Jason Fernandes, Co-Founder of AdLunam dives deep into the world of Web3 security, audits, and KYC with Thanos Tsavlis from Cyberscope!

With over $1 billion in investor funds secured, Thanos shares insights on the importance of smart contract audits, KYC, and how blockchain projects can stay ahead of emerging threats.

Tune in to learn how to safeguard your assets and build trust in the decentralized world!

E88 - Audits, Hacks, and KYC : Inside the World of Web3 Security

SPEAKERS

Jason Fernandes, AdLunam Inc Co-founder

Thanos Tsavlis, Co-founder and CEO of Cyberscope

Hello everybody. We're just gonna give it a quick minute for the room to fill up. We normally have hold music, but want to make sure that you know some of our guests don't start snapping their fingers. But yeah, we'll Get Started very soon. Alrighty, can everybody hear us? Okay, if you're just tuning in, drop an emoji do in the chat, just to confirm tan, ask if you could unmute and say a quick hello, just to see if your mic is working.

Hey, everyone

awesome. Okay, let's get started. Okay, everybody, before we begin, got some exciting updates about upcoming events where AdLunam will be making waves, I'll be moderating a panel at the IFX Expo Asia on September 17, on crypto in Asia, the world is watching. Will be on a panel, moderating a panel with SB Seker, Vice president at crypto.com, kamalika podar, founding member of data and product at lxme, Su lyn, Syria, binance link at binance, and also Andrew mutushkin, Head of Global Business Development at B2B Broker. So if you're in Thailand, this is the event to be at. Hope to see you there. Altcoin Observer will be a media partner at IFX Expo. Also On September 16 to 18, and my co-founder and I, Nadja Bester will be at token 2049 Singapore next week. So if you're around, let's connect. Already. Fantastic. Without further ado, welcome to episode 88 of Diving into Crypto. I'm your host, Jason Fernandes, co-founder, AdLunam Inc. and to help us navigate this exciting topic, we have very special guests Thanos Tsavlis, co-founder and CEO of Cyberscope. Cyberscope is a cybersecurity blockchain company specializing in smart contract audits and KYC over 2000 audits completed and strategic partnerships with coinmarket cap tasters and coin Gecko cool. So let's just get started. Thank you so much for joining us, Thanos. Why don't we start with maybe you could tell us a little bit about yourself, maybe unmute and say hello.

Thank you, Jason. Thank you for having me. Hey, everyone. This is Thanos. I'm the CEO, co-founder of Cyberscope. Few things about myself. I live in Greece. I've been involved in software engineering over the past 10 years. I've been in crypto over the past five and I have experience in developing complex solutions, software as a service, and Cloud Scale products for enterprises with Cyberscope, we've been around for the past four years and being in cybersecurity.

Alrighty. Thank you so much for that quick introduction panel. So I'm just curious, how did you personally, I know we have a lot of questions. We're going to get into cyber school quite a bit, but just before we get started, how did you personally get into crypto and how did that switch flip for you?

I think it's like most of us, you start with trading. I wasn't aware of the technology some guys that I know just was talking about this Bitcoin, this Ethereum, all this Cardano, you know, all these buzzwords from to me at that point. And you know, when you hear about something, you want to explore it. You want to investigate and see for yourself. So I started basically as a trader, like 6, years ago. I did, like, small crypto investments, and day by day, I was reading on what I actually invested. So I was like, Okay, let's see now. What is that? What is node? What is the centralization? What is this technology that works behind crypto. So I think the switch clicks on me when I understood that this is the next big thing. This is like the next independence. And I mean, this is why we call it web three. This is exactly how the next internet is going to look like. So this was, for me, the turning point that I knew how to switch all my focus on web two and traditional software engineering and product development. Into web three and the blockchain,

awesome. No, I mean, it's really important, because everybody that gets into that gets into web three usually enters from, you know, a different perspective. You know, some people are very attracted by the idea of decentralization, like the sort of freedom and sort of democratization that comes from decentralization. Other people are sort of really into, you know, just a privacy aspect of, let's say Bitcoin and financial transactions and like and other people are, you know, really into the technology. I'm curious what sort of got you passionate about web three. I mean, what were you doing before you jumped into web3? And sort of how did that transition occur?

