Ep 169: MALWARE, serious tech news from unserious people. 1) Port Strike 2) OpenAI's Historic Fundraise 3) Crypto Hacks and Security 101 with Brittany Mier y Terán from Harpie.io

[00:00] My Pilates class? [00:02] was so hard today that like [00:04] I have to support my arm to hold the mic up. Like I can't have my, I was typing today and I was like, I need to take a break because my arms are so wrong. Oh no, oh man, that's when you know. Malware is a non-technical look at the tech news of the week. This is a podcast where we learn together about everything from crypto to AI to whatever comes next in tech. I'm Natasha Hoskins. I'm Dina Burke. And this is Boys Club. Wait, is it just Boys Club? [00:34] club. [00:34] The boys club podcast. No, no. [00:37] Just boys club. [00:38] Hi. Hey. [00:39] How's it going? Good. We're here. Malware episode. Malware is a podcast where Dina and I yap about the tech news from the week and sometimes have on guests to talk about specific topics. So we have a real treat. [00:56] of an episode today. [00:57] So you said tech news. The first story that we covered is the port strike. So that's not tech news, but that's sort of just wider. It is a tech story. [01:04] To me, it's a tech story. Yeah. Oh. [01:07] Because one of the reasons that they're striking... [01:09] spoiler alert, is because of technical innovation that's going to take them out of a job. Totally a tech story. Great. [01:16] tech news, hard tech news this week. We have the port strike. [01:21] We're going to talk about the opening IRAs and sort of just the venture industry more generally. And then we're going to be talking about crypto... [01:28] Hacks. [01:29] personal and enterprise. And we have on a very special guest, Brit Mier-Eteran, talking about that security world. Brits from Harpy, they're the most advanced on-chain security solution for monitoring and protecting your crypto wallet from theft in real time. They have always-on monitoring that detects, blocks, and recovers stolen assets from risky transactions. So they're

[01:59] And it's free. Harpy's free. So there's actually like literally no reason why you shouldn't be using it. It's compatible with all of these different chains that we know and love. Ethereum, Base, Polygon, Arbitron, Wallets... [02:11] Just... [02:12] protect yourself. Harpy.io. Nice. We had a really great chat with her. It was fun. We had a really good time talking about a really unfun topic of hacks. I agree. I agree. So that's the episode today. Give it a listen. We have some fun stuff coming up. We are doing a fun event. [02:32] at a fun space. So if anybody in New York knows, [02:37] a place called Happier Grocery. [02:39] it's my happy place. You can't get out of there without spending... [02:43] $27. [02:44] It's an incredible grocery store. It's the Air One of New York. An incredible space. They are a very cool team that runs that space. They have an event space opening up. It's on Canal Street. And we're going to do an event there. [02:57] where we're going to talk about reproductive health, [03:00] decentralized science, and we're going to do a live feelings check-in. Live pod. [03:04] Live pod. I'm... [03:07] excited. I'm excited too. Yeah, we've graduated to live pod. We're not quite at acquired 6,000 people in the Chase Center yet, but a bunch of us hanging out in Happier Grocer sounds like perfect to me, honestly. It sounds so fun. So October 17th, RSVP link is in the show notes, and I hope you like the episode. [03:27] Thank you. [03:28] Hey, Natasha. So a question we get asked a lot is, what do you look for in a crypto platform? So let's talk about it. Well, Dina, I look for a secure, no fuss platform that I can dive into right away. That's why I love today's sponsor, Kraken. If you're waiting for the right time to get into crypto, Kraken makes it super easy and intuitive to get started. Plus, if you get stuck, they have an award-winning client support team that's available 24-7, along with a bunch of educational guides, articles, and videos to help you along the way.

[03:58] go to kraken.com backslash boys club not investment advice crypto trading involves risk of loss and is offered to us customers through payward interactive inc [04:10] Have you ordered anything from Shein lately? Oh my gosh, I... [04:15] Oh, I have not. But I almost did. I was on the train and they have like the video ads and it was a Shien video ad and it was so chic. And I was like, wait, should I? [04:27] ordered something from Jan. It was really chic. That's so funny you say that because I got an ad, a Teamio ad, and it was an ad for a... [04:37] a silicon man's chest. [04:39] like okay what like i know i don't understand what the use case would be for it but it was literally like by this silicon man's chest oh like oh like a halloween thing maybe oh maybe it was a homey thing like a muscular fake muscular man yeah okay but it wasn't it was it was lifelike it was realistic anyway it's a sex it's a sex doll it's a kink if you don't know it's a kink what was the shien thing was it it was just like an ad like it looked like a honestly kind of like [05:09] for a long time. There is a major port strike that is happening across the country. We're on day three of a port strike. 50,000 U.S. port workers from Maine to Texas are on strike. [05:24] They're also called longshoremen. So that's another word you'll hear talked about with this story. Longshoremen are basically the people who...

