Right. And I guess just comparing some of the different cases there, let’s say you’re an individual HODLer, you are probably caring more about just cold storage and rarely doing transactions, but if you’re one of these larger Bitcoin companies, you actually do need to do large transactions as well. And so I guess that necessitates some level of segregation between things like cold and warm wallets. Can you expand a little on that, on how you’re thinking on that?

Mike Belshe: Sure. You know, so hot and cold comes up a lot. We’re big believers that cold storage is a great way to go, especially today. The net result is like the amount of security you apply to a problem is proportional to the value of, of what you’re securing. So, uh, for realtime needs, obviously cold storage doesn’t work that well, right? You’ve got it offline. It takes time and effort to bring it online. So we use a small percentage of the assets in a hot wallet and the large majority, 95% plus in cold wallets that are rarely accessed. This is exactly what you would expect. Basically, we’re putting additional controls on large money and less controls on low money, and then we manage the risk appropriately. Um, frankly, you know, if you can move $1 billion quickly, it’s not secure. It’s as simple as that, right?

Mike Belshe: And this applies to dollars as it applies to gold as it applies to anything else. And you know, one criticism we hear on on this front is like, you know, here we have this fantastic internet money and how do we secure it? We take it off the internet. Now I’m a technologist and of course it’s incredibly disappointing to hear that. But what is our job as a custodian? Our job is to secure your assets. A custodian’s first and foremost position is safekeeping, right? So am I doing my job? If I’m keeping your your money online 24 hours a day? No, I’m not doing my job. It’s irresponsible. And anybody that tells you that they can come up with a hot wallet where they’ve got it all figured out. Now remember, you know, there’s new companies that are coming out offering hot wallets and they’re saying go ahead and put $1 billion in and our technology is secure.

Mike Belshe: Facebook has been hacked. They’ve got fleets of engineers, 20,000 deep. Google, even bigger than that. Now governments don’t help you. The government census Bureau here in the U S has been hacked so that every identity of every U S government employee ever has been leaked. And yet these guys with 20 person startup teams are like, Hey, I’m going to solve this problem is pure hubris. Frankly. I would love to see technology be able to win this game, but if we really want Bitcoin to win, the first thing we need to do is to make sure we have no more losses. Safekeeping is absolutely the number one thing. So, you know, like I said earlier, you know, Bitcoin by volume on realtime wallets, we do more in a day than other competitors do in a year or ever. Um, so you can definitely handle the real time transaction needs of the world’s largest exchanges, no problem.

Mike Belshe: And you do that by mitigating the risk with a relatively small pool of money that you completely backstop. And then for the large majority of funds, and frankly $1 billion doesn’t move that often. You put it in cold storage, keep it offline, keep it totally safe. It’s the best thing to do.

Stephan Livera: Gotcha. Uh, what does it take then to take security to that level? Is it auditing, internal controls? What are some of the factors involved to take it to that level?

Mike Belshe: Trust nobody. Um, yeah, so I mean, security can be simplified down to eliminating any single point of failure. Um, and of course humans are single points of failure. Computers are single points of failure. At some level two humans are two single points of failure and you break those apart. Um, so you’ve got to start with the technical architecture that keeps everything separate. That’s good.

Mike Belshe: That’s part of it. Um, unfortunately humans can screw that up too, right? So humans can create a great password, but they can also write it down and put on a sticky tab and stick it on their monitor, not very secure. So technology alone doesn’t get us there. The second thing you need to do is you can do put in process and procedures and controls. You need to break those apart. And you know, we’re mitigating single points of failure risks, right? Where you could have a single computer, a single human, a single government, a single geography, all of these are single points of failure and you have to think of all of them and you get them audited. So in the case of BitGo, we do SOC 2 audits. Um, and by the way, as a technologist, I kinda hear audits and I kind of think, Oh, bureaucracy, slow, stupid.

Mike Belshe: Not very smart. That’s probably all fair and true. But at the end of the day, in order to get a SOC 2 audit, which is an operational controls audit, they come through, they look at your procedures about how you’re separating this apart. How do you have a team to be teams? How do you split across two different companies holding these different keys? Are you really doing that? What happens when someone leaves your company? Do you have a policy for that? What’s your business continuity plan in case your data center goes down? All of these different points of failure, they double check it and you get somebody else to come in and look at it. And you know, the reason BitGo has a cost effective insurance program to the tune of $100 million is because we are able to convince an underwriter to get excited about, you know, “Hey, we can take on this policy and not lose money.”

