Episode 86 of the Public Key podcast is here and we are happy that you love the refreshed look. The year is 2023 and crypto prices are rising, so why are we approaching private key management like the pirates secured gold in the 1700s? In this episode we speak to Diogo Mónica (Co-Founder and President, Anchorage Digital) about how we need to protect our crypto assets better.
You can listen or subscribe now on Spotify, Apple, or Audible. Keep reading for a full preview of episode 86.
Public Key Episode 86: Private key management for crypto assets and DeFi protocols
The year is 2023 and crypto prices are rising, so why are we approaching private key management like the pirates secured gold in the 1700s?
In this episode, Ian Andrews (CMO, Chainalysis) gets a crash course in crypto custody from Diogo Mónica (Co-Founder and President) of Anchorage Digital who are the industry leaders when it comes to crypto custody for institutions.
Diogo explains the need for better private key management and the security challenges faced by institutions in the crypto industry and highlights the importance of Anchorage’s federal bank charter and its role in providing trusted custody services to large institutions.
He also touches on the crypto regulatory landscapes in USA, Singapore and the EU and the impact on Bitcoin and Ethereum ETFs in the industry, while acknowledging the security issues in DeFi and need for better programming languages.
Quote of the episode
“There was this kind of ridiculous notion, absolutely ridiculous notion, that the way we were going to store the most important private keys in digital assets that we ever created, was going to be by copying the technology that the pirates used in the 1700s to store the gold coins. That was it.” – Diogo Mónica (Co-Founder and President, Anchorage Digital)
Minute-by-minute episode breakdown
- (2:10) – Diogo’s journey from Docker to the world of crypto and founding Anchorage
- (5:43) – The need for better private key management in crypto
- (9:20) – The counterintuitive decision to become a bank in the crypto industry
- (16:40) – Flight to safety and increased trust in federal banks during banking turmoil
- (19:15) – Importance of Ethereum’s successful transition to staking
- (25:32) – Potential impact of Bitcoin and Ethereum ETFs on Anchorage and the industry
- (29:13) – Discussion on the regulatory landscape in the USA, Singapore and the EU
- (33:45) – Security issues in DeFi and need for better programming languages
- (37:52) – Partnership with Eaglebrook Advisors for crypto RIAs
- (41:59) – Excitement for regulatory clarity and stablecoin use cases in the crypto industry
Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key.
- Company Website: Crypto for institutions
- Personal Website: Hi, my name is Diogo Mónica
- Announcements: Anchorage Digital and Eaglebrook Advisors Partner to Offer Crypto SMA Platform for Wealth Managers
- Blog: Eight Questions: Diogo Mónica, Co-Founder and President, Anchorage Digital
- Article: Anchorage Digital launches custody and trading separately managed accounts for registered investment advisors
- CoinDesk Article: What an SEC Proposal Means for RIAs in Crypto
- Conference: Chainalysis Links NYC 2024 Conference (Register Today !!)
- Post: Crypto Update:The Monetary Authority of Singapore has concluded its public consultation
- YouTube: Chainalysis YouTube page
- Twitter: Chainalysis Twitter: BuildCareers at Chainalysising trust in blockchain
- Tik Tok: Building trust in #blockchains among people, businesses, and governments.
- Telegram: Chainalysis on Telegram
Speakers on today’s episode
- Ian Andrews * Host * (Chief Marketing Officer, Chainalysis)
- Diogo Mónica (Co-Founder and President, Anchorage Digital)
This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.
Hey everyone, welcome to another episode of Public Key. This is your host, Ian Andrews. Today, I’m joined by the founder of Anchorage Digital, Diogo Monica. Diogo, welcome to the program.
Thank you so much for having me.
Hey, we are going to talk a lot of crypto, we’re going to talk all about Anchorage, your business outlook on the crypto markets, but I realized researching the episode that you and I come from a shared background. You were at a startup called Docker, that for all the crypto people listening, maybe never heard of it, but I was at a company called Pivotal, and so we lived in this world of containers and Kubernetes that drove a ton of the innovation in the software industry, for the last decade at least. Super interested to hear how you go from Docker into the world of crypto. What was the connection point there?
Yeah, Docker was amazing, and still to this day, it runs on what every single cloud server on the internet, and so as an engineer… Yeah, if you measure yourself by the number of lines of code running on the number of hosts on the internet, then you know that’s my claim to fame is having code in Docker.
Well, I was going to say, I actually talked to somebody that gave me some semi-private information about Docker’s business. And so, after some turbulent years, the company is apparently doing incredibly well. You may be a little closer to it than I was, if you’ve still got connections there, but it really is amazing. For people that aren’t in the world of software development, almost all application code that’s been written in the last five or seven years, I would say, is probably running in a container. For end users of software, this matters very little, but for people that build and operate software, it was huge sea change, and you were there at the beginning.
Yeah, I led a security team for three years. It was amazing because amongst developers, that’s the only thing that gets recognized, and then for retail in the US, it was my work leading security team at Square. So, for people that are not in tech, I would talk about Square, and for people in tech I would talk about Docker. But, Docker is the only company that I know of, there might be more examples of this, but it is double turnaround. Docker started as Dock Cloud, Dock Cloud was an Heroku competitor, it failed, then through the failure, they created this container called Docker. They made it easy, they made it safe, and then it became extremely popular, and then it failed because it failed commercialize, and then it got recapped, and then the third time around now, it’s incredibly successful as a business, and it’s just such a great story.
That’s amazing. So, you’re doing security at Docker, and at some point, the opportunity comes to start your own thing, and that somehow leads to Anchorage. Tell us that story.