[05:31] who load and unload [05:33] cargo ships so like something comes in from china they're the ones that are managing it coming on the boat physical stuff [05:40] physical work. [05:41] Also, like... [05:43] there are items [05:45] We're on the internet and people are working in the real world. Indeed. [05:51] Whenever I see a cargo ship, I'm like, [05:54] What? How? [05:56] I know, you know, that's kind of my dream job, though. [05:58] I know you've talked about this, like a logistical coordinator for a shipping company is the weirdest situation that you want to do. So when I see a cargo ship, I have like a sense of romance around it. [06:09] But yes, it's physical items on and off that. [06:13] thing that are [06:15] You have a little bit of learning to do before you get this dream job of yours. [06:20] Okay, so these folks who are doing this work have walked out striking due to a contract disagreement. It's their first strike since 1997. The reason it's such a big deal is that it is a major problem. [06:35] point in the supply chain for delivering goods [06:40] all across the United States. 60% of all U.S. imports come through these 14 affected ports, according to New York Times report. So a lot of goods. It's reportedly going to cost the U.S. economy $5 billion per day. What? Yeah. Oh, my God. Yeah. It's a really big economic impact, and that's a big part of the story. So I want to give the facts and then want to give some

[07:10] Is it a specific port or all ports? So the New York ports, Texas ports, it's happening across... [07:16] Across. Okay. And then what are their requests? What do they want? The port workers have been frustrated at their wages. So just for context, they are... Same. You and me both, babe. You're like, I'm going on strike. And I'm like, okay, great. There's a lot of different numbers out here floating around, but what I've seen is between $20 and $44 per hour. It is a six-figure [07:46] outpaced what they have been earning. They're looking for two things. [07:50] They're looking for a 77% increase. [07:53] in their wages over the next six years. Wow. Wow. Okay. That's a, that's a big ask. [07:58] That's a big ask. Because I was thinking $5 billion a day, give them whatever they want. Totally. But that... [08:04] Ask and you shall receive. Totally. But yeah, 77% increase. That's the first thing. So wage increase. And then the second thing, which is [08:12] probably honestly a [08:14] bigger part of the story is they're looking for protections from the use of automated technology. So as you can imagine, software is eating the world. [08:23] And it's coming for the ports and the tech is... [08:27] freaking them out which yeah totally so again that's same same baby totally so that's what they're asking for there is as you can imagine a ton of stuff that's being held up at the ports including hurricane helene reliefs like just a lot of stuff that's being held up there's now a lot of fear-mongering so there's been runs on costcos there's like videos that you'll see in new york post or whatever that's like a costco shelves that are empty because people are going in and just buying everything even stuff that isn't imported like paper towels and toilet paper and

[08:57] not important. If you're like, I just got to buy that too. And then of course the holiday season coming up. [09:01] The stuff not coming in now will have a big knock on effect for... Totally. People aren't going to get their silicone man chest for Halloween. Yeah. It's not going to happen. Or your toys for... [09:12] Christmas stuff like that's like the part of the narrative. That's our fear. [09:18] Wow. Okay. And there's like a union that's making, that's in negotiations with who? The port? Yes. [09:24] Perfect segue. So there's the story and then there's the atmosphere around the story. [09:29] as ever. [09:30] And I'd say that the atmosphere around this story is, I don't know if this qualifies as a conspiracy theory or paranoia or I don't know, whatever, someone might have an agenda somewhere within this, but just saying what I'm seeing is that people are saying that this is a conspiracy. [09:47] a Republican inside job, hit job to... [09:52] cripple the economy before the election because with the interest rate cuts [09:57] That's positive, hopefully, for the economy. And that's a boon to Kamala Harris going in with a sitting Democratic president. [10:06] it's helpful for her to have a strong economy going into the election. Okay. And also because kind of the narrative around Donald Trump is like, he's going to turn the economy around. So if the economy is really strong going into the election, [10:16] They're saying that that's going to be positive for Kamala Harris. And so, of course, there was some rhetoric around the interest rate cuts being a Democrat maneuvering to strengthen the economy going into it. And they're saying that this is the Republicans kind of clapping back and doing some work.