So before I was working as a lead software engineer, I was a code basically, and that was built in code building products for property companies. When I transitioned was, you know, the more I saw, I learned about crypto and the blockchain, the more I wanted to try something out. So there wasn't so much material, reading material or courses back then you had to, like, do some research on your own and try out and break things, and then you figure something out with how MetaMask works, and, you know, with efforts and some libraries. So this is, this was like, what got me passionate? I built, like, a small crypto listing website, if you can call it like this. And I saw the potential of this technology and what problem it solves. Because you know, you can talk about technology, but I like to speak simple terms that you know listeners can understand. And the main problem that blockchain solves for me at that point was payments, if I. Want to send like, $1,000 to my friends in Singapore right now and again, I'm in Greece, I would have to wait three to four business days, maybe longer, if it's weekend, it would have to take, I don't know, like, $50 fee from my Greek bank and something like that from his own local bank. Now with Blockchain, I can send him the equivalent amount of money in crypto in a split second. And there is no intermediate taking profit out of this. There's no middle man, like alienate the middleman. Now this was, like, super passionate for me, because it's like, the next new thing. You know we're going this way. You just don't know how it's going to happen, how it's going to get regulated, compliance email. There are so many security aspects that, of course, are great case studies. But for me, it was payments. Payments was like turning point.

Yeah, you know, it's crazy, because that that is how it is for a lot of people, people that don't really live in the US, people that you know don't really have that smooth sort of payments that people have, you know, in more developed countries, they couldn't even imagine the kind of issues that you know, some of the more developing countries have to go through when they send funds. I remember I send sent funds to a Chinese company way back for some LCD screens, as I was developing a product, and I had to fill up like 30 pages of paperwork, multiple signatures, before I could just transfer my own money over to this Chinese company so they could send me like five LCD screens. It wasn't a huge order too. It was like about $200 worth of LCD screens, but the amount of paperwork was just, you know, insane. And so I think if you have any sort of encounter that firsthand, it's very difficult, it's very difficult to understand the where, you know, a lot of compete, a lot of people are coming from, if that hasn't, you know quite happened to you, you know, but curious about when it when it comes to Cyberscope, specifically, why do you tell us more about that, and sort of how you got into, sort of the whole aspect of security audits, I'm assuming maybe you know you're passionate about security, or perhaps somebody you know got scammed.

Yeah, I think it's a combination of both. So I got scammed multiple times when I was trying to trade back then. So I had, like a job. I had my grading project in crypto, and of course, I was a trader, but I would lose money all the time, and it was mostly like scams or honeypots or things that I could not control and I could not understand why. So when you start and because, again, I'm a coder, my colleague was a coder as well. So it was like two technical people starting out something new. So then we started reading the code of the smart contracts, and because we also have background in cyber security, this was, like really easy for us to pick up mistakes on the code, or pick up like safety functions that would jeopardize the project later. So this is how it all started, like we tried to assist a few projects. We would like go out little public telecom and say, Hey guys, there is an issue in the contract. Please fix this, or the contract will bug will get exploited. And then we were like, Okay, if we can do this so well, let's why not sell the service and do it as professionals? This is how Cyberscope was born. Now, Cyberscope is multi scale cybersecurity company. We work all around the world. We have like 30 employees. We've audited almost 2000 projects, and our main service is still smart contract audits. We support multiple products, and we also do KYC. So this started as like a very, very small thing on security and now scaled into having security products, security services teams traveling all around the world, who will also be in Singapore. By the way, I love to meet you in person, in Token 2049.

Absolutely for sure, should definitely meet you.

Uh, yeah, I think that that covers most of the company updates. And I don't want to take the time and promote products or something. The high level picture is, you know, we're doing audits and we're protecting universal funds from exploits and scams.

Yeah, awesome. I mean, I'm just curious, you know, in your view, how important is security when it comes to the web3 space, why is it a top priority for projects today? You know, I've heard a lot of projects that have, you know, some of which have actually even been audited, but have still managed to have, you know, be exploited. You know, funds are drained from wallets. What is the, what is the sort of solution to that, like, what, how do companies address, do they look at doing multiple artists, how did, what's the sort of best, best practices for a company that's dealing with, you know, that really. Wants to promote a sense of trust in their products.

Okay, that's good question. So first of all, while, security is top priority, and just I'm gonna answer because I like analogies in the example. So if you were to jump off an airplane with a parachute, wouldn't you want to check if your parachute works with only jump. And this is exactly why it's a top priority. And what we're doing, we're taking parachutes for people jumping down from airplanes, in a way. Now, as you said, yes, there are cases where projects have been audited and still can experience exploits or leaks. Now it's a combination of things. The most usual thing that we notice when there is a notated product that still get exploited, it's that it's not fully audited. So project owners are doing an audit for their own reasons. They don't get the full code base audited, they will get like, a small portion, like 10% and because they do it just for the promotion from marketing just to tell investors. You know, investors should not be technical. Not everybody can read the audit, or everybody can understand the code. That's why you need an audit for that. So they just deceive investors. You're telling them, okay, it's safe, don't worry, it's safe, but it's not tested. They only tested 10% so this is like one way why this is happening. Now, of course, it can still be fully audited and get exploited, because people can still make mistakes and miss things. It's not that often, though, and the solution to that is, first of all, yes, having multiple audits. Then security is not a one time thing. You need to do monitoring, you need to have bug bounties. You need to have, you know, you work on prevention as much as you can, because if you experience an incident, it's very hard to recover both the assets and the public reputation too.