Yeah, so it actually starts a long time ago. I did something 15 years ago, that was not very useful at the time, that now has a little bit more utility, which was a PhD in distributed systems, and blockchains are essentially all distributed systems. And so, I was working on something that was absolutely and purely an academical pursuit, and that was it. That was publishing papers, research Byzantine full tolerance. I was working on, in fact, my thesis, I think the Bitcoin White paper, 60% to 70% of the papers there I had already read, because I quote them on a master thesis on my PhD thesis.
So, I was deeply into this, and I was lucky enough that in 2011 through my PhD, a company called Square, as you know, flew me out of Lisbon, and I joined Square, and as I was employee 40 and I joined the same week as my now co-founder Nathan McCauley, and that’s very relevant because for four years, we’ve worked together, day in and day out, at Square, leading the security team. We’re actually on the patent of the literal encrypted credit card reader that I’m sure you’ve swiped your card on, so we have your credit card hundreds of times.
Hundreds of times.
Yes. That’s such a great adventure. Nathan Knight always wanted to start companies. Nathan had started a small company before joining Square, he was also a security engineer by background, and we’ve always wanted to start a company, and we had the opportunity, between starting a company post Square, we had a couple of ideas around key management or join this exploding, this company that was just on this explosive path, which was Docker. And so, we decided, collectively, to come to Docker and to lead the security team because we wanted to learn lots of things about… For example, at Square we had never done enterprise sales, at Square we really didn’t sell security products. Obviously, Square sells to small merchants, at the time specifically and particularly, and you don’t really talk about security with small merchants, you never want to remind them that credit cards can be stolen.
So, Docker was really the place where we work together and sold security, built security products, and then that’s actually when the connection to crypto comes. It is, to a certain extent, being in the right place at the exact right time, with the exact right of background. In 2017, around the ICO boom, there was a fund that came to me because they had lost the pass raise to a $1.5 million Bitcoin wallet, and they offered me 20% if I could break into it. So, that was my introduction to this business and what ends up leading to Anchor, and all of these funds, it was not just this one fund. It was all these funds were extremely, extremely incompetent, candidly, at private key management. Crypto wasn’t a thing before. Nobody knew how to treat these passwords, so to speak, as something that was highly, highly valuable. Everybody loses passwords all the time, but now losing a password can lose you $100 million. So, that was really the connection.
Nathan and I had been working for seven years, every day. We were security engineers by trade, and it was effectively perfect founder market fit. I literally had a PhD in distributed systems, so that’s actually what leads us to start Anchorage, and be on the enterprise path, because Anchorage Digital today, is a company that serves institutions, offers services like crypto custody, settlement trading, but the unique thing about Anchorage is that we actually have the first and still only federally bank charter. This is a charter that is the same as JP Morgan Chase and BNY Mellon used to do banking, and we were the first ones to actually get it for crypto, and we’re still the only ones doing it.
So, it’s this perfect combination of amazing security technology that we’ve built, because we’re two security engineers, and amazing regulation that actually is the only unambiguous qualified custodian, in the space. So, if you’re a large institution, you want someone to trust with your crypto, then why not a bank started by two security engineers that have been around for over six years, custody tens of billions of dollars, and have such an amazing track record? So, that’s really what Anchorage Digital is today.
It’s such an incredible story. When you first set out to launch the company, it sounds like the core idea was, people didn’t know how to handle private keys, and that was leading to all sorts of issues, like you said. Lost private keys, oh, I can’t get access to millions of dollars of funds, or insecure keys leading to hacks. What was the insight that you had? Was it simply, “Oh, we have experience in security, we’ve been doing key management for a long time, we understand how to do this better than the average person?” Or, was there another technical innovation that you felt like you had?
So, the beginning of this was really that, at the time that we were starting. And, by the way still today, there was this kind of ridiculous notion, absolutely ridiculous notion, that the way we were going to store the most important private keys in digital assets that we ever created, was going to be by copying the technology that the pirates use in the 1700s to store the gold coins. That was it. That was the status quo at the time. “We are pirates, we are storing our gold in a treasure chest, we’re better burying it in an island somewhere, and then we have this map on how to recover it.” Except that instead of gold coins, people had these USV keys instead of treasure chests in islands, they had these banks in these vaults, and instead of an actual map, they had a checklist on how to recover it, but the technology was exactly the same. It was effectively what I call pirate custody. It was what we were using and still what a lot of people talk about.
And, of course, coming to this problem with the background that we have, in terms of security, we knew what the solution was. We had worked in key management at Docker. We had worked in key management at Square. At Square, we worked with the hardware security modules, producing hardware in China, in a highly adversarial environment. We knew how to generate keys safely, how to keep them in hardware, all of these different components, that seemingly really the industry wasn’t really using. Part of the reason for that is pretty obvious, which is, the people that came into crypto and started by building products, weren’t really the best people at security. They were web developers, building exchanges, they were all these people that just randomly came to crypto and started building companies and built everything, because nothing existed. And so, if nothing exists, you have to build your own custody, you have to build your own systems, and obviously, you do not want non-specialists building these highly, highly, highly secure systems.
And so, that’s the insight is, “Hey, we know how to build this. We know how to do this. We’ve done it before, let’s just apply to this problem.” And so, that technology was the technology that we built, and that really started the whole business and still use today, which is taking the best of cold storage, which is the fact that these assets are offline. There’s never direct connectivity between a Bitcoin private key or a system that has a Bitcoin private key or any of the other assets and the intranet, so they’re offline effectively, air gapped, but it’s fast for you to access them. You don’t have to take two days to fly around the country, collect these keys and just bring them together and do this ceremony and get yourself inside of a Faraday tent.