[10:31] work to try and bring things down. Now you asked about who's doing the negotiating. Another big part of the story is there's a union boss. [10:40] a longshoreman union boss and, you know, [10:42] he is not a [10:45] he it's it's not a flattering view that they're giving of him okay he's very much in cahoots with donald trump there's this expose story about [10:54] his New Jersey mansion, sprawling mansion, Bentley, five-car garage, $700,000. [11:02] dollars a year in salary and so he is the figurehead and that's unfortunate because he is not reflective of the actual i don't think it's reflective of of the workers and his connection to donald trump is fueling this speculation around it being kind of a i see inside job so interesting wow crazy i feel for all the shien order earths who are just waiting for [11:32] for the fall, what will they do? What will they do? [11:36] Wow, really crazy. Very interesting. There it is. [11:39] Just a quick update on this story here. We filmed this podcast on Thursday morning. As of Friday morning, there is new news in this story. The strike has been postponed. The longshoremen are back at work as of Friday morning with a tentative agreement to raise wages by 62%. It is kind of a

[12:09] terms in January. So major update on the story here. [12:15] but always like to keep you well informed. [12:19] you [12:20] It's time for a more open, inclusive, and transparent financial system. A system that serves nearly everyone, everywhere, all the time. That's why we love today's sponsor, Kraken. Kraken is a crypto platform that provides a super simple on-ramp to the world of crypto with a 24-7 support team. Crypto transcends physical and imaginary borders. No matter where you are, you can send funds easily and quickly to almost any part of the world. Plus, forget about waiting times and waiting lines. You can send, receive, and trade crypto anywhere near instantly. [12:50] kraken.com backslash boys club not investment advice crypto trading involves risk of loss and is offered to us customers through payward interactive inc no third-party transfers available [13:03] Next up here, OpenAI raise. Sama. We're back. We're back. Why can't we stop talking about OpenAI? [13:12] It's because they're our leader now. Mm hmm. So the biggest. Oh, I have to tell you, I've been having a hard time writing the newsletter. [13:19] a lot of writer's block. [13:21] Just not feeling funny. And so much of writing the two online newsletter is sit down and be funny is what it is. And sometimes that's just... [13:30] just doesn't happen. [13:32] And [13:33] I had like a point I was trying to make last week and I was like, okay, I have this, [13:37] this point, but I want this point to be funny.

[13:40] And so I went to ChatGPT. I never prompt it for this kind of stuff. I always just prompt it for like grammar check. [13:47] And I was like... [13:48] make this [13:50] sentence. [13:52] Funny. [13:53] wow it's not a strong suit it can't not it's not a strong suit [13:59] really bad. Like this, like I saw it and I was like, it was so bad that my feeling was I... [14:06] I don't know if I'm optimistic about technology anymore. [14:09] Like it shook me to my core how unfunny it was. And humor is... [14:14] such a high... [14:16] value to me that I'm like, if this tech can't be funny, [14:19] What can it do? Well, comedians are the only ones that have job security. [14:25] I get it. Yeah. A lot of when I, whenever I try for that, it's like a lot of puns. [14:29] It's... [14:30] Awful. And just, yeah. [14:33] Anyway, so Sam has some work to do on that front. He doesn't seem like he's a humorous guy, so... [14:38] I don't know. You see some tweets where you're like, okay, he kind of gets it. [14:43] Okay. Yeah. Anyway, they have just done the largest venture capital round ever in the history of money. [14:52] 6.6. Yes. Congrats to Sam Altman. $6.6 billion in new funding at $157 billion post money valuation. That is double. [15:02] the valuation of their previous round. Unfathomable amount of money. [15:07] So much money. The largest venture capital round, I was like, oh, that's interesting. What was the one that held the title? And it was basically a couple months ago, Elon Musk raised six billion for X AI, his AI thing. But yeah, it's a lot of money. Thrive Capital led the round. So Joshua Kushner of Gaylor Infamy, who is, of course, Karlie Kloss's husband.

[15:37] Apple didn't. There was kind of some noise about how they didn't invest. They were in talks about that they didn't. OpenAI, just for context, has 250 million weekly users. I was really struck in my conversation with Jared. [15:50] a couple weeks ago. Jared Kushner. Jared Barnes from Near, who is thinking and working a lot around decentralized AI. He had in the conversation, he made like a small point that was about and made the distinction about human in the loop AI. He used that term where he was like, right now the products that you're using, the chatbots and everything, those are human in the loop. You're there, you're giving it a prompt and it's giving you back whatever that prompt response [16:20] interesting is when it's more invisible and it's just like built into the stack of all these different things. And that's when it will have crazy growth. And just thinking about how right now the experience of using chat chat is still so manual. Like I got to go there. Yeah. Yeah. [16:35] I got to put in my stuff and I got to do whatever it is. And you can extrapolate out. That process will become a lot more seamless. [16:43] Even with voice, it already is. So interesting stuff there. I do want to say I have been listening to Bill Gurley as a podcaster. [16:51] Okay. [16:52] Bill Gurley is... You love Bill Gurley. I do love Bill Gurley. I do love Bill Gurley. In my head, Bill Gurley is Coach Taylor. Texas Forever. [17:00] What's the Friday Night Lights saying? Clear eyes, full heart. Hearts can't lose. My thought of Bill Gurley's office is that he has that.

