What Bitcoin Did

View Original

Be Your Own Banker with Pascal Gauthier

See this content in the original post

Where to find the show

iTunes | Google | Spotify | Stitcher | SoundCloud | YouTube | Deezer | TuneIn | RSS Feed

Your browser doesn't support HTML5 audio

Be Your Own Banker with Pascal Gauthier - WBD158 Peter McCormack

Download Episode MP3 File
The file will open in a new window. Click down arrow to download the file.

Location: Skype
Date: Wednesday, 2nd October
Project: Ledger
Role: CEO

One of the earliest bits of advice a Bitcoin beginner will get will be to not keep their coins on an exchange. 

By keeping coins on an exchange, hodlers expose themselves to counterparty risk and undermine many of Bitcoin's inherent benefits.  When you invest in an asset that allows you to be self-sovereign and take trust away from 3rd parties, why immediately give that up?

While some exchanges, like Kraken, take their security incredibly seriously, the history of Bitcoin is littered with exchange hacks and the theft of coins. In just the last 12 months Binance, Bithumb and Cryptopia have all been hacked, with the latter closing down.

There are many ways to manage your private keys, and hardware wallets are one of the most secure and simple options. Ledger is one of the leading hardware wallet manufacturers and has recently celebrated its 5th birthday.

In this interview, I speak to Pascal Gauthier; CEO at Ledger. Ledger recently celebrated their 5th birthday, so I got Pascal on the show to discuss hardware wallets, being your own banker, competition and what's to come from Ledger.


TIMESTAMPS

00:04:26: Introductions
00:04:51: Delving into Pascal’s background in advertising and Ledger reaching its 5th year of trading
00:08:41: Pascal’s thoughts on economic freedom and if this is a vision shared amongst the industry
00:12:51: Exploring why Pascal decided to focus on hardware wallets and security in Bitcoin
00:17:27: Discussing upcoming features on Ledger, including optimising Ledger Live, lending and staking
00:24:42: Delving into security at Ledger and preventative measures against hacking and attack vectors
00:27:40: Discussing competitors, testing their products and vulnerability disclosure protocols
00:32:51: Exploring potential increased risk, if you continue to add more coins to the device
00:35:18: Discussing the recent vulnerability disclosure on Trezor devices and Trezor’s response
00:38:57: Pascal’s thoughts on other competitors and the limitations with decentralised UX/UI
00:43:12: Delving into the impacts of market conditions on the production of Ledger hardware wallets
00:45:19: Touching on potential diversification outside crypto in the future for Ledger
00:47:18: Final comments and how to stay in touch


See this content in the original post

SUPPORT THE SHOW

If you enjoy The What Bitcoin Did Podcast you can help support the show my doing the following:

If you are interested in sponsoring the show, you can read more about that here or please feel free to drop me an email to discuss options.


SPONSORS


SHOW NOTES


THANKS

A big thanks to my WBD Maximalist Patrons for helping support the show: JP Petit, Logan Shultz, Seb Walhain, Steve Foster, Tony, Gordon Gould, David Burlington, Jesse Powell, Bitcoin Tina, BitHyve and Wiel Menger.


TRANSCRIPTION

Peter McCormack: Pascal, how are you?

Pascal Gauthier: I'm good Peter, thank you for having me.

Peter McCormack: Not a problem! We met before, didn't we? We met in Hong Kong, I don't know if you remember,

Pascal Gauthier: Actually you have to refresh my memory, I don't remember! Where did we meet in Hong Kong?

Peter McCormack: At the Token 2049 event, my hair was a lot shorter!

Pascal Gauthier: That's why!

Peter McCormack: Well happy birthday!

Pascal Gauthier: On behalf of Ledger, thank you!

Peter McCormack: You're welcome. Five years man, congratulations! How do you reflect on that?

Pascal Gauthier: Yeah it's been an amazing five years. It's been a bit like a baby, the first five years you're thinking, "wow, all these things, the first year was very different from the second year and so on and so forth" and of course, as you know we've been in an industry that has been moving a lot, so there was never a dull year and just like a baby after the first five years, it's just part of the journey, because then there's the next five years to come and they're almost as exciting, if not more, the five years that have passed. So it's been five exciting years, but just we just want more now, we want to know what's going to happen in the next five years.

Peter McCormack: Yeah, so I noted that you have a background in advertising like I did.

Pascal Gauthier: I do actually. When I started my career was internet advertising, Kelkoo, Yahoo and at Criteo, we listed that at NASDAQ in 2013 here in New York, it was a retargeting company, so those annoying ads that follow you everywhere with the products, that's sort of me with the team at Criteo and moved away from advertising to join Bitcoin.