Which by the way, there was a client that I know of that I could tell a story that they bought a Faraday tent, they would travel around the US, they would collect the team in a random hotel, they would go into this tent and they would just put their passwords in the dark of the tent with flashlights so other people wouldn’t see the passwords, it was just absolutely insane. We built something that is safer than that, but it doesn’t have the trade-offs. Primarily, the trade-offs around speed of access. You can transact any Bitcoin for institution, you transact in minutes, and you have the safety of the offline air gap systems. So, that was really what the technology that we built did, and still does today.
You mentioned this earlier, but you’re the only federally chartered digital asset bank.
Talk to me about how you realized that, one, you needed to become a bank, because I think that was a little bit of a counterintuitive decision at the time, in the industry, and how is it that you’re the only one now? What’s happened since you got that federal charter? Because it seems like people would’ve flocked into the space behind you, once you showed that it was possible, and it hasn’t happened yet.
Two extremely interesting topics. So, let’s first cover the first one, which is the space in general, not only is the opposite of having a regulated entity, the whole space was crypto anarchists wanting to run away from the power of the central banks and wanting to do self custody and being their own bank. If you’re your own bank, you shouldn’t be depending on the bank, so how does a bank even make sense? Well, it turns out that the people that started this, really didn’t have in mind, and didn’t really care that institutions participated in the space. The moment you start thinking that somebody like Visa is going to come into this space, or some sovereign wealth fund is going to come to the space, or some bank is going to build something in a space, immediately you realize that these are not individuals, these are companies, and companies as entities, can’t really do self custody because 99.999% of them do not have the technological abilities, the people don’t want to spend the money doing this.
And so, what we do as a society, is we have companies, companies that specialize in different things, and banks are the specialists that actually safe keeping money, and so it was obvious that the moment we had companies and institutions coming to this space, we were going to have these specialist third party companies outside, that actually did this extremely well, versus the companies doing themselves. That’s what we do in capitalism, is we actually have these specialists, that actually are able to have economies of scale and do something that you can’t do. Number two, if they are very large institutions, they want this to be audited, heavily audited, they want their money to be safe, and the way that we know how to have these things be safe, is by proxy. The proxies that we have are things like SOC one, SOC two, insurance and just credentialing. With credentialing in this case, charters.
If you have a charter, you would necessarily have gone through a ton of pain, and the better the charter, the more pain you’ve gone through, and at the end of the day, the pain that you’ve gone through, really speaks to the competence that your team has, because it’s extremely, extremely hard to keep these things and it’s extremely hard to obtain them. And so, it’s almost like you went through the hardest path, and somebody gives you credentialing at the end, so that your clients know via proxy, that if this is a bank, then it is safe and has these characteristics of all these other banks. At the end of the day, that was necessary. Institutions require that.
And then, finally, let me just mention that there’s laws that say that if you were an RIA, you must use a third party custodian. And so, all of a sudden, you need some company that has this credentialing, that actually does this for you. And so, it’s not even an option for people to do self custody. That really speaks to your first question, which is, how do we start by building technology, and then get into a bank? The answer is we wanted the regulatory part of our company to be as good as the actual cybersecurity component was. That path was what led us to have the first and only federally chartered bank. Why? Because the federal charter really is the best regulatory status that you could have. It is the hardest to obtain, it is regulated by the OCC, which is the oldest banking regulator in the United States, and it puts you on par with these national banks, the JP Morgan Chases, the BNY Mellons, the banks that the largest institutions use for all of these other asset classes.
So, how come they care about banking for those asset classes? Why wouldn’t they care banking about in that type of credentialing for this asset class? So, that is the answer to your first question. Why is there bank? Isn’t the space an to banks, and why did you actually go get it? Well, because it’s the perfect charter for the security that we’ve built. And then, on your second question, your second question was about you’ve built a bank. Remind me the…
Well, why has no one copied the pattern? Because I agree with everything that you just said, which is it makes absolutely all the sense in the world. If you want to work with institutional money managers and hedge funds, and all these people that are highly regulated, well, you need to yourself be regulated. That’s just sort of the rules of the game.
So, here is actually where things get really interesting. It is, to a certain extent, preparation and a lot of work and focus, and to another extent, a lot of luck too, to be in the right place, at the right time. So, the preparation element of this is, if you think about it, Anchorage has only ever done institutional business. We’ve never done retail, we’ve never focused on anything else, and that is not true for many of the competitors and many of the people, in this space. There’s many people in this space that are just vertical integrated place. They do an exchange for retail, they do an exchange for institution, they try to do prime, they try to do custody, try to do settlement. They serve everything for everyone. If you’re institutional focused, the moment there’s an opportunity to get a bank, you will go for it.
If you sort of have 95% of your revenue come from retail, maybe you won’t. So, that’s the first portion here, is that we care deeply about institutions in a way that very few other people care, because they are not institutional only, in fact, in crypto, as you know, retail has made a lot more money on all the bull markets than any institutional. And so, of course, people are going to flock towards that business and lose focus. We have never done that. In the second component, there was actually a timing issue here.
So, the OCC under Brian Brooks actually did a call-out for people to come get banks, and we decided to do something called a charter conversion. Instead of applying for a de novo charter, instead of going and getting a new charter, what we did was a charter conversion from our prior trust company, into the federal bank, and because we were a company already operating, we already had all of our policy and procedures, we had billions of dollars, at that time, in assets under custody, and we had a track record, it was a lot faster for us to actually get our charter.
In the moment Biden took over, in February 2020, then all of a sudden, there were no new charters available, and there were no new charters accepted. And so, to a certain extent, it’s timing because it came under the prior presidency, and to a large extent, was preparation and strategy on how you get the charter in the first place.