Yeah. I mean, if you get hacked, that's pretty much the end of your project. It's just the or even any sort of draining of funds could be, you know, just PR wise, a complete disaster for a company, you know, I mean, they you can't really recover from something like that. But in terms of security challenges, and when it comes to blockchain, like, what are some of the biggest security challenges you see when it comes to this space, and how can the industry, you know, address these? So for example, you have these really, really big examples, particularly of bridges and things like that, where those where funds have been completely drained, and it seems to happen with some degree of regularity. So what is, sort of some of the biggest security challenges that you've seen when it comes to blockchain, and how do you think the industry can address those?

So first of all, I think smart contract bugs is the number one challenge. You know, because when we're talking about blockchain, Blockchain coding, it's not just computer science, it's the combination of advanced math and computer science. So the complexity of understanding how this thing will work is like crazy hard, and you need a lot of man hours spent on finding the backdrop, to hack the system and so on. So we still think parts in the code. And if we can see bugs in the code for when we audit code, you can expect a lot more from the contracts that have not been audited. And this is why there is this. Hacks get exploded, not only just of that, but mainly because of that. The second thing is private key management. We've seen a lot of hacks actually from poverty, being stolen. And this is an effect of fishing as well, like social engineering, because this is not a web three challenge. This is a global challenge. This exists in web2 as well. If you as long as the person has access and the person has, you know, sometimes you need some critical functionality, critical function on your contract that is a lot of centralization and high centralization risk, but you still need because that's how you operate. In that case, you need to protect your keys. If someone gets your keys, they can just drain the whole liquid. They can ruin the whole project. So we've seen a lot of hacking in keys and a lot of facing attacks as well. Like you get the email instead the SMS or mail drops. We've seen so many air drops, fake air drops, of course. Now, how can users get protected with that? Again, it's a combination of things. It's a unit, objects. You need security tools, and mainly, you need education, because the only way you can prevent being hacked personally your private keys or getting being a victim of a fishing attack is understanding how they can scam you and understanding the fishing attack when you see so it's a continuous. Versus your forever students, you're learning and learning and learning not to not get cut.

Yeah, you know, in fact, even some of the bigger projects, in some of the bigger companies, like wearable, you know, then you have to start thinking about it's not just the smart contract and auditing. It's also about the logic of how those things are put together. So, for example, wearable, we had an issue several years ago, a couple years ago, actually, maybe it wasn't even that long, but we purchased bidder on a domain on wearables auctions. And one of the interesting things about the way auctions work on wearable, although they may have changed it by now, is that when you connect your wallet. You connect your wallet specifically to the page that you're auctioning. The page of the auction that you are you are participating in, which means that the centralized entity, in this case, being wearable, has full information of all the potential bidders for a particular for a particular NFT, for example, and they know how much funds are in each of those wallets. So for example, as soon as they connect, as soon as one connects their wallet to, let's say, that page, they know exactly how much, how much funds are in those page. And so basically, they're able as a centralized entity. If they weren't wanted to, they could just come in with slightly more funds than the highest amount is that's in a wallet connected to that particular bid, and then be assured of winning that that particular auction. So even though the people have to really start thinking about how the logic of a system works and whether that leaves them open to, you know, even centralized a exploits from the people even hosting the service, for example.

Yeah, that's another great example. I tell you so many unpredictable, unpredictable things that can go wrong, and this is why extensive testing, testing is necessary, and you don't just get an audit two days before deployment, you need to be testing those things like a lot a long time ago, while you're still on end of development.

Yeah, exactly. So how do services like KYC as smart contract audits build trust with investors and the community? Also, I'm curious, what are some of the more egregious situations that you've come across, of exploits where people have been hurt and lost funds, for example.