Peter McCormack: Do you miss advertising at all?

Pascal Gauthier: None at all, because the reason why I wanted out of advertising is because on those protocols, when it is the internet protocol advertising, I think on every new advertising dollar that is being spent in the US, I think 95 cents goes to the [Inaudible 06:31] and so it's becoming a very difficult business to be in. You also compete with different types of weapons, so Google, Amazon, Facebook, they have like the big weapons and you have the small gun, so it's an unfair competition.

So I just wanted to change the game and to work on, sort of different protocols, to be able to compete with those big companies and to build a great company out of a new protocol. So for me, Bitcoin sort of ticks that box where suddenly you have a blue ocean, the potential is infinite and you can build amazing companies without unfair competition. So that's why I'm here.

Peter McCormack: Did you work on advertising in the advertising industry before the retargeting business though?

Pascal Gauthier: Sure, yeah of course.

Peter McCormack: So you worked in old school advertising, because I'll tell you why... I left the advertising industry five years ago and I kind of felt like two things. I felt like creativity was dying, it was being kind of destroyed by data and also I felt like we were kind of destroying the internet, we were ruining the experience for users. I kind of miss the old school days of creative teams, a copywriter, an art worker just coming up with beautiful ideas. I don't know if you had the similar kind of feeling?

Pascal Gauthier: Well I mean Criteo is the ultimate data company when it comes to advertising. So I didn't share exactly your feeling because I think data is great and it brings actual results! But we were on the other side of the spectrum.

I think creativity is important and I feel what you're saying and I agree to the extent that I think that is important but creativity has sort of suffered because of the internet, because of the direct marketing model that sort of Google and Facebook have brought to the world, we sort of moved away from creativity and enter into the direct marketing age let's say

 But for me, it's not the reason why I have no love anymore for the advertising world, I just think that in this crypto community, we're just solving bigger problems. At some point selling ads is good, but you just help people make better purchase decisions I guess. I think the problem we are solving here is far more interesting and truly helps people gaining economic freedom, so that's why I'm here.

Peter McCormack: So you think that the problem you're solving, is economic freedom? That's what really brings you into Bitcoin and crypto?

Pascal Gauthier: In the grand scheme of things, yes. I don't wake up every day thinking economic freedom, but if I think about why I invested time and money into this space and why I think ultimately it's very interesting in fact to narrow it down into sort of two words, I think economic freedom is a very interesting concept.

I think what first struck me with Bitcoin is this ability to now suddenly own your private keys, sort of own your money and be free and it's a very new thing actually. We come from a very centralized world, whether we're talking about advertising, but whether it's with your advertising data, you have your data that you actually give to Facebook, Google and they sell advertising on top and you have no control over that.

The human being in the digital world has very little control over its digital assets and I think Bitcoin is an interesting case of suddenly regaining control and one aspect that is particularly interesting, which is the transfer of value and so sure, economic freedom, or freedom if you have to narrow down to one word. I think we're fighting for our freedom in a way and we know that it's being attacked right now, so I think it's an important problem.

Peter McCormack: So obviously therefore with Ledger, it's a company which helps people with that. You've got your hardware devices that help people manage their private keys, But at the same time, you know what it's like with this crypto Bitcoin ecosystem, people keep talking about, "oh, when are the institutions coming" and "when are we going to have an ETF?”

I've started to kind of feel like that side of the industry isn't really about economic freedom, whereas helping the individual kind of is. Do you understand the dilemma I'm having now, where when I hear about things like ETFs, I can't get that excited anymore because that doesn't feel like it is about economic freedom.

Pascal Gauthier: No, but I think that's more like the ransom of success than what Bitcoin really is. I think people see an opportunity and suddenly everyone is building services and sort of ETFs and everything around Bitcoin, but that's not what it is at the core. I think it's a retail revolution first, it's the first financial product that starts with retail. Ledger is the first security company that starts with retail, it's a very rare thing that crypto companies start with retail actually it never happened in the past.

I mean unless you know a company, but like when we're thinking about this and we're looking at... We come from the chip and pin industry and so we're looking at other companies similar to us and in France, they are all B2B hardcore companies. We are the only one that started from the retail side. So I think long run, the next bull market will come with retail. Right now people say, "is the market bullish or bearish?" I mean right now it's nothing, it's just futures and people trading, but you haven't had like the next 100 or 500 million people sort of coming in.

What has driven the boom market in 2017 was massive retail adoption, it was not the big bang for the financial institutions. People could talk about financial institutions as the next big wave of money, it might very well be so, but I actually prefer the retail investor and those type of... I was presenting in front of a big bank in France the other day and half were amused, the other half didn't understand, there were other people that were sort of aggressive towards crypto because they didn't want it.