Amazing. So, now that you’ve got the charter… I mean, obviously last year, there was a huge amount of turmoil in the banking system, I would say in the US, there’s still quite a bit of questions about everybody below the GZIP tier, kind of the top global banks, but in particular, related to, I think the combination of bets on crypto and interest rates, we saw quite a few spectacular failures. How did that impact you all? I have to imagine you were caught up in the storm of it, but you’re obviously here, so you’ve survived. Talk to me about what it was like going through that last year.
One of the things that is interesting is that Anchorage, like many other players in the industry, we rely on other parties for fiat banking. So, we are a bank, but we focus exclusively on crypto assets. And so, that means that we are always dependent on third parties for fiat banking, and if banking gets harder, which it has, as you very well know, then it gets harder for our clients and gets harder for us. There’s huge advantages and there were huge advantages from everybody in crypto to be at Silver Gate or to be at Signature Bank, because you could settle internally, it was a lot faster. The moment those banks go away, then actually doing business in crypto becomes a lot harder. So, it affected us the same way that it affected all the other crypto players, which is it becomes hard to do fiat banking.
On the other side of this, it’s actually benefited Anchorage tremendously, for the reason that there’s a massive flight to safety happening. If there’s companies going bankrupt, then all of a sudden you start caring about things like bankruptcy remoteness. Nobody cared about bankruptcy remoteness 18 months ago, when we were in a bull market, but then FTX fails, Celsius fails, BlockFi fails, and people realize, wait a minute, it is not clear if these assets are owned by the bankruptcy estate or if they’re owned by the clients, we don’t know where these assets land.
But, you know where you do know that, for a fact? At a federal bank, because the federal banks have been around for hundreds of years, and there is a very clear path and very clear decision making on how assets are actually divested, in case the company actually goes under. And so, all of a sudden, a banking charter is the thing that you want, because all these other charters don’t really give you any confidence, in terms of where the assets land in the case that something bad happens, and when nothing bad happens, nobody cared, but now people care deeply, deeply, deeply about it.
And so, it’s actually benefited us, because there’s been a massive flight to safety. People have started onboarding onto Anchorage a lot more, we doubled the assets on the platform, just from the beginning of year alone, when everybody else is losing and bleeding assets. We are now at all time high assets on the platform. It’s pretty interesting to have made these decisions in the past, or strategic decisions about getting the best charter, going through that process and focusing exclusively on institutions and staying the path, and now have it benefit us, six years later, and to this degree. It is fantastic to see the decisions that you make in the past really come to fruition, but that was happened this year. Flight to safety, people care about the charter, people care about the technology. There’s all of these other players that are being sued by the SEC or suing the SEC, and in troubles with the main regulators of our clients, which is not something that we have.
It is amazing too, because at Chainanalysis we obviously have access to lots of data about the behavior of assets across all the blockchains, and when FTX failed last year, we saw a pretty clear move away from centralized exchanges. Now, most of that was retail driven, in some ways, but it was a fear of, would the next exchange collapse following FTX, because people just didn’t know what was real and not real. So, to have your platform see a two x growth in assets under management is definitely a testament to the trust that your customers have placed in the platform.
Yeah. I wouldn’t say it’s a great year, because it’s not a great year and there’s been so many bad things happening, but it has… Eventually, it really comes back to the strength of the foundation that you’ve built, so we’re very proud of having built such a strong foundation.
Now, one of the things I gather maybe, is also driving your business is staking on the Ethereum network. Talk to me about what staking looks like for institutional clients, and is that a driver for people owning Ethereum? Is this idea that there’s a latent return, that they can get there? What are some of the dynamics you think, that are pushing people’s interest into staking, and particularly, staking with your platform?
I think… Okay, so two different questions on the staking component and then on our platform, and the answers are slightly different. On staking in general, what has happened is really that Shapella happened and it was very successful. I think people don’t give enough credit, outside of crypto, on how hard it is to coordinate and ship a flawless deployment of a distributed system that is this massive. There’s never really been these distributed systems that have been decentralized, that require all of the collaboration of these parties. It makes it like a hundred times harder than shipping an update to any kind of centralized system from any company. It’s so hard.
And then, going and doing something that nobody really had done before at that scale, changing from proof of work to proof of stake, launching the beacon chain, making sure that that was always happening and that was happening correctly, and then really shipping this new capability that your asset really didn’t have before, was so awe-inspiring and confidence inspiring, that I think Ethereum really gained a lot of credibility, and gained a lot of credibility not just on what it had done, moved away from proof of work to proof of stake, but really credibility on the rest of the roadmap, that now doesn’t look as impossible, that it looked before pre Shappella upgrade. That really justifies the reasons why very large institutions have been coming to Anchorage to buy Ethereum and to participate in Ethereum.
And then, there’s the question around, why are they doing it? Well, they’re doing it for two reasons. Number one, 4% dilution a year is terrible. Nobody wants that. And so, of course, you want to capture the anti-dilution, which is really what’s staking is it’s an anti-dilution provision. You participate in the network adding to the safety of the network, and you get repaid on that by actually having the rewards from the network being issued to you. You can think about it as rewards, but you can think of also as non dilution, so a non dilution provision that happens on the network itself. So, 4% a year for billions of dollars or tens of billions of dollars is obviously a lot of money. That’s why institutions really are doing it, because they don’t want to lose out, and they have to go through all of these steps to actually get there, and that answers the second portion of your question, which is why Anchorage?