So this comes back to users not necessarily, having the knowledge to understand, to read technical papers and audits. So what we need to do is to provide trust to them and to the community so in a way that they can understand. Now, this way is an audit report and the KYC. KYC, for the audience that might if they're not familiar, is not your customer. It means that the project owners some part of the team of the whole founding team depends on the scope of the KYC, will send their credentials, will get in, do some zoom interviews to verify that we know, we know who they are. They are not actors. They're not lying. They are who they say they are, and they have like legit purpose to build this project and growing so, if a project is transparent enough to show their faces, to share their physical address, sign papers that if anything happens, if they try to exit scam, that they will be legal Chase, and if they also have an audit, which means that the code cannot be penetrated, or, you know to their knowledge, this means that they really believe the project will grow, and they will really dedicate their time into the prosperity of the project, because we've seen so many projects like going to going live, and then a week later, nobody talks in social It's like they're being stranded out there. This is what we're trying to avoid, because people will go after the hype. And you know, when there is hype, there is money involved. So it's not about getting the quick cash and just disappearing. It's about building something and proving yourself that you can build this thing and not run away. Now, regarding the question like, what we have seen about scam cases, and we've seen a lot over the past four years, and we've been hired as well to track hackers from cases that were not our clients, and tell you that there are a lot of safety people out there. There are a lot of factors. They're gonna hire actors from anywhere in the world to pretend that they are with they are some different guy. They will use AI. We've seen a lot of deep fake scams. We've seen AI generating images of people, but they don't, they don't really exist, and they're trying to fake the system. And this. Results in people using a lot of money a lot of time. Was in many cases where there was like pre sales, users would AP, they would invest a lot of money, thinking that this project looks legit, and then a week later, the project owners just disappeared with liquidity and nowhere to be found. That you type the name, there is nobody in Google search or in LinkedIn or any social network. That's why you need the KYC in unity, the auditivity. If someone comes and they have a KYC, and who sees cases like that too, then the legal lawsuit there is the police that will go after them. I mean, these things take time, of course, but there will be follow up accidents, and they will end up having trouble. You might not get your money back, but, you know, they will pay the price, most likely, if they come and their dogs,

yeah. I mean, I think that's really important. I mean, what you're saying is, regardless of what somebody, what somebody might do, for the perspective of smart contract auditing, you can, you know, really protect yourself from bad actors. The only way that you could is basically KYC and then trusting the legal system to be able to go after that person, you know, if, if and when they're able. So at least that's sort of the final the last frontier of sort of fighting back is maybe the at least, if we know who the person is, you know, we can start looking into finding them and tracking them down when you when you have such complex blockchains, ecosystems and some of these blockchain rails are very, very soon going to be, you know, part of the broader financial ecosystem, right? We've seen, we've seen so much contagion between, you know, the crypto world and the traditional financial markets. That, how that, how do sort of these larger blockchain and crypto companies, once they become so, so integral to the entire financial system, does this? Do people like that have to? Then think about it being mandatory for somebody to do for security audits to happen when maybe by regulation. Do you see a world where maybe regulation forces companies to do security audits, particularly when they're dealing with large quantities of funds, for example, or maybe they're dealing with a part of the of the industry that could affect, you know, the broader financial world, and then sort of, you have problems in the crypto world that could sort of bleed into the broader financial markets. Do you think it could be we could get to a point where, because of this risk regulation, sort of starts mandating security audits?

Yeah, I think we've already, in a way, progressing towards this era. We already have clients in El Salvador in Mexico, where it was audit for stable coins. So, you know, projects that needed government stamp and compliance, so it was a requirement for them to get an audit. So they needed an audit to make sure that the money investment funds cannot be drained. So this is, this depends, of course, on countries, regions, jurisdiction, compliance and laws. But it will happen more and more. There are regulations right now being from the states in Europe who have Mika, and it's a crypto compliance that will coming up next year that will enforce all blockchain operating companies to register. And of course, next, next stop is then having audits when you have decentralized apps working and collecting money. So I totally agree, audits will be a thing. They will be required. It's a mandatory step. We see central exchanges asking for that as well. You can increase in binance. If you don't have an audit, they will. They will just not risk their random talking getting there, not just binance many central exchanges, of course. And regarding KYC, it's a bit more tricky, because, you know, here we're talking about GDPR and user data. There are ways. There are decentralized IDs zero knowledge proofs, but even traditional KYC with full access, again, based on the region's compliance, they might be mandatory. So for some countries who might see audit being mandatory, KYC being mandatory. In some other countries, maybe in the KYC, it's going to be a little less strict in terms of compliance.

Yeah, you know, you mentioned penetration testing earlier. I'm just curious what role that plays when it comes to web three projects, how do they? How does it sort of simulate real world cyber attacks? And what is the relationship between penetration testing and smart contract artists do all the all the smart contracts. That are audited by your company. Do you then go back and sort of perform penetration testing on the companies themselves and their product, or is that a separate sort of thing that people tend to maybe contract you guys to do?