But anyways, it was a bizarre conversation and at the back of the room, there was the waiter and the waiter had a big smile. When I finished my presentation he was very happy. I didn't understand why, I made a few jokes on stage, but I didn't think I was that funny. But anyway, he was happy, he had a smile and he said, "hey, you're the CEO of Ledger!" I'm like, "sure" and he's like, "how do I split my Bitcoin and Bitcoin Cash with your hardware?"

He had a very precise and in depth view of the market, much more than any of the bankers in the room. To me, that feels good and that's why I'm here, I'm here for these guys, not the rest, although we love the rest and of course we will provide technology and services, but like philosophically and fundamentally, I think it's a retail revolution first.

Peter McCormack: Well listen, look it's a competitive market that you guys are in. I've been with you since the very start, since I very first got into it! My first wallet, my hardware wallet was a Ledger. I've tried them all, I've tried a KeepKey, I've tried a Trezor, I've always really liked the Ledger UX, both the device, but also the applications that you actually interact with and I'll talk about them at the moment, because it's not like a perfect experience, but I've always kind of ended up sticking with Ledger

But why for you, hardware wallets? Obviously you discovered Bitcoin, which you've talked about that before, but why was this the thing that you wanted to go for?

Pascal Gauthier: So probably because of a culture difference. I'm French, I was in France and I was trying to invest in this space and so looking at the space, I thought there were a few issues. Data was one, so I built a company called Kaiko, but I thought security was another one. Not security of the Blockchain itself, but security of the endpoints and it was just after the Mt Gox hack and my 2 cents sort of thoughts on the market at that point was, how do you build a big market if security is not there and so I met with Eric Larchevêque, Nicolas Bacca and the founding team of Ledger and they were pitching me their key at the time.

They were coming from the chip and pin industry and actually it's a French invention. So when you try to invest in a business, starting from France is not necessarily the best place to start a business, but it really depends. It really depends on what is the specialty that we have in France and chip and pin is actually one and so credit cards, the chip and pin that you have on your credit card is actually a French invention and it's a much better security than just swiping the card and the experience they have even in New York today.

These people are crazy, they just swipe the card, there is no security! So chip and pin is just better and so I thought, "okay, protecting secrets with the chip and pin", which is what the chip and pin does, it protects secrets. Before it protected secrets from your bank or your telco, but right now it protects your secrets. I think it’s just a technology that's been there for the past 20, 25 years and has been proven to be a great technology to protect secrets and the number one problem with crypto is you need to protect the secrets because otherwise crypto is gone.

Crypto I think is amazing, but the one thing that is probably less amazing and why custody is so important, why security is so important, is that it's very easy to steal, much more than anything else. To steal $1 billion worth of gold is very difficult, like only in movies or you have an army invade a country. You need to think hard about that, but to steal Bitcoin at scale is very easy. You can do it from your room with a computer, you attack one server, you extract the private keys, happens every day, it has happened to big players even recently, it's a big problem!

So I thought without real security, we're not going to solve that problem and without solving the problem, the market will never get big. The problem is not solved yet, I think five years at Ledger is just the beginning and it was just five years to get us where we are today and we're just starting really to actually really bring full security, cool platform, cool UX, better UX than what we have right now I think, UX will largely improve in the next month and Ledger in five years from now, will be security but very easy to use, which also is very new in security. Usually security is very clunky, we'll make it very easy to use.

Peter McCormack: Right, so what areas will you be making it easier to use? Because that was the thing about Ledger, I've always found it super easy. It's just such a super easy product to use, to set up, the device is easy to use, the software. I prefer the old Bitcoin app than using Ledger Live, that's my preference. But then I only use it for Bitcoin now, as I don't trade alt coins anymore, but even so, I just preferred the old one. I don't know if you get that as feedback from many people?

Pascal Gauthier: Yes and no, but you're an old timer.

Peter McCormack: I'm not that old!

Pascal Gauthier: From someone like you, yeah we get the feedback, but in general people prefer Ledger Live, it's a better experience. The app was great, at the time it's a bit scary, like very [Inaudible 17:13]. So it's a bit nerdy and all right, so if you a hardcore Bitcoin fan then of course, it will remind you of the first years, but the Ledger Live experience today I think is great, but it is going to be so much better in the future.

Peter McCormack: So what are the kinds of things are you working on then?

Pascal Gauthier: I think what we are working right now is just sort of fulfilling our destiny. Actually, what people don't realize is that they see Ledger as a hardware company. It is security enforced by hardware, but actually we are an OS company. At the heart of Ledger, there is an operating system called BOLOS. That's what we do actually, the big invention of Ledger is the operating system.

