Cryptocurrency: Fact vs. Fiction – Security Boulevard

Paul Lee is the CISO of Uphold, a leading technology platform to trade between cryptocurrencies, precious metals and U.S. equities. Paul is considered a leading expert on blockchain and cryptocurrency.

In this episode of “Cyber Heroes, Defenders of the Digital Universe,” Paul and I discuss the realities including strengths and limitations of cryptocurrency in general and regarding cybersecurity in particular.

Transcript

Gary Berman: Hello, and welcome to the “Cyber Hero Adventures: Defenders of the Digital Universe” show. Today’s show focuses on answering the question, “What is fact versus fiction regarding cryptocurrency?” Stay tuned to find out more.

I’m your host, Gary Berman. Our mission is to shine a light on the people and organizations who keep us safe online while at work, home, and school, and to serve as a business to business networking platform for the cybersecurity and information technology community. We’ve learned that 55 percent of human communication is nonverbal. That’s why we include a video feed, so that you have the option of seeing our guests or simply to just listen. You never know who you’re gonna connect with and how you’ll be able to maximize opportunities resulting from hearing from our guests.

As the victim of a series of cyberattacks, I’ve learned that the only time that you hear about hacking or cybersecurity is when the criminals win. Well, not anymore!

Let’s begin by saying thank you to today’s special solo guest. Paul Lee is the CISO for Uphold, a currency trading platform. He hails from Liverpool in the North of England and went to university in Leeds. Now, what I’m about to say comes directly from Paul. This is not me. And I quote, “He enjoys piña coladas and getting caught in the rain, as well as solving problems and making his users safer, whether they happen to like it or not.”

Hey, Paul—welcome to the show.

Paul Lee: Hello, Gary. Thank you for that introduction, and thank you for the disclaimer. It’s appreciated. [Laughter]

Berman: [Laughter] It’s the first time I’ve ever needed a disclaimer, but it’s pretty funny and I give you credit for that.

Lee: Well, thanks very much. [Laughter]

Berman: So, Paul, you know, our audience is about to listen and learn about what you do, but I would like to begin by asking you why you do it. You know, what is your mission? Tell us your origin story.

Lee: Okay. So, I think, potentially, your users will know a book called The Cider House Rules. There’s a—the protagonist is a guy called Homer Wells, and he’s defined in the book by needing to be useful. So, I’ve felt that need since I was pre-uni. I got into IT because of it, because that looked like it was gonna be the next big enabler, you know, the machine—I’m showing my age, now—the machine and information age, IT was just a way to get stuff done.

And then, I went from, I was an IT manager, then I managed other IT managers. In telecommunications, I went through the, there’s a big telecoms provider in the U.K. called Energis. I used to manage systems there. Then I realized that security was a new frontier. A lot of what I did and a lot of the more nebulous stuff, let’s call it the interchange between the people and the machines, it was security. That was the edge, and that was where it was most interesting to be, ultimately. And so, I could be useful and have an interesting life by going into security, and so I did that through kinda the finance angle. Private equity firms were just kinda the wild, wild West, and they used to by software to manage their portfolios, and so, I basically got in on a company that provided software portfolios, software—sorry, portfolio software. And I used to do the IT and then the security for those guys. So, I’ve dealt with regulators, banks, some governments, sovereign wealth funds, all that kinda good stuff.

And then, I loved all that, and then I got the opportunity again to do the cyber security with an IT background in crypto, which is another new frontier, so you’ve got a new frontier protecting a new frontier. It just, it was an irresistible call for me to work at Uphold, so yeah. [Laughter]

Berman: I mean, that’s a great version of the story, and it brings to mind, there is a famous kind of quote from a gentleman, I think in the 1960s or so when someone asked—he was a bank robber, a prolific bank robber, and someone asked him, you know, “Why do you rob banks?” And he famously replied, “That’s where the money is.”

Lee: [Laughter] Brilliant.

Berman: And now the money is all virtual and digital. Tell us about that.

Lee: Yeah, exactly.

Berman: Just tell us about what is cryptocurrency.

Lee: Okay, so, cryptocurrency is a digital-only representation of value. It is not a commodity, but it can be treated as one. So, it’s not a direct, you’re not buying an orange, you’re not buying a face mask in COVID times. You’re buying the value that is derived from the knowledge that this unique digital asset is unique, which isn’t true when you’re talking about the U.S. dollar, the pound, the Euro. It can be spent multiple times and it can be owned, really, by different people and that’s where inflation comes from. Whereas digital currencies initially, I mean, Satoshi’s dream was to ensure that people knew that that Bitcoin or portion of a Bitcoin that they were buying, selling, was known to be owned by one party and then sold to another.