Okay, so, yeah, it's a separate service. And the reason for that, it's because it's situational. Let me explain first. So the smart contract. A smart contract is an independent block of code that would be deployed in the blockchain and run forever. It cannot be changed. Now, how to access the smart contract, you need to go through either through the blockchain explorer or the more traditional way, through a UI user interface. So for example, you are interacting with Uniswap, and then you're trying to trade or Stake your tokens. You're interacting with the smart contracting in the background. So here is how pen test is useful if you wanted just the contract and you don't do a penetration test on client facing websites, then Peter interact with contracts. Then they can be they can be attacked. And even though your contract is legit, you can still get hacked. And we've seen that a lot. We've seen domain hacking. We've seen hackers getting into similar UI and just interacting with their own contract. So let's say, for example, you're trying to trade your USDP into if to Uniswap and someone has hacked Uniswap, you won't be interacting with their contract. You're interacting with the hackers contract. So this is why pen test is very important. If the smart contract interacts with the website, it's really good practice and security measure to also do a penetration the website. It involves. This was just an example. There are several ways you can get hacked through traditional attack, and this is penetration testing, but, yeah, it's a different service. We've always encouraged, encouraging the clients to do this as well, in combination.

Yeah, so basically doing them as a sort of pair smart card targeting, and then followed up very quickly by penetration testing. Exactly cool. So cyber security, you know, is constantly evolving. What are the trends and innovations in blockchain security that you are sort of most excited about right now. So we really look at, you know, horizon, what, what projects and what, what technologies on the horizon, and where the industry could go. So I'm curious, you know, what is the stuff that you think is the most exciting that you've seen and that you're excited to see implementing new industry in your specific niche.

I think I mentioned it as well, even though it's proof, just quickly for the listeners that might not know is this is validating user information without revealing the information. This is like a new protocol that's been developed over the past years, and this, this protocol is very breakthrough in terms of security. It's, it's something that a lot of projects are building on. There is polygon ID. There are several projects building on top of zero knowledge. I can another trend is real time monitoring. And I mean real time monitoring is not correctly, it's a technology, but it's a process. It's like how you would see the attack being suspicious activity on the smart contract, and then you have some measures, some function in the contract to prevent being attacked, like stop the transactions, protect the liquidity. So this is like a real time protection. Because if you're trying to stop the hacking, and you don't have some automation, it's impossible. This thing is happening seconds. So you need to have something set up if, if they manage to go on to that level. We're seeing a lot of innovations. I think it's going to be combination of existing technologies and new technologies being created. AI will certainly play a role in security as well. It already exists in decentralized applications for both development and security. We're seeing a lot of pattern recognition and blacklist checking for suspicious transactions in wallet. We've seen in automated scan. We also have a product that is can contract automatically. So there are a lot of breakthroughs. I'm really looking forward to see how it will unfold in the future.

Yeah, you know, I bumped into a developer the other day and one of the things that they were mentioning is, is that they felt that there was probably a market for a blockchain that allowed people to reverse transactions based off of certain if they were, let's say security implications around those transactions. Or, you know, let's say enough people agreed that that. That certain transactions were fraudulent. I'm curious if you think that the permanence of transactions is a core feature to blockchain and blockchain payments, or do you think that that that it's just a question of immutability and the fact that maybe that there's a there's a record, and then later on that right the blockchain, there's a record for every transaction. And even if a transaction fails, you can come in there later and the record to that. Or do you think that the transaction itself has to be permanent? Is that? How important do you think that is some from a perspective of a chain?

Okay, it's a tough one. So let's see the concept of blockchain in one of the you know when, when you used to see how it gets beats, its immutability, as you said. So, you know, the fact that cannot be changed is like something different, something that really useful, and the very interesting use case. Now, of course, for security reasons this, this would help having transactions inverted, or a blockchain run on, on a scope like that, but we have to think of the long term implications as well. Like, there has to be significant delay on the transactions. Like, because if, if I send you some money, you send them, like, 1000 transactions in 10 minutes, and one hour later, someone says, Let's invert everything. How is it going to work? Imagine the landscape. Implications are catastrophic, especially when we're talking about cross border jurisdiction transactions. Because I sent you something from Greece, you can be in Singapore, the other guy can be in the States. So how it's gonna work. I think it has. I think personally speaking, and like this is my philosophy, there should be an immutable state, and after that, if you want to have a scope with revenable transactions, it should be hybrid model with off chain mechanism so you can combine on chain and off chain. And I think we're gonna see a lot of hybrid models coming up before we see a full ons solution?

Yeah, I think maybe, you know, something similar to the way credit card disputes are handled. And then maybe you could look at, you know, having some sort of neutral parties to determine whether you know a transaction is fraudulent, or maybe it goes into some sort of escrow service or something like that. Maybe that'd be an interesting sort of way of dealing with that.