Mike Belshe: But that’s by looking at your SOC 2 audit, doing their own audits. And by the way, when it comes to $100 million, these guys are no fools, right? They have insured, you know, massive piles of gold and other assets many times. And they ask really intelligent questions. They may not know the technology, but in terms of how it comes down to fundamentally securing the stuff, they know where to probe and they know where to look. So it takes a lot. Um, it, part of it is sexy, this technology piece and part of is unsexy, this procedural piece and hiring redundant sets of people, putting them in redundant parts of the world, separate, far apart. You know, it’s not exciting, but it’s important. And at the end of the day, we want to have a boring business. A boring business is one where every day when you wake up and you log into BitGo, your full balance is there and there’s no excitement and it’s never not there. So that’s what we do.

Stephan Livera: Great. And with the insurance, I’m curious to dive into that a little bit deeper. So as I understand, BitGo has the 100 million, uh, insurance that involves a certain level of comfort around, uh, for the customers, of BitGo. But as I understand, then the insurance company will impose certain conditions and say, well, that that only applies if the theft was of the physical keys, that sort of thing. And that’s, that’s one of the components where they want to make sure, okay, this is the part we’re insuring for. And then this other part you’re not, we’re not ensuring that.

Mike Belshe: um, I wish I could say it’s in a better state. So what I can say is, um, I care a lot about this topic. Uh, I care a lot about getting the best possible insurance that BitGo can get. And, and if you look at BitGo’s policy, and we do share this, you know, we have to under NDA, not because of us because the underwriters require it because the underwriters and the brokers of insurance live in this antiquated world where they create fiefdoms and they protect themselves by creating semi proprietary product. Um, but we’ve spent literally years working with underwriters, um, to cover insider theft inside of that by key executives, hacks, geographic disasters, et cetera. Um, and I feel quite confident in saying we have the most comprehensive insurance policy you can get. Um, do I trust insurance underwriters? Not 100%. I would love to see tremendous more transparency from the underwriters and the brokers.

Mike Belshe: I think if that industry evolved and took a page out of Bitcoin, frankly, we would all be better served. It is not right that you have to have a PhD in insurance to go figure out whether this insurance policy is better than that one. Um, so I’m incredibly dissatisfied with the state of insurance, but that, that actually has nothing to do with crypto that has to do with insurance agents, kind of like real estate agents living in a decade of the past. So nonetheless, uh, yeah, we’ve, we’ve taken great care to do everything we can. We’ve met with, I don’t know how many hundreds of different underwriters that have evaluated that go and looked at it. Um, but, we’re doing the best that we can. Uh, I think the industry can do better. Uh, I think that part of it goes job is to continue to push that better and to make it more transparent and to make it so that you know exactly what is covered and what is not.

Mike Belshe: Um, so that’s a fear and, a growth area, I think for the industry. One last point on this, which I think is of interest is as crypto companies get more sophisticated in the services that they offer, I think they need to be a little bit more clear as to how an insurance product might help them. So, you know, today there’s a number of, uh, Bitcoin related products, which are interest bearing and some of them might use BitGo custody, which is great, but you know, if you’re creating interest, how are you doing that? I mean, you know, Bitcoin doesn’t generate interest on its own, so you must be doing something in order to generate that. And most commonly it’s generated by lending the assets out. So if you’ve raised, uh, let’s say you’ve brought in $100 million of consumer money and, uh, your goal is to generate a return on it, you know, you probably have a goal of lending out 60, 70, 80% of that money.

Mike Belshe: So the amount that’s in BitGo and covered by custody insurance would be the remainder 20, 30, $40 million, that range. But the full asset balance and me, we can’t, we can’t ensure what’s not in custody. Right? So in addition to, insurance underwriters being more transparent about what’s covered and what’s not covered, I also think the Bitcoin industry needs to, rely a little less on marketing and a little bit more, in fact, if you’re going to lend out assets, you need to sell people, this is how much we’re lending out. This is how much we’re keeping in reserves. This is what our obligations are in terms of being able to return that capital to you. If you ask for it, is it a two day notice, a five day notice? And then what are the backstops when you’ve lent it out, what types of clients are you lending it to? What credit risks are you taking? You know, so that’s an area that, the Bitcoin industry needs to get smarter about.