Well, it turns out that our charter, our federal charter actually says that we do many businesses, but one of the business that we do on our federal charter is staking. So, if you’re a very large institution, you cleared with your compliance team that there’s these assets and require custody from these new banks that are crypto banks, and it’s very hard to protect these keys, and this is actually very different than traditional. You go through all of this, and then all of a sudden the staking thing shows up, and it’s very complex and it has tax consequences and you have to structure this in a correct way and you start going back to compliance and said, “Oh, actually this is about to become a lot harder,” and then they look around and say, “Who can do this for us? Who can we partner with?” And now, you can actually point and say, “No, actually there’s a bank that does it and it does all the reporting as a bank and it takes care of all these issues for us, and we can custody and staking there and we can just click a button.”
You click a button on the Anchorage application, and then all of a sudden you’re staking and you’re participating. So, it goes and answers all of these questions that institutions have, and there’s a path that they have to go through, and in many of these big institutions, it takes many months for them to get there and just become a lot more comfortable with doing it, if they’re using Anchorage. I can tell you that in the beginning of the year, pre Shapella, I believe the number was under 10% of institutions were staking. Under 10% of our companies, of our institutional clients were actually staking this.
And then, now, we’re quickly becoming more than half of them and we believe that it’s probably going to level off at 70% to 80% of them actually staking. There’s lots of reasons why they wouldn’t, but the difference is massive. People just became comfortable with this actually doing it, post Shapella upgrade, also because of the cues and the redemption periods that they didn’t really have before. Institutions weren’t really comfortable with liquid staking, that wasn’t the solution that people really had before for liquidity. So, all of these things really led them to onboard to Anchorage. So, we not only saw an inflow to staking from clients that had Ethereum, but an inflow of Ethereum onto the platform, and people buying Ethereum, because now they had a lot more confidence that the rest of the roadmap, such as scaling for example, and chartering is now likelier to happen, and thus, it’s a good blockchain for you to bet on, if you believe in this world computer narrative.
Yeah. Do you all run your own Ethereum nodes? Are you running the actual staking infrastructure? Or, do you have a partner that you collaborate with on that?
It really depends on the network. Some networks, we run them on our own, some networks we actually use third parties. What we do is a security valuation of, what is the actual potential risk? If it is a network, where there’s actual risk of asset loss or any kind of principle loss, then we absolutely run it ourselves. If there’s a platform or a staking network that just has potential loss of rewards, then we can just have a relationship with our clients where we commit to making them whole, and that’s from their side, the staking rewards are still paid at the end of the day, and we are the ones that are actually choosing the best providers and taking on that risk. So, there’s obviously solutions in the middle of the spectrum too. So, anywhere from running all of our nodes to actually running third party nodes, doing the evaluation for security, letting them to run it, but making it easy for Anchorage to actually do the delegation components and the signing and the tracking of the deposits, and all those good things.
Yeah, I would have to imagine that your background in security gives you an unfair advantage over many people in the space, when thinking about making those decisions between running your own nodes versus potentially outsourcing to a partner, and everything in between.
Oh, a hundred percent. The security infrastructure and the security model that I set up originally in the company, is very much alive and well, in terms of how the other hundreds of people that joined after we started this really think about it. And so, it’s structured in such a way that people understand how to hook up different providers and what the security model really is and what are the security and variants, we call them security and variants that we have, internally. So, it’s actually quite fascinating. I don’t understand why, but it’s quite fascinating, that I believe we’re the only company that was started by two security engineers, and you’d expect a lot more companies that are doing custody or anything that would start by specialists in the areas that they claim to provide as a service, but it’s somehow that does not seem to be true. Maybe there’s other companies out there that I haven’t seen, but two security engineers starting a custody company, that makes sense to me.
There’s definitely a nice straight line there, in terms of experience and background. Everybody these days is talking about the possibility of Bitcoin and Ethereum ETFs. I’m curious about how that is positive or maybe irrelevant to your business. What do you think about the potential for ETFs, here in the US?
ETFs are really interesting in the sense that we’re actually the perfect solution for them. One of the reasons why ETFs haven’t been approved, have been lots of comments, or many of the comments have been about, what are the services available for doing trading, for doing custody, for doing analysis of the space, looking at things like wash trading, market analysis, all of those have been questions have been raised. One of the big ones is the fact that many of the ETFs, if you see the applications that they’re actually submitting, have the same party. For many of these answers. So, the party that takes custody is the party that is trading, that is the party that is actually the exchange, so all of these things are just intermingled in a way that just does not happen in traditional market. The traditional market, you cannot have the exchange also be the custodian. We have multi-party integrity, we have multiple parties that actually are participating in all these straits.
And so, the way that Anchorage plays perfectly into this is the only bank, custody should be done in banks, the only federal bank, really, that is doing this, and thus, fits perfectly on the custody component and the ability of these very large ETFs to actually use this. So, this benefits our business. Why? Well, because if ETFs are launched, it’s a lot easier for all these investors to participate and also retail to access it on their just normal brokerage, which arguably, and we can talk about whether people buy the rumor and sell the news or follow some other strategy, but in general, having it easier for you to buy Bitcoin through your brokerage means necessarily that there’s going to be more demand for Bitcoin. Thus, if there’s more demand with same supply, then we’re expecting the prices hopefully to go up.
That benefits us because it benefits obviously the assets on the platform, and it benefits us because if these ETFs get approved, then what’s happening is that these fast follows are happening. Now, there’s an Ethereum ETF, and Ethereum ETFs actually have to stake because of the dilution, so how do you solve that? Who’s a party that you know, that is a regulated federally chartered bank that does, not just Ethereum staking or Ethereum custody, but also Ethereum staking?