And so, that ownership piece was really important, because it meant that the power was put back into the end user, the ultimate owner of that, and there were no brokers. His dream was that the big banks would be put—not put out of business, but kind of sidelined in this model

Berman: Indeed. And for our audience who may not be familiar with the origin story of Satoshi—and this is an interesting fact versus fiction kind of thing because there’s this entire mythology built around this man. I have looked—

Lee: We assume he’s a man.

Berman: Well, that’s the question—so, what’s the story.

Lee: So, back in, I believe it was 2003—I could be wrong—someone created an algorithm and started talking about it on forums. And the algorithm was public. Some algorithms are, they derive their security through the fact that you don’t really see the algorithm, but this algorithm was put forward. It was essentially a way of creating a unit of value, a thing.

It’s ultimately a hash on a chain. This hash is created through work—the work being a computer calculating two hash values together. It’s essentially, it’s cold work because it costs time and energy and computing power. And so, those things have real value in the real world, and so therefore, if people are spending them, the derived product, which is our Bitcoin, has value based on that, because you can’t just print them. And they use hashing functions, which is a mathematical function, which is one way, it’s a one-way hashing function. In order to derive the end value without using the hashing function or going through the work, you’re talking billions and billions and billions to one, the possibility that you would accidentally create a Bitcoin that would function correctly.

But even if you were able to do that, you wouldn’t be able to write it to the blockchain, which is ultimately the value of Satoshi’s blueprints for a currency. Because what happens is, we can trace all of the currencies and all of the related transactions between—not the currencies, sorry, Bitcoins—all of those related transactions all the way back to when the first Bitcoin was minted where someone solved the puzzle, the hash comparison, the mathematical function, and then created the first Bitcoin, we can see who owned it, it’s a Bitcoin address, so it looks a bit weird to humans, but it’s ultimately a long number. And that is the address of a wallet, and a wallet ultimately will belong to a person or an entity. And so, then, you can spend it or you can keep it. In the industry, they call it HODLing. You can hold it, but it’s called HODLing. [Laughter] So, there are people who HODL and there are people who trade

So, the idea is that that transaction is validated by other people doing transactions on the blockchain. And so, you all get a version of the blockchain, it’s a kind of voting consensus algorithm. So, if one person is trying to erroneously spend someone else’s Bitcoin or mint a Bitcoin outside the confines of the security paradigm of the currency, it will be spotted, because it won’t look correct and the hash will be wrong and other people validate that.

Now, we can talk about the types of attack that can go, that can be possible on a blockchain that don’t have so many people involved. But the more people involved, the more transactions involved, I should say, because a lot of them are machines. It’s not all people transacting, it’s a lot of automation as well. The more individual transactors on the network, the more trustable it is from a certain perspective. Because if you imagine—I’m sorry if I’m going off on one, but—

Berman: No, no, not at all. I’m really happy that you’re doing this, because it really is like layers of an onion, you know.

Lee: It is. It totally is.

Berman: And the more you kind of look into it, you know, the more there is. I remember when I was first on my kind of Forrest Gump improbable journey into cybersecurity, I went to a cryptocurrency conference.

Lee: Which one was it?

Berman: It was in Miami, where I live, a couple years ago. And there were some things that really just jumped out. Number one is, I had had—this is a fact versus fiction kind of thing—this view that cryptocurrency equals Bitcoin. That there was only one type of currency; I’ve subsequently learned about Monero. And there were 100 booths there with this entire ecosystem around the notion of cryptocurrency and I had the privilege of listening and learning from some people from the Bitcoin Foundation and things like that.

Can you take our audience, you know, peel away some of these onions about the ecosystem?

Lee: Yeah, okay. To keep it fairly high level—so, we are a trading platform. And so, we allow people to trade in multiple currencies—fiat currencies like dollar and pound and then cryptocurrencies. And then there are things called stable coins, and then there are also digital commodities.