Stephan Livera: Yeah, totally fair comments there, Mike. One other area I was keen to go back to, uh, was from some of the earlier discussion around what’s required to do good security or high level security. One component that comes out is this idea of getting tricked out as social layer, right? So if you know for there’s a malicious browser extension and you’re thinking, okay, I’m going to deposit into my custody account here and here is the Bitcoin address to send it to. But actually there’s a malicious browser extension that has replaced that with say the attacker’s address. How do you think about that sort of problem and how to reduce or minimize that problem?

Mike Belshe: For BitGo there’s, I think you can divide it into two parts. One is, is our client tricked in terms of what they want to send. And then the second one is BitGo being tricked. Frankly, on the first, it’s really a usability of Bitcoin problem, right? I mean, the idea that Bitcoin users or any crypto digital asset users can be tricked in this way, is a problem and malware affecting them where, you know, in real time they might be trying to send to you and you posted an address and malware replacing your address. And that’s a problem. Um, so there are some efforts here around payment protocol and others, I think they’ve had medium amounts of traffic and traction, but Bitcoin needs to do better. Like we, we can do better. We’ll get there and I think, that’ll take care of itself at some level.

Mike Belshe: The second thing is what this BitGo do. I don’t mean to be self serving, but I mean at the end of the day, like that is the job. That’s the part we control. We can’t really control what happens to the end user out. But a couple of things. Um, first off again, it’s about checks and balances. No single points of failure. Trust nobody. Um, when we do our cold storage, people don’t realize this, but there’s actually multiple companies involved and each of those companies has independent controls, procedures and operative personnel and you can come and put a gun to my head and I can’t move the money. And that’s because we’ve set up completely independent companies with completely independent people that are required to access key material. So there’s no single person, no single company, no single geography, no single location that has access to everything. And as you go bigger, you continue to separate that apart.

Mike Belshe: So, in the BitGo model, we actually have, I think the first, trifecta of checks and balances. The end user reports a video initially with a transaction that comes in through, you know, electronic means, um, you know, so it’s got typical, protections of, you know, username, password, biometrics, two factor auth type of thing that goes into a trust company that looks at it. They take a look at it and they can call the user back. If it’s a large enough transaction, there’s a small transaction, you’ll pass it through it, right? We’ve got insurance, we’ve got other things take care of. But, um, if it’s a big transaction, you can actually call the guy on the phone, you can check them on video. There’s a number of things that you can do. We also look for red flags, all the different types of fraud things that happened.

Mike Belshe: So you’ve got a two way check. They’re both an online and an offline check. Then once the trust company decides to go to cold storage and an actual transaction, um, you know, that’s multiple people that are there. We don’t have like a single person holding a key. Um, we never do that. Uh, the physical vaulting that we use are class three, bank grade books sound sexy. What does that mean? Class three bank grade vaults is the same thing you’d see in the safe deposit box. Foot and a half thick of concrete and steel, a minimum break in time and maximum break in time that you have for rated vaults. And in there you’ll find keys that are sharded into multiple parts with encrypted, with passwords on separate devices that only separate people know. Okay. If you managed to assemble all that key, you can then send a transaction to a completely separate company, which is now going to process the online processing roles.

Mike Belshe: So first, if the transaction is too big again, they’re going to call back the trust company and say, Hey, wait, we need to check this. And by the way, it’s all cryptographically signed from the user’s original intent. So you can detect any attempts to transform the transaction. Like if we tried to, if someone internally tried to tamper with the address or the amount, um, so it’s got the, it’s got both the electronic and again the out-of-band, um, verification. And then finally, a bunch of policy rules that were set up by the user way back when they provision the wallet. They, so they can say, you know what, it has to come from this IP address. It has to be this time of day of the week. It has to be from this location. It has to be approved by these 17 people.

Mike Belshe: Any arbitrary policy you can think of can be embedded there. And then if we’re still not satisfied or it’s too big of a transaction, we can call back the user again, creating a circle where we’ve actually gone from the user through two completely separate companies back to the user again. So, you know, is anything completely impenetrable? Probably not. Um, but I think in terms of the checks and balances, they’re all there. We’ve had it audited by multiple parties. Um, and then we take this seriously. So the SOC 2 audits are about making sure that all of those policies and processes and controls are actually abided by through the whole system every single day.