And so, all of these players that are actually launching more and more ETFs, which for us is more clients, and so it benefits us, obviously massively, because we’re perfectly positioned and we are the leaders in the space, they’re perfectly positioned to capture all of this business that is actually being created. So, that’s how we see it. Whether they’re going to be approved or not, it’s all guesswork, and I hate making predictions like that because I hate being wrong, and so I usually don’t. I believe they’ll be approved eventually, I just don’t know. I doubt that it’s this year, but I don’t know really what the timeline is, but it benefits us. These are our clients. These are very large institutions. That’s exactly who we serve.
I’m with you on the timing. It seems like things are heading the right direction, but it’s very hard to figure out when we might get the real and final approval. I’m curious how your business… We’ve talked a lot about the US market and your US federal charter, but looking at your website, you all are an international business. You have a footprint in Singapore, your, you’re actually joining us from outside the US. I won’t disclose your location unless you want to, but I don’t want to inadvertently dox you, but what is Anchorage doing, beyond the US market?
Maybe I’ll start with the last one. It’s fine if you dox me. I just moved back to Lisbon after a long time in the US, and part of the reason why Anchorage exists, by the way, is because there’s no single points of failure on Anchorage side, in terms of your assets being able to be moved with our intervention, or sorry, without your intervention. But also, on the client side, if you’re a client of Anchorage, there’s no single individual that can actually withdraw assets out of your platform. And that means that your security and your operational security should still be extremely good, but it’s not critical that people can’t access you because if somebody is holding you with a $5 wrench, they still need quorum.
They still need multiple individuals to accept any transaction coming out of the platform for anything to be stolen, which by the way is absolutely critical if you’re an institution, and if you’re a large ultra-high net worth individual, there’ve been so many phishing phone SMS porting that have stolen tens of millions of dollars that I just don’t know why in 2023 people don’t just open an account at Anchorage and create this type of system where you can’t withdraw your own funds. It’s still extremely fast to get them out, but you need collaboration of multiple different individuals, and it becomes exponentially harder for an attacker to hack multiple people in different multiple systems simultaneously to really access these things things, and we don’t use usernames and passwords, so it’s kind of impossible to phish. We use hardware devices, which again, impossible to phish.
So, there’s all these things that we actually do from a security perspective in a security model perspective that just make these attacks extremely, extremely, extremely, extremely hard. Nothing like that has ever happened at Anchorage, and something like that happens every day at a traditional consumer exchange. Every single day there’s somebody being hacked and being phished, which is a really hard problem to solve on their side when they don’t have these types of institutions, and you can’t have these types of very sophisticated institutions participate, but Anchorage does have international exposure. We, as you correctly pointed out, not only have a regular good entity entity in the US, but we’re also getting regulated in Singapore under the MAS, the monetary Florida of Singapore, which have been candidly a pleasure to work with. It’s a single regulator for everything financial. In the US, we just have like…
One for everything, one for banking, one for…
I mean, even-
Then, you have the state ones, then you have the federal ones, and then there’s multiple of them and then they don’t agree with each other. If it was a cohesive voice, I think it would be one thing, but they don’t really agree with each other in many cases. And so it just becomes very hard to actually understand what’s happening. There’s a lot of reading between reading between the lines or reading the tea leaves or whatever expression you want to use, and in Singapore, there’s no such thing. And so, we do have exposure to Asia and our international business and think about Singapore as almost like an international level king entity.
If you are in the United States and you want a federal charter, then you should use the US bank. It is the highest level of regulatory clarity in the land, and many of our clients in Europe or other places really want to use that. They want to be regulated under the US, but many clients don’t. Many clients don’t have us jurisdiction. Many clients are offshore clients, and so they don’t want exposure to the US. And so, in that case, they actually use the Singaporean entity, and that’s effectively how the businesses is set up. We do have international clients, but I would say that 60 to 70% of our client base is US based and then 30% everything else. And so, it’s still dominant in the US, which makes sense.
Are you thinking about expansion into Europe, particularly with the Mecca regulation coming into place, which seems to create a more unified market for digital assets, across the EU landscape?
That’s right. Each regulator, each country still has to give clarity on their own individual interpretation of MiCA. So yes, there’s MiCA that is the unified, but then each country still has to do their own interpretation. But, you’re right that it’s so much better, and in fact, interesting piece of legislation that shows leadership in Europe, which has been lacking in so many other different types of things have happened, in the past. So, they are actually leading the charge there and the US is being left behind in terms of clarity to Europe, which nobody really was expecting, but I think it absolutely happened. So we are looking at it. It is not something that we’ve committed to in terms of specific path. We can still serve European clients. They come to us and they come use our bank the same way that in Portugal, if I’m a Portuguese person, I can go and sign up for JP Chase, I can sign up for an American bank. Our clients also find us.
And so, right now, we haven’t really seen the need, and right now, as you’re right, it’s been piecemeal, and so it’s been very hard. You need to be regulated in Germany and need to be regulated in Switzerland, need be regulated in all these places. Once that ameliorates, it’s definitely a thing that we’re looking at, and potentially going into it, but it’s also sad that the UK doesn’t really to count towards that, and it is yet another jurisdiction that you have to get. It seems like there’s some flip-flopping there, in terms of the reception to crypto assets, so it’s always an evolving landscape. But, right now, we have the American bank that nobody else has, and we have this regulatory licensure that is being approved by the MAS, which is really our international booking and the focus outside.
Exciting. I’m curious your perspective on DeFi, and specifically, in the context of what we touched on a minute ago, right? The seemingly every week, another large hack or compromise of a protocol or a bridge. What’s your position there? Do you think DeFi has a role in institutional finance to be played, and is there a path to solve some of these security issues? I realize that’s five questions in one, so take them as you like.