Then we put the operating system in different types of hardware, so the Nano is one type and we had to invent this hardware because there was no secure hardware to store your private keys before, in the sense that your computer or your phone, you don't have security in those hardware products. So you can't keep your keys on your computer or on your phone, it will be too easy to hack. 

So we had to build this hardware, but at the heart is the operating system. It's a semi-open operating system, so some parts are closed because it's security, other parts are open and so what we're building essentially is a platform. So Ledger Live is a platform and what you'll see in the future is many more services being added into Ledger Live.

So we make it very easy for consumers to sort of never leave their security and the Ledger Live experience and be able to do sort of their crypto journey within Ledger Live. So whether you want to buy Bitcoin, swap Bitcoin, lend Bitcoin, take Bitcoins, all of these features will be available in the next few months within the Ledger Live experience.

Peter McCormack: So you are actually creating an almost, be your own bank within the device, because the lending from the device is very interesting!

Pascal Gauthier: It's funny you say that, so be your on banker I think would be more accurate, for sure.

Peter McCormack: Yeah, because that's very interesting to be able to lend directly from your Ledger.

Pascal Gauthier: To lend directly from your Ledger, to stake directly from your Ledger and to do this with the same level of security, because I think one of the flaws today is you have your coins on your Ledger, so you're perfectly happy and you sleep at night. Then suddenly you need to do something, like you want to swap coins and so what do you, is you take your coins out of your Ledger, you put them somewhere and then you swap them and all of this can be very dangerous.

I'm not even talking about decentralized exchange, I've seen use cases where if you actually don't plug your Ledger before you do your transaction on decentralized exchange and by mistake you sort of close the window before sort of backing up your data and securing it on your Ledger, you could lose your transaction and you lose your coins.

So many transactions actually happen with very low security and today we're still in an industry, where you have a sort of cold storage on one side or frozen storage, however they call it, and that's supposed to be secure. But as soon as you're in a hot wallet, that isn't secure, but it's okay. So that's not okay, you should be able to do everything with the same level of security, otherwise there is no scalability in this business.

If you have to take a risk every time you manipulate your coins, it's too dangerous, people just won't do it, it's too scary. So what we're trying to do is to build like a security experience with all services on top, where you don't have to think about your security, your security is a given and now you only need to worry about what you want to do with your coins.

Peter McCormack: Will you be partnering with other companies for things like interest, say if you wanted to lend out or will that be a service you will be providing yourself?

Pascal Gauthier: I know for sure we'll be partnering because Ledger will always remain a technology company and we always remain sort of agnostic. So the idea for us is not to become a nimble financial company or take our customers into the one service that we build, where we sort of creaming them with like premium rates. So the idea is to be an open platform where every other service can sort of integrate into the platform and offer the service to the Ledger community.

So the idea is to be as open as possible and that's always been what Ledger was about. So typically today when you buy our hardware product, you can use Ledger Live, but equally you can use any of our partner's services, because there's a reason why we should... You use Ledger Live if you think it's the best experience, but if you think Electrum or anything else is a better experience for you, you should be able to do that.

There will always be experiences that are very niche, narrow, sort of deeper integration into one coin etc and Ledger will not provide everything, on everything at all times. So we think to stay open is very important, that's what we are, that's what we owe to our customers.

Peter McCormack: So, for example, you perhaps could partner with someone like BlockFi and I could lend and check my balances from within the Ledger app. Is that the kind of experience that we could have?

Pascal Gauthier: Correct, it's exactly that.

Peter McCormack: Yeah, because that would be very cool because one of the things that I've experienced through, I've got Ledger and I've got a BlockFi account, is that I'm always having to jump between services and also different companies have different security procedures. You being Ledger, have probably got as good as anyone else in terms of your security procedures, so it would kind of make sense for that to happen.

Pascal Gauthier: Completely, so I concur! This is the same idea of not having to go away from your Ledger experience every time that you want to do something, is sort of to bring all services into one experience and your Ledger will be your entry door into your crypto experience and then you can use the services that you want.

So the idea again is not to present you into one Ledger experience that will be ours, but it's just to give you every option so you can go about your merry crypto journey with the best possible security which we provide and then every type of services that you want to see in your Ledger Live experience.

Peter McCormack: How scary is the security side of things for you? I spoke with Nick Percoco, the head of security at Kraken, I spoke to other exchanges and other companies about the constant threat of people trying to hack. Now they've got it slightly different in that, people are trying to attack their honeypot, the coins they are custodying for their customers.