Yeah, that sounds like a possibility that it could handle payments. Of course, there is again, the little man, the guy in the middle, and fees and so it's gone. Always going to be battling with the fully decentralized solution. But of course, it's possible, and it's also a large amount of issues as well. They can both work.

Yeah? So when it Yeah, for sure, I think it's definitely worth trying. I feel like But with the rise of defy and with web three expanding so quickly, I mean, it's such a complex it's such a complex topic, and something that increasing in complexity exponentially, particularly when, let's say, a company uses, you know, they plug into, let's say different APIs, and they maybe are exposed to security risk outside, their own direct outside, let's say their own Direct smart contract. How does you know? How does smart contract auditors and people interested in security ensure that she's really these, these new technologies are being secure?

Okay, so it's a combination of many things. I think so, with the rise of defi and, you know, so many web 3d apps coming up and working autonomously. There is no compliance, so nobody can regulate and get the way for us, for security providers to help them and to protect investor money is to always suggest like the security playbook. So we need smart contract audits. We need backbone programs. We need penetration testing. You need a full architecture review, because again, we're talking about defi solutions, but we're also talking about hybrid solutions, who have a lot of off chain hybrid models coming up over the past year. Then there is a real time threat intelligence platforms, regulatory compliance systems. So all of that need to be applied in a way that makes sense, both for the company and for the users. This is how you protect the crowd from one person. And I think this is a must. This is like a checklist when you start, when you build your own project, when you go live and you're gonna decide that you're gonna fundraise, you're gonna accept other people's money. You have this responsibility to be providing the best security to investors. You don't just take their money and, you know, toss a coin and risk it 5050, if it's gonna get hacked or not. You need to do your own due diligence?

Yeah, you know, it's difficult, though, for a lot of retail investors, trying to figure out, you know, whether something is secure or not. And I guess the question I was, I was asking earlier, was, when you have, you know, multiple smart contracts interacting with each other. So for example, let's say I plug into chain link, and I'm pulling data from there, I plug into some of these oracles, or, let's say, I'm providing data to a completely different because, let's say my contractors interact, is interacting with another contract and is exchanging data for whatever purposes. When you have these sort of multiple different services, Daisy J chained together, to some extent, you're trusting that the other guy, smart contract is fine, and then you have, like, but, but as the complexity increases, like, how does one even have a sense of what exactly you risk, the that they're possibly exposing themselves to, and then how to protect from that?

Okay, okay, got it. I think it's the same question. If I ask you, like, why do you trust the current payment system with visas right now, on credit cards in the background, have like, 100 providers and merchants swapping APIs and doing checks, and this is how the system works. Now, the responsibility for the project owner when they're interacting with multiple providers, multiple smart contracts, oracles. It's they have to make sure that their partner is reliable and reputable partner, but they have their audits and that they're good to go. Because, as you said, as an end to end user, I don't know what happens in the background. I can be interacting with the app, and this DApp might be using like, 20 more partners on the background. So how do you protect against that? This is why I'm gonna mention again, real time monitoring. Because with real time monitoring, you can stop at the final stage the liquidity. Like, even if something fails in the pipeline, you can still put a stop and prevent some, some potential losses. Of course, it falls being into the project owner's responsibility to do the research and make sure they integrate with the right APIs to make sure they test the system in the sandbox before going out live. But these things will happen. I think we saw that like last, last two months ago, or was it like last month with Cloud strike incident with Microsoft? I mean, this was like a Ingram, just like that. Microsoft is using so many pumpkins in the bank in the background, like one of them failed one update, and the sequence of events was catastrophic. Guidelines not being able to operate, payment systems falling down. So it's a huge problem for everything, not just for blockchain.

Yeah, for sure. And I think so let's, let's zoom out a bit. I know we've talked a bit, actually quite a bit, about, about security, specifically when it comes to blockchain. But I mean, you're, you're somebody who probably very closely observes general industry trends, whether that's, you know, DID. You mentioned DID earlier. You mentioned ZK proofs. I'm curious. And then, of course, we haven't even talked about AI in this in this podcast, which is probably surprising to most people listening. But I'm curious, just in general, when it comes to web3 and or even maybe AI for that matter, like, what is the most What are you interested in looking at? What are the most cutting edge technologies that you're just sort of observing and seeing? Hey, you know, this is something that could, that could possibly change the industry or have massive, massive impact, let's say outside of security even, for example.