I think you’re absolutely right. As long as two things get solved, these two things get solved. I’ll talk about one and two institutions really won’t meaningfully participate in DeFi. Number one is, you’re absolutely correct, the hacks, it’s not okay. There’s been lots of structural issues with things like Ethereum that have used smart contract programming languages that are just not adequate to build the new financial industry that are just allow you to shoot yourself in a foot in a very easy way and are just terrible programming languages in general. There’s better programming languages and there’s other networks like Aptos, for example, that use move, which allows you to actually have these provable smart contracts, or you have Solana that allows you to programming rusts. And so you actually have these capabilities to really introspect to your smart contracts and have smart contract languages that help you be safe and be secure.
It still doesn’t eliminate vulnerabilities. Of course, you still need all these audits, but they help quite dramatically. There has been very few, if any, standards in DeFi on what security looks like, and candidly, a lot of these audits are done by auditors. They aren’t really competent enough to be doing these audits. And so a lot of these are just rubber stamps that don’t really mean anything that you do before your launch. There’s quite a few of them that are good. I would say there’s now five, six of these companies that are doing audits, that are actually legitimately really good, but it’s such an adversarial environment that just really good is not enough and you need multiple of them, and you need all these other security practices that should be 10 x better than traditional security and traditional cybersecurity, because traditional cybersecurity does not have the adversarial nature of having digital money on Chain with public smart contracts that you can actually use. And so, we actually…
The reward for a successful attack is so much greater in crypto than in any other context, and so much more liquid, right?
It is it. And, by the way, we have been part of some of these initiatives. We’ve been part of the REC test, which is a industry initiative to have standards around security and proven security architectures. So, quite a few people participated in this. We’ve been pushing also and participating in the industry with these things, but there’s still not sufficient and there’s still not enough, and there’s really no… The ideal would be obviously like a self-regulatory organization, an SRO, something like a BCIDSS style council that would really reel people in and bring people in and say, “Hey, no, no, no, you need to… If you don’t do this, the whole industry won’t be taken seriously and we will continue not having credibility,” which is the state that we’re at. We are at the state of DeFi has no credibility from a perspective of even the best protocols and the blue chip protocols all get hacked.
It’s very hard to point to a protocol that hasn’t gotten hacked at some point or another. And then the second component, which I think is related candidly, but it’s maybe a spicy take, is that I don’t think DeFi will be truly successful until the founders of DeFi protocols have liquidity that is equivalent to private market liquidity. And what I mean by that is until we have seven year vesting with four year cliffs for these protocol founders, and we really take this instant liquidity out of the table that protocol founders and DeFi founders have, then there won’t be this long-term commitment to really stay on these protocols, do the right thing, think long-term versus just thinking main net, just thinking launch, just thinking liquidity. And so I think that’s actually a very big difference that makes equity companies work way better than token companies. It is this misalignment of incentives of early employees and specifically of the founders that just once they have liquidity, it becomes a lot harder to focus on your work when you become extremely rich and extremely wealthy in many cases very suddenly.
And so, that should definitely be changed, and I think here, the venture capitalists and the people that capital allocators really have to take a leadership role because it does influence. I’ve seen it so many times and it’s gone better. I have to say it was a lot worse five years ago, and it’s gone progressively better. They’re investing schedules. They start at main net. There’s all of these… People claim four year vesting, but the reality is that they’re very different from having four year vesting in a private company with zero liquidity, than having four year vesting with instant liquidity. So, those two things are not the same. So, seven year vesting with four year cliff I think should be the industry standard, and until we really solve the hack problem, and we really solve them as alignment of incentives and liquidity, then we won’t have serious protocols.
That’s a really interesting proposal. I think this is the first time I’ve heard that suggestion that we extend out effectively the duration that you have to continue building before you have the opportunity to participate in financial success. I think there’s something to that we might have.
It’s a spicy take here.
That will be a lot of Twitter hate.
Well, it can’t be all Twitter hate. I think there’s some merit in the idea. But, last topic, you’ve had some announcements recently. Eaglebrook Advisors, which I think is really interesting given the role that they play in the financial landscape, here in the US. Talk about the partnership with them and what you’re hoping to have come out of that.
So Eaglebrook, as you know, has likely the largest crypto RAA. So, they have lots of clients doing crypto and RASS are very special in nature because it’s something that we’ve actually talked on the podcast. RAs have to use third party qualified custodians for their business, and it makes sense. RIAs are effectively aggregating investments of other people, and in particular, these RAs are working on something that is called SMA separately managed account where you effectively have the ability of doing self-directed investment. You go into these platforms, you get to choose what you buy, you buy Ethereum, you buy Bitcoin, you buy securities, you buy bonds, you buy whatever. And so, there have been this push for SMAs across the industry that have been extremely, extremely popular. SMAs as a structure are very flexible and enable these multi-strategy portfolios and allow you to have other advantages like you can efficiently rebalance.
There’s lock trading, there’s all of this ability of just doing allocations can even sort of index the market and try to follow the index, the market in a way easier fashion. So, there’s all the advantages that SMAs have. So it’s natural that as SMAs become more popular and that platforms like Eaglebrook, that RAs that offer them become more popular, which then means that they have to find a provider that actually does this, that is an ambiguous qualified custodian. And then, this go back to all of the things that we’ve been talking about, which is if you are an RA, if you are audited and are regulated by the SEC and the SEC is looking at you and saying, are you using an actual qualified custodian, then it makes sense that you’d use the unambiguous qualified custodian, which is a federal charter. That’s what the rule says.