Yours is slightly different because you don't custody any, I custody it myself using your device. So essentially rather than protecting your own honeypot, you're protecting the honeypot of personal holdings. But how scary is it? How much of a threat is it? How regularly are you guys seeing people trying to attack you and do you even have people trying to attack you as a company?

Pascal Gauthier: Yeah, sure! I mean that's what we do. We're a security company, so of course we have to stay paranoid. Security is always a game of cat and mouse, so there's no such thing as perfect, there's just a prize, an attack and if the cost of the attack is worth attacking, compared to the price that you're trying to get, then of course you would attack.

So the idea is to make the attack as costly as possible, so people never attack because it's too expensive compared to what they can gain from the attack. So that's the ballgame and the way that we do it, is we build internally at Ledger an attack lab, our own attack lab, which is called The Dungeon.

Peter McCormack: I was reading about this earlier.

Pascal Gauthier: You read about The Dungeon? Cool! So we have ten white hats hackers and they hack every fucking possible way like hardware, software, everything. Actually, one day if you want, you can talk to Charles, who is our Chief Security Officer, they have very cool stories about what they do. They publish a lot of stuff because again, we have a very open approach about security, which is also very new. We publish everything that we find.

We do of course responsible disclosure, we bring the program to our partner or whoever we broke first, so they can fix it and then when it's fixed and patched, then we agree on disclosure together. But they were presenting at Black Hat something like a hack that we've done in HSM, it's basically next generation security because none of the hardware security that was designed before, has actually been designed specifically for Bitcoin.

Bitcoin is a very complex program in terms of its security, because it's so easy to steal and as soon as you access private keys, boom, it's gone! You think about the past before Bitcoin, nothing is like that really, you can sort of roll back to anything that was before, everything is sort of centralized, so you have one authority that can decide to roll back on everything and anything.

Bitcoin is the first time that it's immutable, you cannot change the past. The past is the past and once it's gone it's gone. So of course it changes radically the security problem and that's why we are working so hard, that's why we have our own attack lab, because otherwise it's too easy to steal.

Peter McCormack: But it's not just for testing your own products, right? Similar to Kraken, because Kraken will test products across the entire ecosystem. Their view is they want to elevate the entire ecosystem. You have not only tested your own products but you test Trezor's, you test KeepKey's, you've obviously disclosed bugs that have happened that you've found or potential hacks and it's interesting thinking that as well because obviously Trezor are your most obvious competitor and you have found vulnerabilities with their device.

But at the same time, the market kind of needs at least two strong hardware wallets to support multisig, because in an ideal world you would use different devices for a multisig.

Pascal Gauthier: Correct. Look, our approach is to sort of raise the bar of security and basically help the industry and consumers. Our aim is to make sure that people are safe, that's the only motivation that we have and in that spirit, we sort of hack everything that is part of the Ledger experience in the grand scheme of things. 

So whether it's our product, our partner's products, whether it's the secure elements, the HSM and of course our competitor's products because we are curious! Yeah, sometimes you find vulnerabilities, but the idea is to help everyone patch them and then to disclose also, so consumers can make an informed decision on what they're going to use and what's the most secure experience for them.

Then based on that, they decide. We believe right now we have probably the most secure experience in the markets and the most secure experience sort of at scale, that can be used by millions of people and of course, when you read the press, you have many other players that are coming into the market right now, they always say that they're more secure etc, they talk about MTC, they're many new security sort of tricks going forward and we look at everything with a keen eye.

We don't think that what we do today is the Alpha and the Omega of security, we believe that you still have to raise the bar in time, but right now for a product that is in the market, that is at scale, we believe that we're doing a pretty good job.

Peter McCormack: Yeah, so that is kind of like a strange position to be in because if you can find bugs with other devices and if you go through the process of responsible disclosure as you did with Trezor, you disclosed to them quite early on with some of the vulnerabilities you found, it does act as a piece of marketing for Ledger. I remember reading about one of the vulnerabilities you found with their seed extraction, but you said it was unfixable, right?

You said that there's no patch available, it can only be fixed with a rebuild, therefore you're really advertising Ledger at the same time as being a better product. But do you understand my point when I say that for multisig, you do require at least two and ideally three or four high quality players in the market without vulnerabilities.

Pascal Gauthier: Sure, your point is clear and valid, but we'll keep on hacking everything that is around until we find those two or three other players that have real security. So it's a difficult game. I think there are good products in the market, we like our competitors and our competitors make us better and together we are trying to raise the bar and build better products for consumers.

So for sure what you're saying is 100% true and we don't want to be the one and only, we probably want to be the best, but not the one and only because that will be a very sad world! Competition is also informing the market to drive innovation, so for sure, what you're saying makes absolute sense and in the spirit of what we're doing with Dungeon is exactly that.