[17:09] In like Live Left Love writing behind him. [17:13] So the reason you think that is because that's the actor who played him in the Uber show miniseries. Yeah. Super pumped. [17:20] Mm-hmm. [17:21] So yeah, Bill Gurley is a famous venture investor and he had a huge hand in the Uber story and it's immortalized in the show Super Pumped. That is pretty good. I enjoyed it. And anyway, so that's why he's coach Taylor. Soft endorsement for Super Pumped. Yeah, mild endorsement. So I have been listening to the Bill Gurley podcast mostly because I can't listen to – who are the other guys? [17:43] Hard work guys. I can't listen to the hard work guys anymore, but I also can't listen to the other venture capital guys. Who are they? I know we have people who listen probably really like them, but all in. [17:53] All in. [17:54] I personally can't. Me neither. But I'm interested in like venture news and whatever. So Bill Gurley is, and he's so smart. He's so experienced and so smart. He's a warmth. He does have a warmth. I find a lot of venture capitalists at his level seem robotic. And he has a humanity to him. He sure does. That is really... [18:14] enjoyable to listen to. Yeah, he's very listenable. Even if I'm listening to his podcast and I understand 50% of what they're talking about, I enjoy hearing him kind of explain it because I feel like I'm learning. Anyway, so I've been listening to his podcast and he, in his latest episode, [18:31] was talking about how [18:33] There's this trend that's happening now where private companies going public [18:38] the IPO market is down bad tremendously.

[18:42] tremendously. [18:44] companies aren't going public at the same rate as they have in the past to a market degree. And they were talking about why that's happening and the, [18:54] It has all of these weird knock-on effects to the venture capital market when the companies don't go public because then it like changes. It's actually similar to what Maya was talking about. [19:04] where it changes all the valuations and it changes how and when people invest. And it just like changes sort of the dynamic of the money because that expected outcome of an IPO or that hope for outcome of an IPO [19:16] the chances of that happening are now way reduced. And from what I understand, the timing of it, the investments that these venture capitalists were making on valuations that are now needing to come into maturity, [19:30] an IPO. [19:31] are not happening. So you're seeing the effects of those decisions that happen and the expectation of what the market would be, whatever it was five years ago, is now what we're seeing today with these IPOs drastically slowing down. Totally. So the reason that I bring it up in this conversation is because they were talking about how in the past, a company with the amount of revenue that OpenAI would have, would have gone public. An example of that is Google. They went public at $2 billion in revenue. OpenAI has $3.7 billion in revenue. OpenAI maybe is an [20:01] very capital intensive business and it's probably too premature, but even things like stripe, plaid, there's other big unicorns that aren't going public, even though they have multiples of the amount of revenue that Google had, for example, when it went public. And

[20:15] There's a lot of reasons why this is happening. Some of it is like the regulatory scrutiny where you're like, well, I don't want to go public because then I got to deal with it. The first thing that came to mind for me. Totally. Also, there's enough money in the private capital markets that they don't have to. So like OpenAI being able to raise this crazy amount, billions of dollars in the private markets. And then the third thing, which is really interesting, is that there's now these really liquid secondary markets for employees to be able to cash out their stock before something goes public. [20:45] you [20:45] In the past, there used to be this pressure that employees would have where we're like, we really want to go public because it's like our exit to be able to sell our stock. And now they're able to sell it on secondaries before something goes public. So now the employees are kind of like, what? [20:59] Whatever. It doesn't matter as much to them. Yeah. Yeah, totally. It's not like going to have a talent drain if they don't go public. Totally. So anyway, just kind of interesting relation to the open AI story. I mean, there's you should go listen to the Bill Gurley podcast. I'll link in the show notes. They're saying that there could be these downstream effects on innovation where there's too much money being fed into these companies and there's not enough pressure from the public markets would expect for companies to be able to innovate and evolve. So kind of interesting, but super interesting. There it is. [21:29] already seen the effects of this, but all of those employees, as soon as they start selling their secondaries, how that's going to affect the real estate market. I'm just like, how do I make the open AI race about me? [21:41] - Yeah.