Now, there’s different names for these things, but ultimately, you are paying for or buying the underlying value. So, people are trying to sell different underlying values. So, we trade, and lots of other platforms trade now in AU coins. So, it’s essentially gold. So, somewhere in the world, gold is owned by the people who mint the coins, the digital coins. And you are essentially buying into the fact that you will own this underlying or asset, this commodity. So, it’s like a traditional commodity, but it’s digitized. And so, you don’t have to go through a traditional broker. You are essentially trusting the person who’s issuing the currency. So, there is that.

There is what people call digital gold, which is Bitcoin. A lot of people refer to Bitcoin as digital gold, you know, it’s the progenitor of a lot of the thinking around cryptocurrency. And we’ve talked about Satoshi, you know, we can go into loads of detail about the tech of it, but ultimately, it’s the immutable blockchain that’s public, you know, that’s the thing. There’s no obfuscation. There is no prevarication about, “Oh, I’ll pay you on Tuesday, I’ll do this, blah blah blah.” If you go into a transaction, it’s there and then, and it’s validated. The reason it takes time on the blockchain is because it’s validated by your peers.

Berman: Well, let me ask you about that. Forgive the interruption, but you’re saying so many important things. So, it’s a question of time for transaction, you know, if someone were to buy something using a credit card, it’s microseconds, you know?

Lee: Yeah.

Berman: If someone—tell our audience about that. You know, what is the latency

Lee: Yeah, so the latency—I think at one point it was about 12 minutes. That’s the one that pops into my mind, but it’s waxed and waned over the years. I think the crypto guys will slap me for getting this wrong, but I think 12 minutes is what sticks in my mind. So, for a Bitcoin transaction, you get preliminary validation, but then you get—so people will validate your transaction is real, and then you’ll get the full, actual validation where the full quorum of required users or validations comes in.

And so, when you’re performing a transaction using Bitcoin, the receiver of that transaction has to decide how long they want to wait to validate the transaction. A lot of them will essentially receive the transaction—this is online—and they’ll say, so, we’re not talking in-person transactions here, which is also possible, because there’s a lot of crypto debit cards now. The receiver, the merchant, will receive the transaction and they’ll essentially validate the order and say, “Brilliant, we’ve got your payment, we’ll deliver on blah blah blah” and they’ll act in good faith.

Now, something that’s a little bit different than with credit cards, because the risk is taken on by the credit card provider, ultimately, from the merchant’s perspective. And so, if there is some kind of fraud going on, et cetera, it’s either between the merchants and the card provider, or the card provider and the end user.

Berman: Right, right.

Lee: But with Bitcoin, there’s no—it’s meant to be a point to point transaction. So, what happens is, the merchant will essentially, in good faith, continue. But then you might get an e-mail 12 minutes later and say, “Actually, something went wrong with this transaction. Please review blah” or, “We’ve noticed this” or something like that. So, that’s slightly different, but the actual [Cross talk] experience—

Berman: I understand. But just to build on that, let’s delve now into the notion of cyber security and the security of transactions. You know, because you’re a CISO and I know you are a subject matter expert on this. But going back to what I said earlier about the bank robber saying, “Okay, that’s where the money is”—do you think you’re targeted more than traditional finance organizations by organized criminals.

Lee: Well, that’s an interesting question. So—organized criminals. There is a lot of, there is a base of knowledge around how to get around, circumvent, cheat traditional finance regulations. There’s anti-money laundering regulations, there’s ways of spotting that a company is being used as a shell. There’s a lot of ways to stop it at the front door, and then there’s other ways to detect it on the back end.

We are a neonatal organization—sorry, industry compared to traditional finance. But it’s actually harder to perform most of the grifts that you can perform in a traditional bank on the blockchain, but the lack of, in the past, the lack of tying the validation of an actual human to a Bitcoin address or, sorry, a crypto address has been a problem.

So, we are currently, as an industry, catching up. Because in every area that we have regulatory ability—so, we’re given the authority to trade by the regulator. [Background noise] Whoops, sorry about that. We’re given the ability to trade in that jurisdiction. We have to do—we have to do background checks and IDVs when we are actually allowing people to trade—

Berman: So, is the industry itself self-regulated?

Lee: So, in the past, it was, predominantly, because regulators didn’t know how to deal with it. But we are definitely subject to greater scrutiny. So, that’s kinda half the answer.

So, the organized criminals—so, we are the subjective attacks, and I can go into a couple of examples in a bit, but—

Berman: Yes, can you go in—I would love to hear some examples.

