I mean it's in everyone's interest when criminals enter this space to steal from customers or to attack coinbase or whatever, that they experience consequences, because that's how behavior changes over time, right, And so we do work with law enforcement, not just in the US, but overseas as well to help them better target the bad guys who are targeting our customers and the industry writ large.
This content is brought to you by v chain, which is a leading enterprise grade Layer one public blockchain spearheading a digital revolution from a sustainable, highly scalable smart contract platform. The v chain blockchain has many unique features, which makes it an ideal choice for Web three applications. V Chain is working with many great enterprises such as Pwcgvonci, BMW, and Walmart China. Most recently, they partnered with the Boston
Consulting Group to build a revolutionary decentral application ecosystem. I'm a big believer in this project. I have been since twenty eighteen. I've been a VET token holder for years, and this blockchain is highly scalable, great with security and speed, and it has low energy consumption. If you'd like to learn more about v chain, please visit vchain dot org. Link will be in a description.
He everybody, I'm down at the Rippleswell conference in Miami, and I have Philip Martin, who's the chief security officer at Coinbase. Philip, great to have you. And how are you enjoying the conference so far?
Yeah? Happy to be here. It's a great location. Good ask for better weather, yeah, especially a week after Hurricane.
Thank goodness in miss Miami. Right right, right part or it would probably be pretty rough out there. But tell us about your background, you know, I saw on your LinkedIn you were an army And how'd you end up at Coinbase?
Yeah, so I'm at a coinbase for about eight and a half years, joined in from the middle of twenty sixteen, and I really ended up a Coinbase because of the fascinating security challenges that are present in the crypto space and the reality that you know there. It's it's really really hard to find another industry where security is so critical to the success or failure of a business, as we've seen many times many companies over the years.
Oh sure, and I mean in Coinbase being the largest US exchange. If I'm not mistaken, I'm sure you guys are under constant attack by whether it's hackers or whatever it may be. So what are what does your security team look like? What are some of yours?
So, yeah, you know, as of our last ten Q, I think we the number was two hundred and sixty nine billion dollars worth of cryptocurrency at coinbase. Wow. And that's just custodial. That doesn't count the wallet and all the other stuff, if I recall correctly. So we have, as you might expect, a fairly large investment in security at Coinbase. The security team so I oversee cybersecurity, physical security, and some other stuff around technology compliance and things like that.
So I have about a little under three hundred people in that in that overall org focused on security for Coinbase, which is percentage wise, is much much larger of an investment in security at mode than most organizations. Make sure, right were we bounce between you know, five and eight percent of the company by headcount just depends on you know,
who's hiring what. But somewhere in that range is normally where where we are in most places you're talking like one percent, right or or under one percent is in security.
And it's not just that, right, we we really do talk about especially in the early days, we we would make the joke that Coinbase is actually a security company that just happens to do cryptocurrency, right, because there's such a focus from the top down on on trust and on safety, on security and making the right decisions for our customers.
Oh absolutely, And I noticed that you guys have collaborated with the FBI and other enforcement divisions and so forth. Tell us about that. How are you working with those?
Yeah, for sure. I mean it's in everyone's interest that for when criminals enter this space to steal from customers or to attack Coinbase or whatever, that they experience consequences, right, because that's how behavior changes over time, right, And so we do work with law enforcement, not just in the US, but overseas as well to help them better target the bad guys who were targeting our customers and the industry
at large. And this is everything from you know, helping educate them all on cryptocurrency need and some of the investigative tools that are out there as well as you know, we see attacks that they don't because we're in a different place in the ecosystem, right and putting that information together for them in ways that makes it easier for them to you know, to to investigate and to find bad guys ultimately hopefully to put them in jail.
Yeah, and there was a report. I don't know there's validity to this, but it was in September that North Korean hackers were trying to hack the custodians that ep cooin ETFs coin Base being the largest at this point. Is there any validity today? Have you guys noticed anything from that?