Okay, so general blockchain, not, not, not security wise. Okay, so I think supply chain and logistics is gonna be totally over run by blockchain. Blockchain solves a huge problem there, and it's gone. It's already been processed and integrated in multiple companies. AI will play a role, and it already is in development. We're seeing more and more code being developed, and I'm not talking about security, just building, you know, building the code, building applications, building smart contracts they are. They already replacing a lot of manual what else? Let's see, so personal GTP ID, decentralized ID now, again, not for security reasons, but because of the convenience of it. So you travel around, you go all around the world. You don't need to when you need to integrate with the app. You don't have to give your whole credentials. You don't have to give your passport. You can just work with decentralized ID. It verifies that you are European, male, 35 and you're just good to go for this specific application. There are plenty of. For use cases. Do you have some let me ask you back, is there something that you monitor and you think it's gonna it's like, very honestly,

no, that's a great question. I mean, the thing is, is, I've been watching sort of, you know, this whole telegram thing with Babel Durov and the drama around that. And I'm curious whether, you know, we think we will ever sort of get that find the proper balance between privacy and security and whether there's, there's maybe a structure that hasn't yet been built that is not sufficiently that is that could be decentralized enough to where, you know, it's completely it's completely censor less. Censorship list cannot be censored, for example, probably is a better way of putting it. And also can have sort of private, two way communication. I think that maybe, you know, you mentioned D ID as a way for travel and things, and I think that's probably one of the good use case. But then maybe even, you know, just communication between two people, being able to verify that you're talking to the right person and then have that on a in a decentralized way, right? We take for granted Facebook Messenger and WhatsApp and our chats. You know, I mentioned this on a few podcasts ago, that I had a very close friend, and my entire chat with him was deleted. Shortly after he passed away by Facebook, they just automatically went in and like. For some reason, I guess the counter was dormant. And so all these messages and these memories and things that you think you own, you know, I feel like, maybe we don't, and it's really owned by a central, centralized entity, a central identity, for example, that could ban you, like, like, let's say x, for example, could ban an account, and then you could have years and years of communication on your on your messages. You don't have that anymore, you know. So I'm curious, very, very curious to see how blockchain solves that and the privacy and decentralization question that I think is really, really come, come to the fore with this whole, with this whole telegram issue. I'm curious if you have any thoughts on that.

Yeah, I have been monitoring the drama as well in terms of end to end encryption and messaging. And I don't know, my personal view is that users don't actually want 100% decentralization, because this comes with unstated risks. Of course, I respect user privacy and censorship. And you know, finished speed, everybody should be able to speak their mind and not being filtered by the algorithm or by the government, or even cases like the ones you said, where you know chats were in, memories were deleted. The problem that organizations and governments have when dealing with this stuff, and that's why they reply. They impose these regulations, and compliance is how to fight terrorism, because, you know, you don't want to open the door into criminals and terrorists to be able to openly communicate cross border without being censored. This is the main problem. If there was a solution to that, I think the world would be transitioning to decentralization in a way, in I'm not talking about, I mean, it's not about the political and the diplomacy. None of this matter when we talk about safety. And you know, in the end, it's about human lives and safety. If we can approach this problem and solve this problem, I think it's going to be a step forward towards what you mentioned about having a more decentralized network and a more ancestral network to speak.

Yeah. I mean, it's always this sort of balance, and trying to find the right balance between, you know, preventing things like terrorism and illegal activities, but then also providing people with free speech. And I think what tends to happen, though, is governments tend to, again, you know, this is just my personal view, but I think that the governments tend to over blow the security risks with, you know, terrorism and stuff like that, as a way to sort of steal, steal, the little freedom that we have, you know, I mean, this is, like, if you go into an airplane, everybody, everybody is, is stuck for hours, taking out their bags and going through all this, you know, this whole, this whole dance, and there's only, like, I can't remember when was the last terrorist attack in an airplane, in an airport or airplane, I'm, you know, touch Wood, because we did a lot of traveling this week. Excuse me, but, but, you know, it's, it's like, let's inconvenience everybody, and let's use the, or, let's, you know, get all this data, and we'll use the excuse of, hey, well, we have to protect you. You know that that's the sort of thing that I think that tends to be the. Most Dangerous. And I think finding that balance is, I think what's gonna I think that's what's gonna be a huge debate over the next few years.

Yes, I totally agree with that, and nobody wants to be the pioneer on that. I mean, they all understand the risks and that balance should exist. And okay, we don't have any major criminal activities or terrorism incidents over the past years. But what happens is they change this compliance, and next day, something happens. Then the guy who implemented this change is held accountable for everything by the whole world. This is why nobody wants to take responsibility, and I'm talking about governments now. In countries, no country wants to go fully decentralized. You know, no major country yet. But this is, this will form the political landscape over the next years, because compliance is and finding the balance between decentralization and centralization is like on top of the list right now. So I'm really curious how it will play out. I'm also I'm not a conspiracy theorist or a diplomat or the politician. I'm just hoping that user safety is first of all, and then we'll find the best and most the most reasonable way to move forward.

