May 1, 2024

Casa co-founder and Chief Security Officer Jameson Lopp joins "First Mover" to discuss the significance of self-custody in the crypto space and how cryptography could enhance existing security models.

Video transcript

The reason why I got into the space over a decade ago was I looked at the security model that these systems were offering and realized that, you know, cryptography and math really allows us to give an asymmetric advantage to individuals and the ability for them to defend themselves against adversaries. You know, even at the level of nation states with all the talk about price action lately and the inflows and outflows of Bitcoin ETF si wanted to turn to an interview I did with Jamison Lott. He's the co founder and CTO of Casa, a Bitcoin self custody solution. Now, Jamison has been in this industry for over a decade. He's lived through the bulls and the bears and he remains bullish on the Bitcoin ecosystem when it comes to Bitcoin. What's he excited about? Let's take a listen, Jameson Lopp, welcome to first mover. Great to be here. Awesome to have you now for the uninitiated. Let's just start at the very beginning. Tell, tell us a little bit about your story and then tell us about CASA. Uh Well, I mean, I've been involved in the space for over a decade. I've been working full time on Bitcoin self custody solutions since early 2015. And CASA is basically the next iteration that I've been working on uh since 2018. Now, the real goal of CASA is to help people get into a robust self custody set up. And that's because, you know, the promise of being your own bank has always been possible in this space. But, you know, there's a lot of pitfalls, foot guns and best practices that people don't know about unless they spend a lot of time getting into it. So we're mainly here to help make it easier for people and make it so that they can put themselves in a strong position that follows a lot of the best practices without having to spend hours, days, weeks, months, you know, reading through many, many years of history and catastrophic failures that we've learned from. Well, I, I am curious to hear your thoughts, you know, uh, many leaders in this space have said people don't actually want a self custody. They don't want to take on all of that responsibility. I remember cz tweeted that a while back. He is facing some different challenges of his own right now. But what do you think when you hear like that? Do you, you obviously don't agree because you're building a solution? But what do you think? Well, no, I mean, I do agree in a sense and to be clear, I did not choose the easiest path for you know, business opportunities in this space. And in fact, I would say, in some regards, we are working against the grain. Uh, basically, we're working against human nature. So I agree in the sense that human nature, from what I've observed is to prioritize convenience over almost everything else. And so it's, it's very clear to me and it's not surprising anymore when we see people say, well, I don't want to take responsibility for that. Um to be fair. This is how civilization has advanced to the point where we are today. Uh That's through outsourcing, it's through allowing people to specialize in one very specific thing and get very good at it. And so we are used to outsourcing many different aspects of our lives and uh to, to go out here and essentially be preaching people about the virtues of self custody and the security and sovereignty and stuff around that. It, it can very easily fall upon deaf ears because it's just, it's not a model that people are used to. And so, you know, what are we doing to fight against that? Well, we have to fight against the convenience of letting a trusted third party hold all of your money for you. So that's why one of our primary goals at CASA is to make self custody as convenient as possible. I have no delusions that we're going to, you know, be able to get everybody into self custody. Uh But I just want to push back against this uh you know, convenience narrative. Why choose the path of most resistance? It's, it's about empowering both the individual. Uh This is the reason why I got into the space over a decade ago was I I looked at the, the security model that these systems were offering and realized that, you know, cryptography and math really allows us to give an asymmetric advantage to individuals and the ability for them to defend themselves against adversaries. You know, even at the level of nation states, so being able to wield those tools at the individual level, I think if you get a sufficient amount of adoption that actually bubbles up to potentially be a societal level change. And ultimately, you know, this is one of the premises of the cypherpunk movement, which is that we build software, we build tools and we distribute them far and wide and we advocate for their adoption uh under the idea that adoption of these tools will actually have major impacts all across different aspects of society. And I think that, you know, this comes down to what I was just talking about. It's related to the fact that civilization has uh advanced to this point by allowing people to specialize, you know, that's great from an efficiency standpoint. But if you look at the hierarchy, the architecture of what we have built as a civilization while it's highly efficient in many different aspects is also highly fragile