So that was the FBI apart that was put out. So they put out sort of a warning and guidance to the industry about targeting by North Korea. And look that the reality of is North Korey targets crypto all the time? Right, this was this was not like a heavy a heavy news day in the coin based security team, we're well aware that North Korea is a very prolific
actor in this space. And and and they target all the way from you know, big exchanges like coin base all the way down to individuals that hold with crypto.
Now, you guys are also part of the Tech Against Scams coalition. Tell us about that.
Yeah, So this is a coalition we co founded along with you know, Meta and Match and other players in the tech space because we saw that you know, the things like pig butchering scams or you know, romance scams or confidence scams that they're they're they're obviously a huge problem, right, But one of the issues with them is they don't
encourage on just one platform. Right there, maybe there's maybe there's a dating app match that goes into a WhatsApp conversation that goes into maybe like a crypto investment scam or or something of that nature. Right, And so each of us individually that dating app, well, what they what they see is a match occurred, the conversation happened a little bit, and then it was taken to a different platform. Right,
what is what is what's that seed? Not much because they're an encrypted messenger, and then we see a customer who is in fact themselves. It's not fraud, it's not anything like that giving us instructions about sending buying crypto or sending it somewhere.
Right.
So, each each piece of that individually is very hard to stand up and say like, oh, that is a scam. But if you look at the pattern across all the platforms, you can start to say like, oh, that's definitely a scam, right, And so we brought this group together out of what had been a bunch of sort of you know, uh, bilateral conversations and sharing and sharing into really a consortium where you can come together as a as a community of technology platforms to share information, to share, to share.
You know, we're called TTPs technic techniques and procedures that the bad guys use to scam people, to coordinate on you know, inforsmation, sharing with law enforcements to really to bring the whole picture together so we can combat this more effectively as a group.
Yeah, that absolutely makes sense because to your point, these things happen on multiple platforms and they take it into d MS and all that, and it's so incredible how sophisticated it has become. Absolutely, but that's great. That's a great correlation. Excuse me, coalation coalition can't say that now. I do want to talk about the dynamic between crypto and TRADFI and the listed activity because I don't know why.
Maybe because this new crypto gets the sensationalized headlines. But TD bank can do bake a Monday laundering, but it's like business as usual. Correct, What is your take on that dynamic.
It's not just TD Bank right, like you go back, Wells Fargo had a very similar settlement a few years back. It's just it's just unfortunately in trad five, it seems to be the cost of doing business for these for these large banks. It seems crazy, is it's a three billion dollar fine is cost to doing business. But but that's just the reality. I think it's fascinating that, you know, crypto obviously, you know call it twelve years old. Well
coinbas is twelve years old. Crypto would be fifteen or so at this point if we go back to the original white paper, Sure, much much newer than the traditional financial system, which which is still the criminal sort of tool choice. When you talk about moving, you know, illicits funds from you know, gained from batacav moving and around
using other places. It's predominantly done in cash. The fascinating thing to me is is, you know, we released a list of finance activity report what it was two months ago or so where we could put a number on the percentage. It was like, I want to I want to call it point point three or something percent of
transactions were in some way related to listed activity. Sure, the fact of the matter is, you can't actually do that same thing for the traditional economy, for the for for dollar based like you can take guesses, but you don't know there's no blockchain, there's no record of these transactions. You have no idea what you're actually seeing is you're seeing a tiny piece of it based on where if you're coming from. So to me, that's that's a fascinating benefit.
Actually a crypto that we can say with like a reasonable level of confidence, what the illicited activity is in crypto, what percentage is, and over time we can measure it. And if we can measure it, we can we can try to drive it down right right in a way that you can't put a dollar.
Yeah you mean, Philip, I could just give you a suitcase of money right under the table here, nobody would.