[21:46] We have with us Brit Mieri-Taran. We're going to be talking about hacks. [21:51] And we needed a hack expert to come on and talk to us about it. So Britt is the head of business development for Harpy, the most advanced wallet security tool protecting users from hacks, scams and theft. Britt specializes in enterprise grade blockchain security solutions and is passionate about public goods projects that focus on onboarding the next generation to Web3. So are we. [22:13] Welcome to the show, Britt. It's a long bio. Thanks for having me. Excited to be here. Always been a Boys Club fan. [22:21] Oh, thank you. That's so nice to hear. Excited to chat with you as well. We have lots of questions around hacks and security. We, to be honest, are a low security organization. We're getting better every day. We're getting better every day. But yeah, we always look to experts on this one and are excited to talk with you about it. [22:51] last month, $120 million in September alone. What's your POV when you read a headline that says $120 million in September was hacked in crypto projects? [23:01] I mean, it's a huge number, of course. I think none of us can possibly be surprised about that. Like we hear these huge loss stories all the time. And while incredibly sad, they're so common. Honestly, like the figure, I think in the article it references, it's actually one of the lower fingers we've seen in 2024. So like a little win for the security of crypto holders getting a little bit better. But it's actually interesting because, you know, overall volume is still going up. So if that number is going down, I think it's a little bit better of a win than it would formally be.

[23:31] That's way too much money for people to be losing in crypto. We're never going to get to mainstream adoption or just general trust and lose that skepticism that kind of just clings to us wherever we go. So not surprised. Sad to see that we're still there. I'd say everybody's way lower security than they should be. That's just something to be expected because unless you're on top of it every hour of every day, you've got some vulnerability. So it's more of just about level setting and slowly adding to your security stack. [24:01] adding like a single thing in a week, you are doing so much better than the majority of people that are responsible for their own assets. So not surprised, but disappointed. [24:13] This article in particular, I mean, the reason that we're talking about it today is this news around this 120 million figure that was in September. We'll link it in the show notes. It's talking about exchanges and how this number 120 million is derived from enterprises getting [24:31] a normal everyday crypto user. There's my individual security hygiene and protocol that I can do to protect my own assets. And then there's like, well, if my exchange gets hacked, I have no control over that. So what would you say to that difference and the hacking that's happening at an enterprise level, how that could affect individual consumers? [24:50] Well, like with all consumer things, it's pretty important to be aware as a consumer of the platforms you're using. And there really is no perfect thing, right? Because we've seen some huge, profound, you know, FTX, right? You know, you could literally see that brand name on a stadium. It creates that innate trust. And nobody really had any way of knowing like that was going to fall through. So as long as you're not custodying your own assets, you are going to be somewhat vulnerable to anything.

[25:20] you know, two months ago. And like, you get these all the time now, like you're almost like completely numb to being compromised and vulnerable. So there's like the balance you got to take, right? Am I? [25:31] So skeptical of centralized exchanges that I don't want to put my trust into them, that I want to custody my own assets. And that's taking on a whole new level of responsibility because there's all the like traditional vectors we talk about. Everyone, you know, hot wallets and cold wallets and, you know, hardware wallets and all these things. But you have to think four or five steps back. Your own Wi-Fi network in your home is a vector. And I came from like the consumer electronics smart home space. [25:57] I'll tell you, your dryer is also a vector, like your Wi-Fi connected refrigerator. So [26:03] For me, I think everything is like, you know, balance, right? It's kind of like the same way I take life, you know, like diet, all those things. Like you got to find balance, like probably keep some of your assets in a centralized exchange, like maybe choose to like understand that there is vulnerability. We're not dealing with FDIC insurance today. You can custody your own assets and get some of those protections that we're starting to be used to, like from our credit cards. And that's really important, too. [26:28] But I think that might have been like a little long winded way of saying that you really can't fully protect yourself. The only thing you can possibly do is just be aware of where you are vulnerable and do what you can to improve that as often as you can. One of the incredible things about crypto is it is money that moves so fast. It can move so fast around the world instantly. And that's the other side of the coin of that is that it's money that moves so fast instantly and it can be gone in a second.

[26:58] when you're self-custaining, especially where some vulnerability can come in. But I'm curious, Coindesk broke a story today. It was revealed, scooped, that IT workers who had fake IDs, who were living in North Korea, and their fake IDs said that they were living elsewhere, had been hired across a number of different very high-profile communities. [27:18] crypto organizations, Phantom, Sushi, a bunch of names that we would all recognize. And they were hired inadvertently. The hiring person didn't know that they were hiring someone from North Korea. Of course, North Korea is a sanctioned country. We can't hire people from there. But that to me was really shocking because I was like, okay, [27:39] *sniff* [27:40] There's a level of sophistication in how some of these exploits or hacks are starting to happen that is at the level of an employee at an organization that's... [27:53] And I don't really know what to do with that information except for, I don't know, disconnect my wallet when I leave in a decentralized exchange. I'm not like sure what to do, but the level of sophistication feels like it's rising. And I'm curious if you see that too. [28:08] This is kind of an interesting story. When I first got into crypto, I sort of like poked around my LinkedIn and found who I knew from like, you know, random school days and whatever that had ended up in this space. And it turns out one of my high school friends had ended up in like recruiting for like one of the bigger Web3 recruiting firms. And after my first ETH Global Hackathon, I was like kind of totally hooked on the industry and I was like, I'm going to call my friends and see what's up. And he was one of the people I called. And this is actually a story he told me. And this