so you could say that, you know, me advocating and building these type of things. Uh It's, it's really a goal of it to make many different aspects of our civilization, stronger, more robust, basically against uh having a small number of people and entities that can have, you know, wield an outsized influence and power over us in various aspects of our lives. Well, that is really the ethos of the industry, right is breaking down those centralized entities, the centralized powers and decentralizing things, not only currencies, but I want to talk about that mainstream adoption narrative. You know, this year has really been dominated by the approval of the spot, Bitcoin ETF and just given how long you've been building in this industry and the ethos at CAS A, I'm curious to hear your thoughts on the approval of the Bitcoin ETF. And if you think it's pushing us in the direction that you envisioned all those years ago when you got into the industry and, and other cypherpunks, maybe even Satoshi when he wrote the white paper. Well, you know, I've been waiting for a Bitcoin ETF for 10 years. Like I remember in 2014 when I thought I was being smart uh by, you know, buying Bitcoin before the Winklevoss ETF was going to launch and then, you know, mainstream adoption was going to come in and I guess I was right in a sense, but my timing was way off on that. Not really your fault. No. No. And so, you know, if anything, um, I had just stopped even paying attention to all the ETF stuff because I figured it was never going to pass and of course, it was only the result of some, uh, court and judicial action that I think that it really went through. So, where are we now? Well, Casa is viewing this as a kind of competitor, right. Because while it's going to be good from a financial standpoint that a lot more value flows into the space, uh you know, that ought to trickle down in a variety of different ways and make uh different aspects of the ecosystem more secure simply because more resources are going to be uh available. The flip side of that is worrying about systemic risk, the the centralization uh particularly even within the array of ETF S that have already launched the fact that like 80 to 90% of all of the Bitcoin are actually being held at one custodian and that is like a level of centralization that really irks me. And so of course, we'll keep paying attention to see just how much money is flowing in into these ETF S. Um can we at least get some of the ETF providers to diversify their custody more over time? I suspect that it will, but I couldn't really speculate as to how much it's going to diversify. And I think the ideal scenario would be that we get a lot of these ETF S to actually do self custody. Fidelity, I think is standing alone right now being the only provider that's doing self custody. There is, of course, a lot of like regulatory hurdles and stuff you have to jump through to do that. But I think that's, it's better for the space in general. So my main uh issue is if we kind of, we, we, if we get ahead of our skis in a sense, if, if Bitcoin actually becomes too popular and has too much mainstream adoption and it's happening all through those ETF S that could be problematic. And then you, you do have to start worrying about potential attacks on the custodians from a variety of different vectors. OK. So you're saying, and just tell me if I'm not understanding correctly is if it becomes too popular and if there aren't more custodians, we don't start to decentralize the custodians or the asset managers, the issuers start self custody in their Bitcoin. We think we're creating a pretty big target and lots of people could potentially lose money. Yeah, because I mean, you know, Bitcoin is essentially a bug bounty and, and that's true in a variety of different uh senses, you know, both at the protocol level, but also at like every application and every, you know, corporate custodian level uh when you have billions of dollars of Bitcoin that puts a huge target on your back and you know, people will start to allocate more and more resources to attacking you. So, you know, we want to prevent another Mount Gox, another FTX. Uh, you know, if that happened at the level of coin base, it would be very bad. It wouldn't kill Bitcoin. Of course, the network doesn't care, it would continue on, but the sort of ripple effects across the ecosystem would have a massive setback. What are the chances of that happening, do you think? Well, you know, it's, it's hard to say, you know, I'm, I'm not out here like trying to fud Coinbase or say that they have issues. Um, they have a, a great record and I'm sure they have a great security team, but, you know, they are a black box. So it's not possible for me to say that, like, I, I can sign off on all of their processes or that I approve of what they're doing because I don't know what they're doing. Um This is actually something where it would be nice if we could get them to go through like a Cryptocurrency certification consortium audit uh to see if they're, you know, following the security standards that uh we have been developing at that uh association for a while. It's like one thing where I'm on the advisory board there and we, we want a lot more of these custodians and really anyone especially who's handling other people's money to go through these type of audits. Just so that we can make sure we're all on the same