Stephan Livera: Excellent. Um, and so I’m also curious as well, do you see any sort of, I guess as you start out with like, with, uh, you know, if you imagine a very small balance, it’s, you know, pretty easy. And then maybe, as you get to a certain size, you hit economies of scale. Do you ever notice it going the other way, like diseconomies of scale because you’re managing such a large amount of money?

Mike Belshe: Um, yeah, actually. Great. We do. So we have clients that manage funds on behalf of a number of clients, right? So maybe they have a million clients. Um, all of us love this idea of segregated wallets on chain. So each of those million clients on behalf of the client can each have their own independent addresses and make up their own independent wallets. The technology’s here, it does that. Um, it turns out that the blockchain, the Bitcoin blockchain, it actually has some scalability issues here. We don’t see it so much right now because fees are relatively low on chain, but you go back a year and a half in time and if you’re trying to manage large numbers of users in segregated wallets, the fee expenses are massive. Um, so I think BitGo was really the first to kind of really address the fee problem and scalability problem.

Mike Belshe: Um, although we focus mostly on the security solution, actually a lot of what we do is also around scalability. Um, some of the largest wallets of the world are at BitGo millions of addresses on a single wallet, millions of users on a single wallet. And in order to make the fees manageable, you kind of have to do some batching and kind of have to do some aggregation. So there’s a strict trade off here, you know, of how much, you know, kind of independence and isolation versus, you know, efficiency. And I would like to see over time blockchain technology that is more efficient on chain. We’ve seen a number of improvements over the last couple of years, you know, so SegWit was a huge thing. SegWit native addressing is also a huge thing. BitGo was pretty much the first to adopt those. So, our multisig transactions, which are bigger in nature because they are multisig the cost of them is mitigated because we’ve made sure to use the latest features. Upcoming is Schnorr and taproot, which are significant milestones moving forward that are, again, you’re going to kind of compress these things now. Um, so I think we see, yeah, we would love to see more scalability on chain so that you can have more segregation of, of, of assets. Um, but this will be a thing that kind of continues as both Bitcoin and, BitGo scale to large number of users.

Stephan Livera: Yeah, really interesting comments. And I suppose that involves all manner of things, whether that’s, you know, coin selection algorithms and um, you know, trying to look at advanced technology that may help, uh, compress the amount of, on chain usage, so such that you can achieve more with less sort of thing.

Mike Belshe: On that point. That’s the, I mean, that’s absolutely true. So one of the folks that works here, you know, back when he was in school actually had done a bunch of research where a white paper, uh, his unspent selection algorithms have been adopted by Bitcoin core. Um, and implemented there. And as we’ve helped clients move, from, prior, algorithms to the new algorithms, you know, they’re saving as much as 75% on fees just through better unspent selection. Um, on top of that, the dynamic adjustment fee algorithms that we use combined with minimizing the size of transactions and batching, again, you know, 90 plus percent reduction in fees. Actually, I just saw this morning Jameson Lopp. He posted a thing about fees. Uh, he had a scatterplot of, different fee rates applied on transactions on chain today. And there’s still a lot of wallets out there that are using fixed fees. When we got started on this thing, you know, people charge, I forget what it was, you know, 0.01 Bitcoins per per Bitcoin, um, thousands of associates provide, I forget, um, but pretty high level of fees. And so BitGo has stayed on top of this. And because we have so much scale, we’re, we’re doing a lot more and it’s, it’s an, it’s an ongoing thing and we will continue to lead the lead the force on a SegWit and then Schnorr signatures and taproot, et cetera.

Stephan Livera: Excellent. Uh, what about now, I’m keen to discuss who should go with a custodian such as BitGo and who should self custody? What are your thoughts there?

Mike Belshe: Great question. I mean, ultimately I think we’re all gonna have a combination of both. But the great thing about Bitcoin is you get to choose and you get to choose where the threshold is. So, with your Fiat currency today, you probably are already using a combo. You have some amount of cash in your wallet and you know, that, you know, you could lose your wallet, you could get mugged or whatever and you’d lose some amount of money and some people put a few thousand dollars in their wallet and some people put a few dollars in their wallet. Um, and that is your choice. I think that in terms of really getting to scale, um, you know, on one hand I love this decentralized idea. Like what if everybody could just hold their own money and there’s no middlemen. I think that’s a nice utopia, but, um, I know for a fact that people that have large amounts of wealth, they A) don’t know how to secure it that well.