Lee: Okay, so we—yeah, we do see fraud. We actually see something called friendly fraud, which is an exploit of traditional banking, which is a pain. So, ACH in the U.S., a user can spend money and then claim to their bank that it was spent erroneously. The bank will not ask the user any questions, and we as the merchant will lose that money.

And so, ultimately, what we have to do is protect ourselves using, really, a lot of AI, behavioral analysis, just various clawback methods. But it’s interesting, because we are dealing with a lot of nuanced attacks where people will be—okay, this is kind of a time when the true intelligence of these criminals comes out.

So, Donald Trump issued $1,200.00 checks to everyone—sorry, taxpayers. What happened was, we found that there were a lot of transactions, there were a lot of deposits of exactly $1,200.00.

Berman: Right, right.

Lee: We looked into that phenomenon, and then we started getting support cases of people saying, “Someone called me, talked me through registering for your application, registering on your application, and then I transferred my money.” They’d been promised that it was a federal program, and if they were to bank all of their check in this federal program, they would essentially get, you know, double their money, you know, insert random incentive here.

And what happened was, because they were on the phone with these people, watching them do all the ID verification, adding a bank account, they then stole their credentials, moved the money instantly, and then moved it again, moved it again, moved it again.

And so, what happens is, you get these poor people who’ve been scammed. Luckily, transactions can be traced and are traced, and we’ve got a fraud team and every reputable trade.

Berman: Why do you call it friendly? [Laughter] That doesn’t seem very friendly to me.

Lee: The friendly fraud aspect is the ACH fraud I mentioned earlier, because you actually have real people who are not being defrauded—I know, it is an odd name, “friendly fraud.” It’s to differentiate it from other types of fraud, because there are very, like, lots of names for those things.

Berman: I mean, this is incredibly interesting and complicated. You know, so, you know, what do you consider the biggest—

Lee: It’s tough, yeah.

Berman: – what’s the biggest challenge for you working in this industry?

Lee: Well, okay, you would expect that it’s dealing with the daily DoS attacks or DDoS attacks, you know, dealing with people pretending to be legitimate customers and actually being money mules. You know, you’d expect that it was something like that, but actually, it’s trying to find crypto engineers. So, in answer to your question—

Berman: Wow.

Lee: – in answer to your question earlier, on people who know how to, for me, talk security with regards to crypto, because there’s a dearth of knowledge about some subjects, but others, it’s just, there’s hardly any.

So, the situation is that you need to have very specialized knowledge and you need to know how to write the code or the currencies, which actually, referring back to your question, there are many, many, there’s thousands—I think, at least count, there was about 2,000 currencies that we’re kind of largely aware, yeah, that we’re largely aware of.

Berman: Wow. So, when you say currencies, you know, like Bitcoin or Monero, there are 2,000—

Lee: Cryptocurrencies, yeah.

Berman: – wow!

Lee: Yeah. Well, that—I mean, I’m sure people will scream at me saying I’m wrong even now, but that’s what I saw.

Berman: I mean, why, do you think there are more of them?

Lee: Yeah. Well, yeah, you have these initial coin offerings all the time. You get private backers who will initially fund a project and then it will go, and if a trading platform will take them on. We list, I think, 62 at the moment, but some of those—go on.

Berman: No, I mean, my brain’s just firing, you’re saying so many things.

Lee: Oh, yeah. [Laughter]

Berman: So, ICOs, you know, initial coin offerings—

Lee: Coin offerings, yeah.

Berman: – why don’t you tell our audience about that? And why are there such seemingly—let me say it this way. Is it a valid assumption that there are very large swings in the value of these coins?

Lee: Yes, yes, there are. So—

Berman: Why is—why?

Lee: Okay, so, you get initial interest—it’s related to news coverage. It’s also related to pump and dump scams, and sometimes those two are related. So, traditional schemes were, you know, time shares, other things. We have our own share of those, and so you have to go to a reputable source to figure out whether a currency is worth spending money on.

But ultimately, no matter how well people are educated, if they something—if they think they have a chance of being in on something that will be massive, they’re willing to throw a few dollars at it. And so, a lot of the speculation and a lot of the loss is to do with that.

So, usually, it’s not people losing large amounts of money on an ICO—usually. Obviously, there’s a caveat there. It’s usually transitory speculators who will put maybe 50 bucks, but you’ve got lots of them, and they’re hoping for the best. And what will happen is, someone will put a limit order on the price of—and this is getting into the trading side of it, now. We don’t actually offer trading facilities at the moment at this level, but we are working on it.