It's just to make sure that everyone is aware of security, everyone has the best foreseeable security products, because whether you use a Ledger product or any other product in the market, our aim and our passion is just that everyone is very secure, because if that's not the case and if there is a critical failure by those three other players that you mentioned, it's going to be very bad for everyone.

People will lose trust, even in Ledger, because in the end consumers won't make the difference between the three other guys that were hacked and Ledger is not hacked, but they're going to say, "this shit doesn't work!"

Peter McCormack: How does that work in terms of relationship? Do you kind of have a very strong relationship with Trezor? Do you have very good communication channels or do you all kind of like just secretly hate each other?

Pascal Gauthier: Hate each other?

Peter McCormack: It must get tense?

Pascal Gauthier: For sure not! I think it's a very good relationship. I think Trezor, Ledger and the rest of the industry, we work very closely together as much as we can let's say, especially on security issues, I think teams are working very closely together, but then everyone has their own baby. So you always want your baby to be the prettiest, so I think that is just life. It's never good to be hacked, so when we get hacked we are not happy, it's the game.

Peter McCormack: Yeah, one of the other interesting things that's starting to happen is there are Bitcoin only wallets. You have Coldcard and also Trezor have released a Bitcoin firmware, so you can have a Bitcoin only Trezor. Is this something you guys have considered doing because there is that split in the market of people that will trade anything or some people who just want to only own Bitcoin and hold Bitcoin. Have you considered that?

Because I also heard another interview with somebody else that said, the more coins that you introduce to a device, the more risk you introduce to a device because there's more vulnerabilities. Is that something you agree with and have you considered that?

Pascal Gauthier: No, I completely disagree. I really don't understand what people are talking about and I think it's a misconception of our product. These people say that and we fucking are already doing it! Our products is very different from Trezor actually in that regard. The reason why they have to do like a Bitcoin app is because they don't have secure hardware and so therefore their apps are not segregated and so the more coins you add, like the more attack vector that you add into the product, which is one of the reasons why we could hack into the Trezor product.

We have actually at the root of our products, something that is very different and we work on the secure elements, we have a chip and pin technology, they actually don't have that. They work on an element that is not as secure as ours and it's just different, so it's easier to hack on the one side. On the other side of the secure element, it gives you the segregation of your accounts.

So typically, this is why when you download Ledger Live or when you have the Nano product, you have to download one app for [Inaudible 34:30] and the secure hardware actually gives you the insurance that no other app, not one can contaminate the other.

So number one, you can only download the Bitcoin app and so now you have a Nano S that is a Bitcoin wallet only, but even if you download other apps, that's not going to contaminate anything because segregation of the apps and the security of that is enforced by the hardware. So actually we already have an OS that is Bitcoin only if you want or Ethereum only if you want.

We don't need to design a specific OS for this because it's already what's in our products. So I was reading the buzz around this and people are like, "oh my God, let's figure out something new and let's just do an OS that is Bitcoin only." It's like, "dude, we've been doing it from the beginning!" So it's good.

Peter McCormack: But that's quite a bold statement to say that Trezor is easy to hack and I'm sure they wouldn't like to hear that.

Pascal Gauthier: Well, they're not easy to hack but they are easier to hack for sure. Everyone is hackable by the way, we're not in a position to say, that at Ledger, we've figured out everything etc. Security is a complex game and going forward there will be new attacks and new vector of attacks etc, which is why we have the Dungeon. It's not something that you're doing one day and then you quit for the rest of your life, it's a continuous process of improving security with new attacks etc, it's a cat and mouse thing.

So we are not saying that we know everything, but we are working hard to protect Ledger and right now if you talk to our security team, we can hack a Trezor in a way that you can't hack a Ledger and it's been documented and I'm not here to put to put oil on the fire, but it is what it is.

Peter McCormack: No, but people should know this. My show tends to be more for kind of different... A range of people listen to it, but also a lot of beginners or less technical, less experienced people, the kind of people who would kind of just trust things, they might just buy a device and just use it. If you think that the Trezor is easier to hack, then perhaps they need to hear that and understand why and I will share out the links in the show notes for the disclosure that you did recently.

Pascal Gauthier: It's documented, Trezor's has responded and their response is that no one should have physical access to your Trezor and they said that hardware wallets were not designed to protect from sort of physical attacks and we think it's really wrong actually. You could leave your Ledger at the table of a hotel in New York and just sort of leave it there, you should be resistant enough to prevent from anyone getting your private keys even if they have physical access to the device.