[28:38] that this was commonplace. So this like, yeah, this is not a new issue in any way. I'm more surprised actually to hear [28:47] that it's still such an issue. Like that is – [28:50] pretty concerning to me because the biggest firms are like aware of this. So the level of identity fraud that these people must be committing to be able to acquire these jobs is [29:02] pretty insane even when you're thinking about whether you want to go for self-custody or centralized exchange like [29:09] There's a lot of ways these breaches happen. Like, you know, you can have your good old rug pull like FTX, but a lot of times it's actually internal breaches. And it may be a long time if ever that they actually figure that out because somebody gets hired, they pass it off to another person like this isn't a one one person operation. [29:26] I saw a hack that happened in July that was a fairly large hack of WizzRx, an exchange based in India, $235 million in digital assets stolen. This was tied to the Lazarus Group, which is a very infamous North Korean criminal organization. [29:56] off pirates or if what you're seeing is these groups that are really organized, very sophisticated, going after very specific exchanges or protocols with this type of intention. What's most typical? Like what are you seeing in the security landscape?

[30:10] It's easier for us to think about like a hacker as an individual human, you know, usually in a basement with a dark hoodie on. And that it's not the reality. Like these are actual like. [30:20] enterprise organizations with HR and payroll and handoffs. There are certain teams that service parts of the different of attacks. [30:28] And more often than not, it's not somebody that found you specifically and said, hey, they have a lot of assets and we're going to attack them. And don't get me wrong. Like that is a very real thing. Another time we could talk about like that does happen where people are vulnerable in their own space. But more often they're not. It's large scale fishing. It is a. [30:50] organization that has a project and that project has a timeline, it has product design, it has integration, it has handoff, like, [30:59] This is at best like three to five people, but really like it can be a lot, especially when you consider the different teams that are like, you know, this is the team that is just breaching. They're getting the login credentials and they're handing off to a whole nother team that might be in the same organization, but it may actually be somewhat standalone. They're paid at that point for those that data. [31:29] there's a lot of handoff and there's a lot of themes and it it's not just that one person in the basement gosh it's wow i'm so stressed out it's the sopranos we're we're at bottoming oh man i just said like just i'm getting stressed out thinking about the people who

[31:45] work at these centralized or decentralized exchanges or anyone that is has a large treasury is sitting on some sort of honeypot that is big enough to be attractive to some of these people who have been hacking organizations who have incredible infrastructure that they can put to work to try and. [32:03] tap into your honeypot. And I'm so glad I don't have a huge pot of money. [32:10] First time I've ever felt that. Because I would be, it would keep me up at night thinking about it. Okay. So I want to end here with some basics that listeners think. [32:21] can do obviously there's nothing that we can do for the larger enterprise level hacks but on an individual level what would be some recommendations for like hygiene security 101 type stuff [32:34] There's like a lot of hardware and technical and software recommendations, which I can kind of touch on a second here. But like the first thing and like I thought about it when you said I was stressing you out with all this, which is, you know, kind of important, like it's good to be on our toes. But also the best thing that any of that like even subtle stress could bring is just like awareness, because that's the first thing. I mean, most of these attacks, the vast majority of attacks really rely on us acting without properly thinking things through. [33:04] in our industry especially with like meme coins even doing its thing but also just like [33:09] anything where if it sounds too good to be true, it probably is. You know, a lot of times when I'm working on like education and things like that, like I use like triangulate information, right? And I will

[33:20] preface that with it is by no means perfect in our space because a lot of these enterprises will put up a telegram and a Twitter and sometimes even an Instagram and have a fake person out there talking on spaces. So three points is a good spot to start, like to make something aware, like, OK, cool. It sounds like an interesting opportunity. Let me ask, you know, this friend that has, you know, their finger in that like sort of pool. [33:45] That's the first thing is just sort of being hyper aware, staying on your toes, you know, second guessing everything for a second. Like, I'm born and raised New Yorker. So I have some inherent skepticism. Like, I wish I could gift that to people because it's really the thing that's going to keep you safe first. Everything you're doing after that, you want to be the like, [34:03] oh shoot button if it gets through your defense which really is kind of like the biggest first defense like what have you done to protect your assets like when somebody has access to them you know so [34:15] There's things like making sure you have protection set up, like you have two-factor authorization so that if you're accidentally sending assets out, that you can get that sort of second layer of security you're used to from your bank or your credit card. [34:27] Now we see a transaction for X, it's going to go to this place. [34:32] Does that look right? You have to click yes to let your transaction go through. Those are protections that are really helpful to layer on. [34:39] anything that helps you read your transactions, because even the more plain language they start to be in our wallets, [34:47] even then we're not really reading them a lot or you see like a word or two. And ultimately, like really, this shouldn't be on the consumer level. You know, when we get to like a really good place in crypto, I think we're all pretty aware of that. Like this should be baked into blockchain and not something we're stacking. But the best thing you can do is just