Mike Belshe: They don’t think of things like what happens if they die? They don’t think so. Fire, all these types of problems, they don’t think about how they’re going to protect themselves from getting mugged or whatnot. Um, so they don’t want to deal with it. Um, and we aren’t going to have global inclusion on crypto until you can hold it however you want. So if you want to use somebody else as a fiduciary, we need to build that banks. Why not? And if you want to hold it all yourself, we can build that too. I think that one’s actually farther along, which is the great thing about the coin.

Stephan Livera: Also, I guess the other question that might weigh on the minds of Bitcoiners or potential customers is if there were to be a contentious fork in Bitcoin and you know, if BitGo where to go the other way let’s say, and the customer is saying, “No, I don’t want to go with that”. What’s your thought there on what the customers should be thinking about or what the people should be thinking about there?

Mike Belshe: Well, I mean that sorta can’t happen. Um, because BitGo is not going to choose a horse in the race. Um, our job is custodian and safe keeper of your funds. So if you’re looking for a custodian, you’re looking for somebody who is not religious about a particular technology or fork. You’re looking for somebody who’s going to say, look, I’m holding this on your behalf. I can help you keep it safe. If it goes that direction to the left or that direction to the right, we’re okay with both and you’re still going to have your money. That doesn’t mean that we’re going to follow all forks, but it does mean that if a fork is coming and we’re not going to support it or we’re going to tell you that. Right? Um, but I think if you look at BitGo’s history, we actually have followed, um, you know, I don’t want to paint a preference towards Bitcoin or BCH or BSV.

Mike Belshe: Um, but BitGo has provided all of those to our clients. And in the case of BSV, we had to go to great engineering lakes. So we published a paper, uh, gosh, it’s several years back about kind of what we would want any hard fork to look like in terms of replay protections and safety to the holder. Um, and we said any fork should have these properties. BSV came along and they did not implement those properties, right? So we had to go figure out how to build replay protection in both directions for BSV. And we did that. Um, and I think we were one of the earliest to deploy that. Um, so there’s a lot of challenges with like, “Are you gonna support every fork?” Um, is there ever such a thing as a fork that’s too small? Probably. I mean, if two guys go out on their own limb and they’re the only two guys, you probably don’t want to support that as before.

Mike Belshe: I guess technically it is, but um, you know, you may not be able to support that. Um, on the other hand, the true value of the coins is still maintained. So this is a hard thing. I think the good news is that this is going to become less and less of an issue over time. I think, you know, we’ve had a lot of learning experiences in crypto and those that have smaller chains are looking to figure out, how can we leverage that bigger chain to make our chain bigger? Forks and airdrops are neat. At the end of the day they’re kind of gimmicks to jumpstart a new coin. Right? Um, so I think the world will get smart to gimmicks and these would become a thing of the past, right?

Stephan Livera: Yeah. It seems that, we are definitely hearing of less folks nowadays than say 2017 and perhaps 2018,

Mike Belshe: um, these days they changed them to airdrops. I love, well I don’t love, I really hate, but, um, you know, you look at the gamification that’s going into these airdrops and they’re like, okay, on this date you have to signal in this way that you want our airdrop. And then on this date you have to actually commit. And then on this thing, and it’s like, come on, really is this where money is born, is where we’re doing tricks and gimmicks or custom arbitrary rules? Now, frankly, our clients, they have very little interest in this, right? Our clients are holding positions of meaningful value on chains that have meaningful value, and anybody that’s coming and doing an airdrop, to try and leverage that. It’s a gimmick. Um, and our clients today, sure. They want, they want all that value and we listened to all of them and we will help them. But, on the other side of it, they don’t really want us distracted by gimmicks. They want us to continue down the front of constantly securing their asset of value, not helping with a gimmick that’s going to be, you know, a little bit of value for like three weeks and then, you know, decay by 98% over the next six months. And there’s way too much of that going on right now.

Stephan Livera: Right. Yeah. The gimmicky nature of it. Let’s talk about if there’s any risks that could happen if, let’s say a government were to try and apply pressure to a custodian such as BitGo. Do you see any risks there?

Mike Belshe: Yeah, um, it’s a great question. So, um, first of all, I suppose you could, you could, you could assume all governments are nefarious. Um, let’s assume, at least for the moment that they’re not all nefarious. Um, I know we all have some hesitation around Fiat and government money, which is part of what attracts us to digital assets. But the governments are also very much trying to figure out what’s the right thing for them. They’ve had a set of policies and procedures and rules for decades to centuries and they aren’t sure what it means to have this crypto technology. And it’s not unfair that they ask for us to explain how that’s gonna work. Um, I think most people do have some amounts of monetary protections that we expect and we want our governments to be able to help us, whether that’s anti-terrorist funding or um, whatnot.