Now it's always a game of time, so if you give someone physical access of your device for like five years, you have a bigger attack vector than if you give someone physical access to your device for, let's say two hours. So I would recommend everyone, that if you lose your device, actually you're okay with Ledger, with Trezor someone could extract the private keys, but I wouldn't leave a device out there for five years thinking "I'm good."

I would probably move the coins to another wallet and sort of reset the whole process. But the reality is this right now, someone can steal your Ledger device, have it in their hands and there is nothing that they can do. We cannot extract private keys from our own devices, our attack lab was never able to actually do it so far. So, so far we have a better security value proposition.

Peter McCormack: I left my Ledger in a hotel in Germany!

Pascal Gauthier: And your coins are still safe, so there you go!

Peter McCormack: Coins are still safe! I managed to get it back, but do you know what I did, which just probably sounds crazy but I left it in the safe in the hotel room and I was at the airport about to get a flight. I didn't have time to go back, but I did have time for an Uber driver to deliver it. So I had to phone the hotel, they put it in an envelope and the Uber driver delivered it. But the whole time I was thinking, "well, this could get stolen at any point."

But even if it gets stolen, I've got my backup, I can restore it. I never had that fear that I would have a problem, but I never had that fear with the Trezor until I obviously heard about the vulnerabilities you found. Are there were other devices you like, because there are quite a few now on the market, is there anything else that you're looking at and thinking that's kind of interesting?

Pascal Gauthier: Well we look at everything, we open everything, the Dungeon gets everything. Right now, we don't see anything that we believe is... Because the problem that those hardware wallets are trying to solve actually is a complex program and actually no one has solved the problem yet and it's something that is going on right now, it's like everyone realizing, "oh wait, all of this is supposed to be decentralized and yet the biggest players are centralized, valuable positions, whether it's exchanges, Coinbase, etc.

So we're not sort of fulfilling the vision of decentralization and Bitcoin. There's a good reason for that is most decentralized value propositions actually sort of suck in terms of UX and UI and have less good UX and UI than centralized value propositions, it's sleeker to use Coinbase than it is to use Ledger, that has to change in the future.

Actually we are working hard to change that, so one day and one day is not in 10 years, but like in the next couple of years, you will have a decentralized value proposition that'd be more secure and on par, if not better as a UX/UI experience, where you will be able to own your private keys, but without sort of worrying every day about security, losing your 24-word password and all these good things that sort of makes you your own banker.

So we want you to become your own banker, but in a very safe and trustworthy environment. So we are working hard to do that. I don't think that anyone is doing it right now as a decentralized value proposition, we look at every other hardware wallet and you have one problem that is hardware first and most of the hardware, whether it's actually don't have secure elements built in, so they don't have real security built in.

Then there's a question of the software, we have Ledger Live and I don't see out there, like a software value position that is so much better than Ledger Live right now. Ledger Live has many flaws and we're fixing them and we will make it a better product over time. But yeah, I mean we keep a keen eye on the competition because that's what's pushing us.

I don't think there's value proposition in the market right now that is so amazing, including Ledger. I think we're great, I think we're good, I think we can be so much better and we are working hard to be much better in the near future.

Peter McCormack: Yeah, I'm not sure how you decentralize hardware manufacture. I mean there is still a certain amount of trust that people have to give with you. I was listening to an interview earlier where somebody was saying that you should only really be buying a hardware device directly from the hardware manufacturer and that you shouldn't be buying it from third party retailers, because there is a trust element in that process.

But even buying the device for you, there is still, even though it's like a minute risk, there's still an element of trust with you. I don't know how you get to a decentralized hardware, unless you're building it yourself.

Pascal Gauthier: I think that's a misconception actually, you could buy a Ledger from sort of anyone, anywhere and you will still provide the same security, of course providing that you do a couple of sanity checks etc. The great thing with Ledger is that you don't have to trust, you can verify and so it's already part of the process. You can actually verify that your Ledger is genuine, you can verify that it hasn't been tempered with etc, it's very easy. We bring certification, actually the Nano S is the only certified product in the market. So actually, what we say, we had like a lab double checking it etc, so whether you can verify for yourself, we have third parties referring it for you, we have no problem and so you shouldn't have any problem buying your Ledger from anywhere really.

But just like when we launched the Nano S, people thought that the Bluetooth was an attack vector and they were very scared that the Bluetooth would give access to your private keys. Actually, it's not the case, we have documented that, but it's just like fake news also in our world, people are very scared and they're right to be scared, it's a scary thing!

But we are trying to educate as much as we can, we are publishing as much as we can and it's a long game in the sense that, people will be less scared with time because as we have 1.5 million devices in the market, the day they will be hacked, it will be very public.