Yeah, we are just sort of, it feels sometimes like we're at the mercy of, you know, governments to figure things out, and then we have to figure out, you know, as businesses, figure out how to build things that are compliant, that's not going to, you know, run as a foul of, of regulation, speaking of, sort of like the broader market in General, I'm curious we're getting towards the end of our session. So I'm curious if you wanted, you had any thoughts on the market in general, how things are going now, when things you know will might pick up, let's say five deals. Or if there's any other specific topic, let's say something that you got your guys are working on that you'd want to maybe highlight now, since we're closed,

okay, I'll do a quick comment on the market. I'm not an active trader. I wasn't a really good trader as well, so don't take my it's not the financial advice, it's more of how I view things based on my interactions with partners and clients. So there is a long wait right now due to geopolitical incidents, everybody is waiting for the USA elections. Both, both candidates have crypto related bills and the regulations to pass next year. In six, seven months, we have MiCA, the European compliance markets coming up. So there is a lot of weight. I think the next one here, we're gonna be seeing a lot more positive news and a lot more positive compliance. And when compliance happens first, it's gonna mean it's gonna be a bit bad for the market, because, you know, compliance is like the big bad guy that comes in forces. You have to do like this, you have to do like that. And right now it's a wild west for companies that are like, no vote, there is no compliance. So first we'll see a bit of downfall, but then with compliance, come adoption, because right now we have like 6% in the world of crypto adoption and compliance and regulations, in due time will help adoption grow a lot, a lot bigger. So I think it's positive news in the long term, I just have to be patient and not always going after like the quick profit of the trading part of you know, it's exciting, I understand. But you know, as a security expert, always do your research and invest only what you can lose.

Yeah, I mean, I think you're right. What the one thing I think is really interesting, and I think has been a source of great comfort for a lot of people in crypto, is sort of how both the traditional finance, the traditional world, reacted to the whole FTX saga and three hours capital and, and how, you know, all these people were, were prosecuted, you have, you know, sandbag and fried is, is sitting in prison for things that, you know, that they that, they say he did. So, you see, a lot of, you know, if people thought that this was some sort of unregulated, you know, Wild West. We know that, no, that's not the case, that there are consequences. And not only that, from perspective of regulation, but also from a perspective of, you know, like just standard crypto people we now know that, you know, something that big can happen and the market cannot, you know, can, can still stay relatively calm you don't see, you know, massive sell offs. You don't see, essentially, the entire industry going, oh my god, you know, we even, we've even had the arrest of CZ or binance, the largest, you know, largest exchange in the world. And the entire industry has managed. To largely, you know, shirk it off and just sort of keep building. I think that's sort of very, very it's a positive sign, I think, and I think that that gives everybody a lot of, a lot of hope that that things will get resolved, even when it comes to the SEC. I mean, the SEC has slowly been enforcing against a lot of, you know, crypto companies that maybe were doing things that even they didn't realize were illegal. They've certainly been, you know, putting the word out. So more and more companies are learning how to be compliant. I think that that's like a sign of the of the industry growing up in general. But yeah, we're towards the end. We're on our last question. So I'm curious, what is your personal philosophy, and what keeps you going?

Okay, so my personal philosophy, you know, every company is trying to make the world a bit better, so this is how I approach things as well. Like, I don't do this for money, or I don't do this for fame, I'm trying to build something that helps people through from their life. So either it's a scanner that helps people understand if the contract is a scam, it's a hand pot, and they protect themselves by not buying this contract, or by helping companies fund bugs, vulnerabilities and explode. So what keeps me going is like, you know, I travel. I travel a lot. And in all these conferences, there is always some guy coming up to me, and she's like, Oh, you guys didn't notice for us, thank you. You found us this. This helped us a lot. You saved us X amount of money. This keeps me going, this is like validation that, you know, we're not just selling some selling thin air and getting money and moving on. We're trying to make the web city world a bit safer without companies. And my personal philosophy,

I think that's a great I think that's a great philosophy. And I think if think, if there's one thing that I want to be driving the development and future web three, it's people that that that see as their personal mission, ensuring that web three is a safe place for everybody, even you know retail investors, people that that don't know a lot, a lot about crypto, even how to keep themselves keep themselves safe, so I think we're at the end. So thank you so much. It's been an incredibly insightful session. Big thank you to to you Thanos, for sharing your valuable knowledge with us and use thanks to everybody who tuned in, ask questions, engage with us. We're excited to keep bringing you more content. So stay connected. Thanks again. Everyone. Take care. We'll see you in the next session. Thank you, Thanos.

thank you and talk to you in Singapore.

Thank you. Everybody. Have a great day. All right.