[35:04] Be aware of the vulnerabilities. Don't think that just because you don't have big bags, you're not vulnerable. Like that's a very easy one. But the reality is, you know, 100 bucks from 10,000 people is still money. You know, it's worth going after. [35:18] So it's just about, you know, [35:20] being aware that it can happen and adding those little layers, adding the extensions that you need, adding the 2FA, making sure you're covered with transaction recovery and things like that. [35:30] Okay, quick question. [35:33] Why can't I... [35:35] Use plain Wi-Fi for... [35:37] I don't know, doing stuff on chain. [35:40] I mean, well, you can. I mean, I have, but why shouldn't I, I guess? In any public Wi-Fi setting, you are vulnerable, especially if you're not acutely aware of those vulnerabilities. You probably don't have a security stack on your computer that is keeping you protected. A little bit of alpha. You can actually use a VPN and video conference from a plane. So if you ever have a Zoom meeting, you're secure. Oh, whoa, whoa, whoa. That's huge. [36:10] The airlines are probably going to come find me after this one. But yeah, if you have your [36:15] yourself a little bit secured on your computer, you can actually sort of skirt some of the rules on the airplane Wi-Fi. But generally, like you're you're open, you know, anybody with some intent and some skill can probably get to you and therefore your data on a plane. And most of us have way too much there. Are they on the plane with me? [36:33] Like where, where are they? That's my question too. Cause I'm like, is that a hack where someone is,

[36:38] being opportunistic, [36:40] They have some access to some Wi-Fi. [36:44] database that they're able to see who's accessing it and they're there and they're like, Oh, this [36:48] Or is it more programmatic where they've set something into the Wi-Fi that is pulling information from all the people who are accessing it? Like, is it pointed and opportunistic or is it more is it broader and more systematic? [37:02] I mean, if you've got some insane bags, you know, someone might follow Vitalik on a plane and try and hope he connects, specifically getting him. But mostly they're going to be attacking the network that you're on. And I have to know a little bit more about how satellite Wi-Fi works versus like a standard enterprise or residential system. But they could be outside of your network pointing in. They could also be in there. If it was a more protected network, they could be on the same network trying to access you. [37:27] A lot of that's going to depend on your airline and their router provider and all the protections they may or honestly may not have set up. I think because that's the thing for me always when I'm to Natasha's point on like I have done transactions on plane Wi-Fi, airport Wi-Fi, been in the Delta lounge doing all sorts of stuff in there. And because I'm always like. [37:45] Yeah. [37:46] What are the odds that someone is in here right now looking at me doing this? Like the odds seem slim to none. [37:55] But I guess what's revealed in this conversation is that it might be [37:58] they're not looking for me it's not individualized it's not individualized [38:02] It's not. They're probably skimming a whole bunch of data and the people skimming your data may not even know which part of it that you're going to be made vulnerable through. They're just going to hand it over. Someone has a quota, Dina. Someone sitting at their desk has a quota and they're like, we got to get something. Nashville Delta Lounge is going to be the big honey hole for me. Okay, I want to end with a question for you around your own personal experience. I recently had a very sophisticated question.

[38:30] attempt at being hacked. I have a good friend. She works in crypto. She's very high profile. And I had been at a photo shoot with her the day before. And I had posted on my private Instagram, which has nobody following it. It's basically a Finsta. It's just my friends, essentially. And I had posted some pictures with her. [38:48] At this photo shoot. And the next day, I get a message from her. And we've always messaged in iMessage or in Instagram Messenger. [38:57] And... [38:57] I had tagged her in some of the photos and I got a message from her on WhatsApp and I was like, that's kind of weird. And she was like, hey, could you send me the photos from yesterday from the photo shoot? And she's like, I want to post them, which is something she would totally say. And I was like, totally. So I'm like sending them to her and she's like, oh my gosh, so cute. Like very much we're going back and forth as we normally would. [39:17] Then she said, hey, and we talk about [39:21] work all the time and we collaborate often. And so she was like, hey, I actually have a deal coming through and I think boys club should consider. [39:28] being an angel investor in it. And I was like, great. [39:33] Like, send me the details, like, let me know how to... [39:35] like, [39:36] whatever I want to know more and she was like I'll connect you and then I was like this is weird she was like I'll connect you directly with Brian and I was like Brian and I was like okay [39:46] And then she sends me a new contact. And she was like, hold on. Let me confirm with him. And I was like, okay. [39:55] And then she comes back and she's like, okay, he's down to chat. And then she sends me like a contact in WhatsApp from Brian Armstrong.