Peter McCormack: 1.5 million devices, that's pretty epic, congratulations! Obviously amazing performance, how has it been for you as a company going through what was obviously a crazy bull market in 2017 to a bear market? It's obviously impacted every single company within the industry, how did it affect you firstly within the bull market? Actually I even remember there was a wait time to get your devices because remember when I bought a second one, so you obviously had a supply chain problem to solve then. How has it also been going through a bear market for you guys?

Pascal Gauthier: Oh yeah, it was an interesting ride! So that's why the first five years, every year was different. 2015 to 2016, it was extremely quiet, 2017 craziness, 2018 massive crash, 2019 still a dead market. So in terms of hardware production, it's a very interesting challenge and actually we've got a lot better at understanding how to have a very big production and then go very low, very quickly, which we didn't master at the time because it's too crazy.

You go from selling 2 devices a day to selling like 10,000 devices a day, how do you do that! It's almost an unsolvable problem, but right now we just launched our new plants in Vierzon, so we've just opened like a 4,000 meter square brand new plant for the Ledger Plex, that just gives us a lot of flexibility for hardware production that we sort of control from A to Z.

But up to couple of millions of units a year. If we have to build more than a couple of the millions of units a year, then we have partners everywhere in the world that can help us do that and then we can scale almost to the infinite.

The reality is, if the market is up and down, hardware production is very difficult because if you can't predict, it's very difficult to have a solid partnership outside of the company, but up to 2 million units now, we are sort of good, after 2 million units we will find partners outside of Ledger. But so far we saw 1.5 million, so I think with 2 million the next bull run can come, we're ready!

Peter McCormack: Do you guys or are you as a team considering diversification outside of crypto? I know you've got the IOT side of the business, but does that make you want to push something like that so you have more of a steady business and you're less reliant or less exposed to the kind of the boom and bust of the industry?

Pascal Gauthier: I think we don't do this or we don't do anything for business reasons, like people ask me like, "oh what's your exit strategy?" Or like, "do you do this to please VCs?". We just do things because it's great and we believe it's a great business and we believe that we should do it and there is a need in the market.

So typically, our vision is that there are critical digital assets that are being created in the world right now, Bitcoin was the first example, but there are many other critical digital assets that are being created, like if you talk about security tokens, like any kind of form of token going forward, but also connected objects etc, they trying to protect digital assets that have so much value that it's a one zero sum game, you can't be hacked.

So our mission is to secure these assets and so therefore our mission goes beyond just Bitcoin, it's just any critical digital assets that need security and that's what we do. So therefore, whether we do it for consumers and the Bitcoin, whether we do that for enterprise with both and the crypto and security tokens and so on and so forth, or we do that for industries and objects because you have objects that are in critical environments and you try to bridge the gap between the physical world and the digital world and make sure that what you are sending to, whether it's a Blockchain or a central database, is real.

So this needs to happen with the Ledger type of security, every calculation, every communication with the database or the Blockchain has to be approved, it's the certification of authentication if you like. All of these digital assets and so that's our mission to protect them for sure.

Peter McCormack: Okay, well listen, it's been an amazing first five years for you. Obviously you talked about some of the plans for the future, but what are the short term plans? What are the things that we're going to be seeing from Ledger over the next year?

Pascal Gauthier: So we talked about it, augment the experience of Ledger Live, I think you will see many more services into Ledger Live where you don't have to exit your Ledger Live experience to then come back and you'll be able to use many more services and Ledger Live will become much more a platform. Same actually with Vaults, our enterprise value proposition. Those two platforms will add many more services going forward and short term, this is what you're going to see.

Peter McCormack: Okay, cool! Any plans to celebrate the five years?

Pascal Gauthier: Any plans to celebrate five years? We actually did this last week in Vierzon . Yup. Combination with the opening of the Ledger Plex. We brought all the teams to Vierzon, so Vierzon is a small town south of Paris, that is a very small town. So we brought our US team, our APAC team, everyone in Vierzon and we had a blast. So it's already been celebrated and now we're very focused on the next five years.

Peter McCormack: All right, well listen look, I'm a fan, I've been using Ledger ever since I entered the market. Everybody I know when they get in, I always recommend them to get a Ledger, I think it's a fantastic product! I wish all the best, I hope you lots of success for the future, tell people how they can find out more about Ledger and how they can get hold of you?

Pascal Gauthier: More about Ledger is ledger.com and how they can get a hold of me, pascal@ledger.com.

Peter McCormack: Fantastic, well look, good luck to the future and if I can ever do anything for you, please do get in touch.

Pascal Gauthier: Alright Peter, thank you so much!