Know, right, and then you know there's there's The other fun thing is that is that criminals have spent a long time figuring out ways to then take that suitcase of cash and get it back into the financial system right through money laundering, through all sorts of things. Yeah, it's a very well deveuilopt skill right right, and much more so than in the blockchain space. Where there's there's
no such thing as a suitcase of cash. You could certainly send me money on the blockchain, but like everyone sees that it's it's all there, and I think it's it's to me, it's it's a fascinating dynamic.
Yeah, And I wonder if it's sometimes I wonder, you know, it's just maybe the people who don't like crypto a sensationalize things and they try to, you know, amp it up and make it look like it's bigger than it is. But I guess as companies like che Analysis and these folks come out and put out and you guys as well, like reports on these things, they'll help educate the public, educate lawmakers and so forth. Like it's all here, man.
It's very important. And I mean, all you have to do is ask a law enforcement agent, Hey, would you rather run moneylaunder investigation and in the in the traditional world with shell companies and international transactions or whatever else, or would you rather run it on the blockchain? Right?
And and they will largely tell you on the blockchain it's much much much easier, and especially in traditional money on and you start going between countries, it just becomes impossible so so so hard for law enforcement to walk that back.
Oh yeah, so are you guys doing And I apologize if but I miss this because I am a user of to coinbase platform.
Thanks you being a customer.
Yeah, Like, are you guys doing like any educational awareness campaigns? Like I'm going to give you five so too, she's to go through this security check to make sure you watch out for phishing scams, you watch out for people ask you to send them crypto or do whatever.
So we haven't done that yet, although although it's an idea, we're very very interested in sure. We do do a lot of of outreach in general, both in app and in more you know, through through blogs. And we did a video recently that was aimed at at pig butchering, sort of explaining the process and helping helping educate potential victims. We did a and I would say, quick, quick plug here, it's on our YouTube channel. It's up there for people
to see. Your audience probably doesn't need to see it, is my guess, but I bet your audience every single person out there knows someone who does. Yeah, right, A parent, a friend, a whatever. Right, And it's so important for those of us who know about this stuff to educate potential victims, because that truly is the silver bullet for preventing the stuff.
Yeah, it's spawn on it because I think to your point, most of the folks who are here are maybe considered early adopters and they're a little more tech savvy. But I definitely have family members who are like, what is this? I do want to invest, but I'm kind of scared.
Yeah twenty four phrase seed phrase.
I'm scared of that.
Yep, yep. Yeah. At education, Yeah, they really really do. And so we see that as a really important piece of our place in the ecosystem because the real is when we see these these bull runs that were hopefully about see another one of knocking that's probably a wood product,
knocking on wood. There, coinbase sees a large number of new, brand new to crypto people coming in for the first shot, right, And that's great, and like, we we love the fact that that we have that level of trust and approachability and ease of use, but it's also very important that we educate those people as they enter into the crypto ecosystem right on, Like, how is this different from your
Facebook account? How is this different from even your traditional bank accounts, right, and how how are attackers acting in the ecosystem? What do you need to be worried about? What do you need to be aware of? So so so important that they get that early, because that makes the scammers job so much harder.
Yeah, great point. Well, I hope you credit me with the idea by giving.
People stable points.
Absolutely what's on your roadmap? You know, what do you guys have in store for remain your twenty twenty four and maybe into Q one.
Yeah, I mean, I don't want to get too much into into like what's coming out, what kind of products
are showing up, that kind of thing. I think you'll see us continue to focus on consumer protection, on making sure that both both in the custodial and in the non custodial space, with you know, coin based wallet, the smart wallet that we were relatively recently rolled out, and with you know, the DeFi space compuming to grow, there's there's there's a there's a lot of work we can do there to help people again make that next jump from buying and holding on coin base to participating in
the the on chain economy and doing so safely, right and with awareness of the risks and threats. We've done things like you know, ad this is last year, but add transaction transparency to coin based wallets so you can actually see, hey, you're about to sign something, what what is this going to do? Right in terms that humans can understand without having to figure out read through the transaction, figure out what's in there, which the reality is not
only a small percentage of crypto users can do. Right.