If you go read the rule book, it actually says that a federal charter is the example of a qualified custodian. So, that tied to the security, tied to the fact that we support hundreds of assets in this particular partnership. We also help people solve tax problems, allowing investors to just file these taxes compliantly, which is tax for crypto, is complicated. It also allows clients to have efficient tax strategies, loss, harvesting, hedging, et cetera. So that’s the bucket of advantages that are actually happening there that are being collapsed into these RAs.
And then, Anchorage is, of course, the provider that is allowing them to trade, allowing them to custody. And so that’s what the partnership is. There’s more RASS that are coming and as they become more popular, and they definitely become more popular during the bull markets, in the bear markets. And so we’re here to serve them. And it’s one of the big buckets of clients that we do have is these RAs aggregating, aggregating funds, and specifically in this case, separately managed accounts. The interesting thing here is that right now it’s focused on crypto RASS, the ones that need the solution right now. But, the reality is that traditional RASS are looking at this. And so-
That was what I was interested to hear, is where’s the traditional RIA, in your opinion? Are they seeing this as an asset class that they want to be able to add to their platform?
There’s two big buckets. One of them is of the traditional RAs are two big buckets. Some of them are already in process of adding crypto, and some of them launched it before FTX and some of them were unlucky to not launch before FTX, until everything gets delayed, but they’re still deploying it and they’re still going and dotting their I’S and crossing their T’s, because the bar for compliance now, is a lot higher than what it was, and the risk is a lot lower than what it was, in terms of spectrum. And so, you just need to spend more time, make sure your partners are the right partners, and everything is just perfect before you launch. So, there’s the bucket of traditional RAs that were doing it, wanted to do it and continue doing it, just at a derated pace.
Then, there’s the other bucket that are not necessarily crypto skeptics, and I’m sure there’s a bucket of just crypto skeptics, that as long as the current managing team is there will never do crypto, I’m assuming that they exist. They probably don’t talk to me much, and so I don’t see them as much. But, the other bucket of people that I talk to all the time are crypto curious that believe that this is an asset class. So, everybody really believes that few people are in this mindset of this is going to disappear. This is all bad and this is going to go away. I don’t think anybody really that I talked to is in their mindset, at least for these very large institutions, they’re a lot more practical than that, but they are, I want to see more interest for my clients, or I want to see the volumes be higher. I want to see A, B and C before really committing to this strategy or to this path.
So, I would say the two biggest buckets here are those, and the reality here is that they’ll be forced to this clients doing it, they’ll be forced to because clients, when they’re bull markets, they become very interested in doing this. And now, if you don’t serve, and if you don’t have this competitive edge of you really allow for all asset classes, it’s a separately managed account. You’re doing your own investment. And so, I want to allocate to real estate and I want to allocate to equities and bonds, and I want to do 5% of crypto portfolio. If you don’t allow me to do that, I will sign up to somebody else. And so it’s always this tension between they don’t want that to happen, but they don’t see enough of it happening yet. During the bull markets, they obviously have a lot more pressure. And so, I do think that during bull markets is really when people start these projects, but then it’s during bear markets when they build them.
It seems like your business is incredibly well positioned on a number of fronts. My traditional closing question, what keeps you, or what gets you excited as you look out to the next 12 months, either from a business or a broader market context?
I can’t say regulation or regulatory clarity being one of the… I’m excited for that. I’ve been excited for that for a long time. So, it hasn’t quite happened yet in the US, but I’m still excited for that. The things that I’m most excited about are these kinds of use cases that keep showing up with crypto that are… Well, recently, a lot of stablecoin based use cases that are really amazing. I think it’s likely true that this criticism that primarily happens in the US with people that really have access to a solid financial system and access to a solid reserve, the world’s reserve currency, and they’re not in some country in Africa and South America, no, those have different problems and they see the value of these crypto assets immediately they see an American, a traditional American does really see them. And so this criticism of like, Hey, I’m not using crypto on my day-to-day, what is this is for?
I think it’s actually kind of cool, because what’s happening is, that stablecoins have operating such that it’s likely that these traditional consumers will start using crypto without realizing it. And so, it’s actually a really interesting view of, we thought crypto’s first foray, outside of obviously NFTs, that we can assign a bit of product market fit too. They definitely boom and bust cycle like everything else in crypto. The excitement dies down, but they had product market fit. There’s demand there. There’s a lot of stuff that is happening, and you also have some other use cases here, but this one is stable coins being used for backend financial infrastructure in a way that is transparent for the actual traditional American that’s happening. It’s backing lots of transactions and it’s becoming part of lots of people’s infrastructure like Visa, and some of these remittance providers, and some of these really cool applications that just allow you to build products, money, wallets, on top of them and have bank accounts.
So, that’s really cool, is the fact that at some point, you’re swiping a Visa credential, you’re swiping a card on a merchant to pay for a coffee, and you don’t know that crypto is being used to settle on the background. So, I think that’s one of the things that I’m excited about is really seeing those real use cases, use cases happening right now in real time. Even though, obviously, when you talk to somebody on the street, it’s a little bit like talking about Docker to the general American. Nobody gets it. Or we’re talking about Square to a European, which is like, I don’t get it.
You’ve personally touched the world in these massively scaled ways, and yet so many people probably have no idea. That may be your fortune and your curse.
Oh, a hundred percent. By the way, as a secured engineer, you’re just used to that. That’s what you sign up. That’s what you sign up for. You’re always on the background, hopefully making things better, but not really exposed to it, which is just who Nathan and I really are. And so, that doesn’t bother us at all, that we’re kind of like this quiet federal bank offering these services. So, it’s who we are.
Wow. Congratulations. This was a fantastic conversation. I really enjoyed the opportunity to get to know you a little better.
Likewise. Thank you, Ian.