But on some platforms, you can put a limit order on it. So, you’ll say, “Okay, if the price reaches this amount, sell. If it reaches this amount, buy.” And what will happen is, they’ll put out, they’ll tell an influencer, a crypto influencer to say something. The crypt influencer may or may not know better, and they’ll be part of this and it will kind of drive interest in the currency through the roof. Then you have bought low and now, you’re gonna sell high, because you’re expecting it, you expect it to happen. So, you’ll put a limit order on it in the next 24 hours or something. You’ll make sure that it’s—

Berman: Well, I mean, to me, it’s very interesting, because the fact that it’s so secure is a double-edged sword, I think, possibly, because criminals, cyber criminals use—let me say it this way. Is it valid that cyber criminals use cryptocurrency to exchange value for illicit services?

Lee: It is, it is. But it’s also true that people use shell companies and gold transferred for, you know, certain artifacts. In any financial system, that will happen, but you’re right, people will use cryptocurrencies to exchange value.

There are tools that we use, and everyone else uses and the FBI uses and Interpol uses pretty effectively, and I’ll talk about the Twitter hack in a minute. But they will use these tools to figure out—I used to call it, when I did presentations, I would call it the six degrees of Kevin Bacon of blockchain. Because you have Bitcoin wallets—sorry, I’m saying Bitcoin—blockchain wallets and those wallets will have a transaction connected to another wallet, connected to another wallet, connected to another wallet. And through the interactions of those wallets, you can discern risk and you can discern intent a lot of times. You know, did people really mean to do this? Have we had repeated transactions?

There were some—I mean, another phrase, tumblers, there are some services that will allow you to try and wash some currency using a tumbler. So, it disaggregates the sender from the receiver, but they are more and more getting, they’re getting killed off.

Berman: Wow.

Lee: But you mentioned Monero—yeah, for obvious reasons. Regulators don’t want anything to do with them and so, they lose their license and they’re not able to trade and then it becomes an illegal activity and then they get arrested.

Berman: Yeah.

Lee: But you mentioned Monero. Monero is a privacy coin, which means that there are functions inside the coin which make it easier to conceal your identity, and it uses certain functionality that’s similar to tumbling. But it’s not generally used by commerce, there’s a lot less users out there.

And can I just quickly go back to the volatility you mentioned? So, the volatility is more likely on a platform on a coin that has less users and less invested value, because it’s easier to create a swing. A classic one is Dogecoin. I have a bit of Doge myself, but it’s just because it’s a laugh and it’s got a dog as its symbol and my son likes the doges

Berman: [Laughter]

Lee: I think it’s a Shiba Inu.

Berman: Wait, wait, before you go into that, are you suggesting that you are making your financial decisions based upon your, you know, liking of a dog?

Lee: Absolutely, absolutely, because my sons like it.

Berman: Because I’m not gonna invest in you. Maybe I’ll do a platform, but forget it. [Laughter

Lee: Absolutely. So, I’ve got a few Doge because I love the, my son loves these Shiba Inu dogs. I mean, I haven’t, I’ll ask you another—haven’t you got a Zimbabwean dollar? You know, it’s great to have some of these currencies that are just random and, you know, 1 billion Zimbabwean dollars. But sometimes it’s.

Berman: What is that worth in today’s coin?

Lee: Oh, I don’t know—.00002 cents, something.

Berman: Wow. Listen, I live in Florida. I have some great swampland I’d love to sell you if you’re interested.

Lee: Absolutely.

Berman: But more on a substantive note, here—who are your biggest users on your platform? How do you describe that?

Lee: Yeah, we’ve got a bit of a cross-section. One of the founders, a few of the founders’ principles was that people who were not served by traditional finance need a place to be able to transact

Berman: Oh. You mean, like the unbanked or the underbanked.

Lee: I was about to say, the unbanked and underbanked, yes. So, those people—so, classic example. I don’t really want to draw attention to specific countries, but there are some countries where rapid inflation, distrust in the structures, the traditional structures, and the sheer non-value and no trust in the currency has forced people to choose different ways of trying to exchange value. And we see, on our platform, from certain jurisdictions, people essentially buying loaves of bread, just their weekly groceries, petrol or gasoline. So, people are using—

Berman: Wow. Is that a debit card, is that some kind of –

Lee: No, no. What’s happening is, they’re using their phones and they’re essentially using QR codes to transfer using, you know, any given cryptocurrency to each other, and so they can see, “Oh, I’ve just paid you, I’ve got my groceries.” And so, it’s sidestepping that traditional finance role.