Mike Belshe: Now this leads us to a point today where what we’re seeing from all of the jurisdictions is that the knee jerk reaction from the regulator and legislator is that they want to hold the keys in that jurisdiction. Um, and I get it right. That’s what they do with their banks and other assets. So it kind of makes some sense, but it’s actually at odds with what the large holders want. The large holders are looking for jurisdictional protection and you know, kind of back to the single point of failure topic, you know, a jurisdiction is a single point of failure. Um, the idea of asset seizure is not science fiction. It’s happened in the U S in terms of gold. People don’t remember that it’s happening in Greece relatively recently. Um, and it’s happened time and time again when governments decide that they need something for the benefit of the country.

Mike Belshe: So none of us as large holders are trying to preserve wealth, wants to be, subjected to that. And then by the way, in some countries, you know, whether it’s well intentioned or not, you know, they just have a hard time keeping control of their currencies. The new people make bad decisions. Part of why we like Bitcoin is we know people make bad decisions. So we want to hand the rules to the machines and the machines will faithfully execute the rules and never, never vary from that. Even if times are tough, and if you’re in Venezuela or if you’re going to Argentina, you know exactly what it means to have your money, you know, inflated to a point where it’s not, not usable. So we find ourselves today in a time where there’s two competing needs. One is regulators that think they want to hold all the keys.

Mike Belshe: And the second one is users that first and foremost want regulatory compliance, but also want to make sure that they’re protected against jurisdictional risk. I think we’re getting there. I think we’re going to actually accomplish both. What we do want long term is a federated network of vaults across multiple jurisdictions such that your money is protected against any single jurisdictional failure. Um, and, uh, I think that’s the path that we’re on. Um, now that’s a very costly thing. Um, think about it, right? Setting up separate companies independently controlled, not manipulateable by a single CEO or head of the master company, and yet making that economically viable so that you can operate them all. Right. I mean, it’s not cheap. Um, so it’s gonna take time. I think it’s an area that, that, that we’re working on and getting better. Um, it’s certainly a part of the vision that I have for BitGo.

Stephan Livera: Great. And on the point of a vision for BitGo, what does it look like over the next few years in terms of future of custody, as you mentioned, trying to spread out across jurisdictions. Are there any other technologies or techniques that you foresee?

Mike Belshe: Yeah, so, so BitGo wants to make digital currencies and digital assets usable by everybody on the planet. And we think that that means that there’s times when you hold on, hold it as an individual and there’s times you want to hold it, you know, with a fiduciary in some capacity, maybe they’re going to invest it for you. Maybe they’re going to just secure it for you, but you want to be able to trust both parts. Now until that latter camp can participate, I think the entire digital asset and Bitcoin space is held back. And what I’m talking about here is market infrastructure. So, I’ll use a, I’m not sure if you’re familiar with, market infrastructure in the U S in terms of equities through the SEC and FINRA, or if you’re familiar with the futures and derivatives world with CFTC. But pretty much any established marketplace, separates checks and balances across multiple parties to help keep investors and consumers safe.

Mike Belshe: And the types of protections are you’re protecting against front running, protecting against just straight fraud. Like Bernie Madoff, um, you’re protecting against someone ripping you off and giving you a bad trade when there was a better execution somewhere else that’s called best execution. There’s a whole bunch of protections that, you know, at least in spirit, some of these government regulators have been trying to fix. And yet we don’t have a marketplace that works today for our decentralized currency. We have decentralized Bitcoin and we trade it on the world’s most centralized markets ever known to man. We take it to one guy who acts as the exchange. He’s the broker for the buyer. He’s the broker for the seller, he’s the clearing house, he’s the custodian for the buyer and he’s the custodian for the seller and is ripe for abuse. And we’ve seen failures. We’ve seen failures at Mt. Gox we’ve seen failures at Coincheck.