Question that just came to mind, Yeah, are your user profile? So let's say I have a user profile. Is that on chain at all? Or is it more like Web two?
So so it depends on the product you're talking about, right, So if it's coinbase, like the retail you're logging into coinbase dot com, right, that customer profile that is that is a moral Web two thing. But if you have a coin based wallet, the app which is self self custodial, you can, you know, in there you can do it like an eth id or a base name. Now you can you know, start to build that sort of online profile. It's actually an area I'm a very very excited about
for the future. And I don't you know, I don't know if this comes from coinbase, it comes from others. Probably probably the answers all of the above, but is like on chain identity is notuch an exciting area for me because it gets it gets into the area of challenges with like non authentic behavior, right AI deep fakes that kind of stuff. One of the ways that we start we start to approach a solution there is through
like really great online identity and reputation. Right, if I can, if I can know that, you know, this picture was actually signed by Philip Martin's key, and that key has been you know, I have a driver's license detached, I have a whatever I have, I have attestations from coinbase about my ky C and and Chase and whoever else. Then I can say, okay, that's probably a real person. Yeah, and they sign that. Now, maybe I'm still lying about it.
That's fine. But over time, as that reputation builds, it becomes okay, you know, he has a lot about the last ten photographs he published. This is has a higher chance of being authentic and legitimate. Right, But the base of that ecosystem is this strong identity layer that we just don't have today.
Yeah, And I can't wait for that. And I know it's going to be a transition from any of these platforms. But like, as a content creator, I deal a lot with fake Oh sure, impersonating me vming people. But you know, there's no dialogue box to drop down to verify this is Tony's profile, it's verified on eth whatever block chain. There's nothing like that.
Yet it has It's one of the elements of solving this problem. I think that that has to come along.
Yeah, for sure. Question are you guys using AI in any way to help booster security and to help you along?
Sure? So, I mean, look, AI is a technology like anything else, right, It's going to be used for good and evil. Yeah, and on the good side, actually, on
both sides. My my sort of take on this is AI doesn't make things better, it makes them faster in general, right, So like and it can it can sort of even the playing field to some extent, right, So example, jenerative AI is a great example here about we're taking skills that used to be in the realm of like an individual expert with photoshop, you know, changing image is to anyone who can type can generate a relatively convincing thing
image very very very quickly. Right on the security side, there's a lot of places where there's a benefit in making things faster and in leveling a playing field. Right, So you can level up a relatively junior employee to to you know, not an expert by any means, but you can give them suggestions, say, hey, like, I think you should probably look at this thing rather than that thing. There's a lot of areas where you know, like suggestion
recommendation engines are are very useful in security. There are a lot of areas where you know, security has a data problem, right, where we have lots and lots of signals and alerts and things. How do we find the ones that really really matter?
Right?
So AI can be helpful in that area. A I can be helpful in you know, finding bugs in code things like that. So we've played around with with you know, bringing AI into alterning smart contract. So far it's not been great, but very very early, right, So we've played with things like that where we believe that AI can can play role in the future.
Wow, final question here ply you go, are you seeing that hackers and scammers are using AI to try to attack you guys? And I don't know if there's a way to figure that out, but I.
Mean, right, like, we're not as much as I would like to be I fly on the wall there. Right, we've certainly seen stories in in in the media and online that you know that that say that attackers are leveraging, especially in scams, are leveraging AI a lot more to make their operations more efficient. Right, so instead of having a call center full of right people doing these scams, they can automate at least parts of it. Uh So, there certainly seems to be reporting to that effect, Philip.
Great stuff, and obviously you got maybe the most important job at coinbase, protecting all those.
I don't know about that, but it's certainly a fun job.
H So well, thank you so much for joining me
That trapping me