Berman: Interesting. Wow.

Lee: Yeah, so, there’s those people. There’s the aforementioned HODLers, people who basically grab it and hold onto it and then occasionally, they’ll see a new currency will come out and they’ll say, “Oh, I’ll just spend a little bit more on that.” But ultimately, I might want my cold storage—so, there’s hot storage and cold storage. Hot storage is something like Uphold, you are connected to the Internet and you are able to trade easily and you can do stuff. But you also are subject to the risk of someone hacking your account and doing stuff that you might not want. And then you’ve got cold storage, which usually relies on physical controls. What I particularly like is a Ledger Nano, but there’s Trezor out there as well. But you’ve got a nanodevice, you—

Berman: A physical, like a pod, or—

Lee: It’s a USB—yeah, it’s a little USB and there’s Bluetooth ones now. And you’ll plug ‘em in, you’ll use an app to transfer, to basically give you a secure Bitcoin address. You will then go to wherever you buy your Bitcoin and—let’s just say Bitcoin; cryptocurrency, but I’ll say Bitcoin.

Berman: Okay.

Lee: I seem to be going [Cross talk].

Berman: No, I mean, it’s how I began. I [Cross talk] I’ve always just called it that. But, you know, as you’re talking about the user experience, you know, how do you decide in your role as CISO between usability and security on the app?

Lee: Yeah, I know. It’s tough. It’s tough because you’re trying to make the app easy to use, you’re trying to make it as interoperable with other apps, because we have a partner program, and you’re also trying to make sure that the people who use the app are secure.

And so, there’s, on the website, there’s two sections to the security section. There’s like, us protecting you and you protecting you. And there’s always a big debate about whether 2FA, two-factor. I just have to say this, two-factor is not an e-mail address, everyone. Some people try and argue it is. It’s a disaggregated step, and so, if you’ve got e-mail to reset your password, you know, that’s not a disaggregated step, that’s you using a password combination.

So, you’re using a password, 2FA, you’ve got biometrics, you’ve got the usual slew. SMS is the most known but has some variable flaws with it. And then you’ve got TOTP, which is your Google Authenticator app, which is a little bit of a pain. You need a separate app to use it.

So, ultimately, we have to decide what to do as a baseline, you know, what we make all the users do, then we have to decide when we do that. You know, do we do it when people onboard onto the platform ad we just get the pain over with, or do we say, “You know what? We’re gonna make it easy for you to get on the platform and we’ll do it when you wanna deposit funds,” so, when money is changing hands? Or do we wait until you wanna move money, you can put your money on the platform, you can spend it inside our ecosystem, but then when you wanna move that money off, you have to authenticate yourself.

Now, there’s debates around usability versus security, fraud risk versus what’s reasonable, what regulators require, you know, the letter of the law versus the spirit of why it was written, et cetera. And so, we have to—yeah, we have to change our focus depending on what our users need. Usually what we want to do, especially now, we’re trying to support the underbanked, so we’re not talking tons of money. You know, you have lower thresholds and you’ll say, “Okay, just like voting, if you’re under a certain threshold, we don’t require that you go through a crazy IDV scheme, which is gonna require documents you may not have or to have them put you in danger in a certain jurisdiction. But above that, it’s reasonable as a provider to ask for various levels of verification, because we’re dealing with larger amounts of money and the liability is greater.

So, a risk-based approach is the answer to your question. [Laughter]

Berman: Well, that’s a great answer. And so, as we’re kind of coming to a close here—I could listen and learn from you for—

Lee: And know, and I’ve realized I’ve half started a lot of subjects

Berman: – for weeks. No, no, I would love to have you back on at some point down the road and we can continue to unpack this incredibly interesting and important change in the whole world.

So, maybe you can share with our audience a little bit about who your customers are. Are you primarily B2C, so, you target consumers, or do you have business to business transactions, or do you deal with the government or all of the above?

Lee: Okay. So, at the moment, we are what we like to call B2B2C, but we have a large B2C. We have basically direct relationships with our users, and we also are trying to ramp up the partner program that we have because, ultimately, it drives business too our platform. And what we are, fundamentally, is a wallet with rules and security and we wanna make sure as many people as possible can use that.