Mike Belshe: We’ve seen failures at Quadriga CX, right? When one guy holds all the roles, where’s the checks and balance? So in order for institutional investors to be able to come in, they need to see checks and balances. Um, and although, you know, companies like Coinbase have been, very successful and they’ve grown. And I think they do, they deserve credit for that. You know, they can attract a check from somebody that represents, you know, maybe 10 or $20 million worth of investment money. But if you’re running a pension fund, and you’ve got $1 trillion under management, can you write a $100 million check with 100% counterparty risk to Coinbase? I don’t think you can. Now we hear this time and time again from, from our clients, they’re looking for the industry to mature to a level where you have checks and balances. And to make this clear to like, more retail types of folks.

Mike Belshe: Think about Bernie Madoff. This is a guy that was trading right, and he was claiming to have all these assets, but he wasn’t using an independent custodian. And as a result, he was able to say, I have these assets. And he reported these returns, but there was nobody checking to verify. And as a result, he perpetrated the world’s greatest fraud ever. And that had nothing to do with Bitcoin. It had everything to do with a single point of failure, which was Bernie Madoff. So I don’t think we should rebuild the exact market structure that you have in the equities world. There’s a lot of middlemen there. I think there’s data reasons why all those parties exist. I think digital assets actually changed fundamentally what we can do, especially around clearing and settlement by the way. But we do still need checks and balances and if we want to get to the level where large institutions can invest money in digital assets, whether that’s, you know, real estate backed tokens, whether that’s Bitcoin, whether that’s anything else.

Mike Belshe: They need to have a place where they don’t have 100% counterparty risk on the other party and we don’t have that today. So the custodian of today is somewhat isolated. Someone like the exchange of today is extremely isolated and that they’re taking on this siloed function. We need to build a market structure where you separate first and foremost, trading and holding of asset. It’s two very different subject matter expertises. It’s two very different businesses. You know, while Coinbase is off busy signing up 100,000 new retail clients every day, which is a tough problem and commendable to and of itself, it’s a very different skillset from how do you secure funds. And that probably goes to explain why they still use today, single signature cold wallets. And we’ve known single signature is not the best way to secure a cold wallet for a long time. And yet that’s still what they use.

Mike Belshe: Now I’m not saying they’re not secure, but you know would a bank be better. Would someone that specializes in security be better? Um, another example would be coin check. You remember Coincheck?

Stephan Livera: Uh, no, I’m not familiar with that example actually.

Mike Belshe: Okay. So Coincheck I think it was a year and a half ago, January, 2018 they lost a half a billion dollars in NEM coins. They’re a Japanese exchange, and they lost it, in a single sig hot wallet. And you know, anybody would say, gee, a single signature hot wallet, it must’ve been a bunch of idiots. I don’t think so actually. Um, I think they were simply caught in a whirlwind of growth in a way that they shouldn’t have had been caught if market structure had been proper. So what happened was, you know, 14 months before that they, they started carrying NEM coin and they put zero NEM coins in a single SIG hot wallet, which I would argue is reasonably secure, right?

Mike Belshe: Um, and then they went around plastering Tokyo with ads for Coincheck. And if you go and ask anyone that was in Tokyo at the time, they’ll tell you Coincheck was everywhere and their business grew and they were busy hustling and hustling and bringing in new clients and signing up new clients everyday. And I’ll bet you they had some guys in the back office as their assets grew from zero to 5 million to 10 million to 50 to 100. We ought to figure out a better security mechanism. They’re like, “Yeah, we’ll get there. We’ll get there. We just got to sign up this next client.” Well, they got caught right now imagine different scenario where they did the exchange or they did the customer sign up and yet they had like a trust custodian, like a BitGo. And you know, as they went from zero to a million to 5 million, 10 million, they get a call from BitGo and we say, “Hey, you know what? You got a little bit too much in your hot wallet. We’re going to go move some of that to cold for you. Is that okay?” And they’d be like, “ah, thank you.” Click hang up. And when they got hacked, instead of losing $500 million, maybe they would have lost 10. So we can do that. And that’s all about market structure. That’s separating the duties of who’s trading from who’s storing different expertise.

Stephan Livera: Yeah. Fantastic comments. Thanks very much for that. I think we’re pretty much getting to the end of time now. So just for the listeners, make sure you let them know where to find you and follow you online.

Mike Belshe: Sure. I’m Mike, co founder and CEO of BitGo. We’re at BitGo.com and, you know, any comments or feedback about how to make our products and services better? Uh, we’re always here. Our goal is to build trust in digital currency.

Stephan Livera: Fantastic. Thank you very much for joining me, Mike.

Mike Belshe: Thank you Stephan.

Leave a Reply Cancel reply