[40:03] Brian Armstrong, the CEO of Coinbase. And I was like, I don't think Brian Armstrong is going to talk about my $5,000 angel investor check to some project he's side hustling. I was like, wait, what the fuck? And so I was like... [40:19] I texted this woman an iMessage, and I said, "You messaged me on WhatsApp." [40:24] And she was like, what? No, what's going on? And so I sent her screenshots and I was like, oh, look, this person's pretending to be you. And it's soliciting some sort of investment opportunity. And it was like a crypto specific, like she was like sending me transaction, like where I could send the transaction and stuff like that. Anyway. [40:42] It was really, to me, it felt very sophisticated. It was social engineering. She's really intense, as she should be. She has bags to protect. And she was like, send me potentially who was looking at your stories. Because both of us are private. So someone... [40:54] who watches our stories, who has been accepted as our friend, like social engineered, like this whole thing. And I'm like, oh, that's so slimy and so invasive and just terrible feeling. For her, mostly like someone impersonating you is like an awful feeling. So anyway, all that to say, that's my most recent, like someone tried to hack me story or someone tried to fish me or whatever it is. I'm curious, have you seen this level of like sophistication on [41:24] Well, I would love to aspire to be targeted in the way that I imagine you guys probably are. You guys are a pretty profound presence in the industry. So I imagine that there are people that are a little bit more focused on getting to be you guys and also eventually pretending to be you guys to social engineer others.

[41:43] I haven't had it happen to me. But no, and the other thing is too, like, [41:48] something to think of it could be one of your genuine friends instagrams that got compromised so somebody could be logged into their instagram on another device so [41:58] There's so many vectors. They never end. I also think if it was someone you got, you knew and you accepted as a friend, they would know not to drop the ball at the Brian Armstrong bit. Like totally, that really showed their hand. It was, it was the moment that I was like, we went. [42:14] Let me go grab Brian for this. [42:20] So have you been hacked, Britt? [42:22] I'm scared to say no every time when you're banging on my coffee table. But it's constantly... [42:29] attempted. There's a lot of the social engineering things on Twitter, I will tell you, I'm like, always a little scared that some troll is gonna like, [42:36] think it's funny to try and hack me because I work in security. Like I'm constantly on my toes about that. Yeah. Same thing here, though. There's there's really not bags to secure. I'm a mom of two kids. So my bags are them. It all goes there. But there's a lot of it. I mean, everyone, your DMS and Twitter are just insane. And some are better than others. I don't know that I've had like [42:57] quite the finesse that you experience like that's [43:00] pretty specific but I hear about those stories all the time it's kind of like the bittersweet part of working in security like it's probably being a therapist in the wild like you're like oh yeah I work in security oh my gosh this is what happened and it's like I feel for this human I wish I could like have a time machine

[43:16] I have a question, and you might not know the answer to this, and then we can close out here. But does... [43:21] Coinbase ever call you... [43:23] Do you know? Oh, you mean like Coinbase customer service? [43:27] I think it's like the IRS. A rule is that the IRS will never call you. I think that that's like a rule that like the IRS will never call you. And if someone calls you and says, I'm calling from the IRS, that you should just be like, this is a hack and like just hang up. And I remember one of our other friends got hacked because someone called and pretended to be Coinbase. And they were like, had all of her information and... [43:47] And then she got hacked and it was awful. And so I'm looking for some hard and fast rules. And the problem is it seems like that's not the case. [43:54] Well, on that one, there is [43:56] If a financial institution calls you [43:58] especially Coinbase or crypto things. Ask them for what they're talking about, hang up, and call back that organization. [44:05] I won't say that's foolproof. I've heard of like crazy schemes where, you know, like something like that, like make sure you didn't just Google the phone number, you went to their actual website and got it because they're not. [44:14] People can get complex. But if a financial institution calls you, especially if it's something like Coinbase, I would just say, cool. Thanks. Hang up. Call back. And then anecdote. My name's my last name is pretty crazy. [44:28] I couldn't get KYC'd at Coinbase for literal years, and I couldn't get a call from them no matter how hard I tried. We are literally backed by Coinbase Ventures, too. Okay. So... [44:41] I don't know that you can get a call from Coinbase because I sure as heck tried. Well, I should connect you with my friend and you can get Brian Armstrong's number. That'd be great. He can shoot me a message on WhatsApp. Exactly. Britt, thank you so much for coming on. This was really fun. And I hope I think very helpful for people. We've loved working with Harpy and it's a good place to start for a lot of people if they're trying to figure out if they're feeling scared. They're feeling scared. We've got a place to send you.

[45:08] Thanks for having me on. It's always fun to talk security with cool people because hopefully it makes it a little more interesting.