And so, we—yeah, I would say B2B2C is the way we’re designed, but because of that, end users using our app or the webapp or the mobile app ultimately are our customers and could be businesses themselves. So, we try and treat everyone similarly. Businesses go through a lot more verification checks, obviously, but end users similarly so. So, it is a mixture.

Berman: How do you dimensionalize Uphold? How big are you, how would you explain that, you know, with the—I guess the question beneath the question is, to convey a sense of confidence and ability?

Lee: Right, so, yeah, that’s fair enough. We—so, one of the things that conveys confidence in our platform, we were one of the first, I believe the first crypto trading platform to provide a transparency page. It’s been there since 2003, it’s still there today. It shows that we are over 100 percent capitalized. So, ultimately, we don’t multispend or allow people to multispend. That, in order to transact on the platform, you’ve got to have the money there. If we were—if something happened to our company, all of the money is all there. Other sites sometimes don’t do that. So, the capitalization is there. Your money is essentially safe. And we’ve got, I think the last time I checked, $120,000,000.00 on the platform, and that’s a mixture of traditional metals, aside from the digital metals I talked about earlier, and then we’ve got the fiat currencies and all those cryptocurrencies I mentioned.

We’ve been around for a long time. We—you know, in this space, they say a long time, you know, two years is an eternity in crypto.

Berman: Right.

Lee: But we’re known, we’ve got a good presence, we take as good as we get in the Twittersphere in terms of when people say that we’re doing something wrong, we take it on board. We’ve got a good Trustpilot score. I don’t know if people are unaware what Trustpilot is, it’s an independent agency that allows users, anyone, to complain about an entity, and the entity then has a right to reply. I happen to know that our COO and President takes an active interest in these replies. And so, we’re there to make sure that people aren’t upset and aren’t causing a Twitter storm, because we make sure that we respond and we fix things that are broken

Berman: Wow.

Lee: And a lot of times, you know, fraudsters will take advantage of that, because they’ll claim that something has happened to them in order to try and force us to overlook or maybe just kind of rush into rectifying them when they have actually caused some problems for either other users or us as a platform. And so, it’s a tightrope. You know, we invest heavily in the people on the anti-fraud side, and we’ve got a decent support tea

So, I don’t know. I’d say that the Twitter, @UpholdInc is our Twitter handle, and if you just tune into that handle, you’ll see how people talk about us and to us.

Berman: Wow. Well, this has been so incredible. Let’s do a series of shows, maybe you can invite some of your colleagues, some of the thought leaders in your industry, you know, to share their insights to really help answer the question—cryptocurrency, you know, fact or fiction?

Is there anything else that you’d like to add to amplify your mission?

Lee: I just think that people need to try this out as an industry. There is a lot of—there’s a lot of problems associated in the press with it. Like, I was gonna mention the Twitter hack—we actually have seen that the FBI has found the people who hacked Twitter based on tracking where the money went when people fell for it

Berman: Oh

Lee: They made—how much did they make? I think it was only like $12,000.00. It was peanuts compared to what they could’ve made

Berman: Wow.

Lee: But ultimately, they could tie back the entire hack, which, the hack was sophisticated. The method of extracting value from the hack was very unsophisticated and so, that bit them. And so, the FBI they’ve basically found who did it now, or they’ve found suspects, shall we say.

Berman: Wow, yeah

Lee: And so, there is an entire cottage industry that’s grown around detecting fraud and detecting bad behavior. And I think it’s actually gonna be much better and cleaner than traditional finance, because traditional finance relies—if you wanna subvert traditional finance, it relies on bribery, it relies on contacts. But we’re, everything is tied to private keys, which are protected and more verifiable than your bank manager’s background. I think it’s a good way forward, and it’s shaking up the entire industry, you can see it, financially.

Berman: Wow, function. Wow. Well, Paul, thank you so much. I have, since you mentioned your dog, you know, reference and how motivating it was, and you know that I’m in the comic creation and animation business amongst other things—so, who is your favorite superhero and why?

Lee: Ah. Alright, okay, it has to be Thor, because he’s got a bloody big hammer.

Berman: [Laughter]

Lee: There ya go.

Berman: Indeed. Well, you know, on that note, for more information, we’ll include Paul’s contact information in the show notes and Paul, thanks so much for this incredible show.

If you would like to be a guest on our show, just send an e-mail to gary@cyberheroescomics.com. Thanks, everybody. Have a great day.

Lee: Thank you.