page. And really what it's coming down to is best practices. You just mentioned, you're on the board there. Have you asked Coinbase to go through an audit? I have not directly asked them. No. Uh We, I mean, I'm sure that they're aware of us, but this, this consortium was founded back in 2015, I think uh by a number of different companies. I know bit go is one of the founders because I was there at the time. Um I'm not aware of what relationship if any Coinbase has, but there's, there's some kind of uh chicken and egg problems when you've developed the standard. And so we, we've had this standard that we developed back in 2015. And, and now it's, it's basically at the point of, you know, how do we, how do we get the ball rolling on this and how do we make it a sort of badge of honor that people want to be able to be able to say that, you know, they are following this particular set of best practices, you know, in the security industry, there are many different standards and many different best practices. Um And this is really meant to be complementary to all of those others and with a lot of like crypto and private key specific best practices. Well, I gotta ask you, you know, Coinbase is a public company. They are regulated to an extent. I think many people watching this who don't know the ins and outs might, might say, well, we have to trust that, that they are doing the best to secure the funds that are on their platform because they have to, you know, issue reports and because they are regulated and they issue reports to the regulator, what would you say to those people? You know, uh, FTX was one of the most highly regulated companies in the crypto ecosystem. Uh, I don't have a great opinion of like, regulators and regulations in general. Uh, it doesn't really mean very much to me, uh, because they, they tend to be, uh, trying to solve for other types of problems. So, um, while, you know, I'm sure there's a lot of good internal accounting and, uh, I'm sure they're following like, so two, standards and best practices and stuff, um, there's always more that you can do and, you know, when it comes to sort of attestations and, and proving to everyone, uh, that you're following the best standards. That's great. But, you know, even, I guess my point, even beyond all of this, um, it doesn't really matter like what level of security you have, you can have the best security in the world, having everybody's money in one place is just never a good idea. And so that's the sort of systemic risk that worries me about, uh, the, the funds that are flowing into ETF S. James said, I've never asked anyone this on the show and I can't believe I haven't. But do you ever think to yourself what happens if it all fails? What happens if something catastrophic happens, it all goes to zero. The experiment fails. And this thing that you and I talk about every day no longer exists. Does that thought ever cross your mind? Yeah, I mean, it did a lot more in the early days and my, my take on it is, is really, you know, what type of failure are we talking about? Because the, the short version, the short explanation that I can come up with uh that I've said several times is that the only way for this system to truly fail like permanently fail is if all of us who care about it, who have been contributing to it with our skills, um You know, me and technical skills uh you with your uh journalism and reporting skills, you know, everybody has different skills that they're contributing. We have to all decide that it's just not worth contributing anymore. We have to become apathetic and dejected and basically say we're giving up on this. So you know, what does it really mean for Bitcoin to fail and go to zero? There are any number of technical failures that could happen and pretty much all of them are going to have a technical solution. It's been a long time, but we have had you know, catastrophes in the space before where the network has failed temporarily and we fix it and we move on. Uh we could have, you know, government level crackdowns. But once again, I, I don't foresee a co-ordinated, you know, one world government type of crackdown. We've already seen Bitcoin weather, amazing uh crackdowns in China. And while that had some massive effects for like six months or so, once again, network recovered people moved on. So my general takeaway on all of this is that there are so many of us and we are so dispersed that it's just not feasible for there to be a permanent failure. I have yet to come up with in my wildest imaginations, a type of failure that uh would cause us to all stop working on Bitcoin. That wasn't a result of some other massive bigger problem uh under which Bitcoin would be the least of our worries, you know, talk about like a World War Three or nuclear, you know, fall out, you know, some sort of like apocalyptic scenario where I think Bitcoin would not even be at the top of people's minds. That's why they would stop working on it is because they were worried about, you know, more pressing matters. So, you know, as long as humanity doesn't destroy itself, um I'm reasonably assured that, you know, we'll have enough people continuing to be interested in devoting their resources to working on this project. Jon, it's been such a pleasure chatting to you. Thanks so much for joining the show. Thanks for having me.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.