WBD687 Audio Transcription

Prime Trust & the Risk of Bitcoin Custodians with Alex Leishman

Release date: Wednesday 26th July

Note: the following is a transcription of my interview with Alex Leishman. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.

Alex Leishman is a Founder, CEO, & CTO of River Financial. In this interview, we discuss the case of Prime Trust, a crypto infrastructure company, that’s been placed into receivership following key management errors that resulted in it losing customer funds. We talk about the challenges of asset custody in the Bitcoin industry and the benefits and complexities of building a regulated business.


“The systemic risk that people don’t realize existed, is that one custodian could have an issue and take down dozens of companies – and that’s what just happened.”

Alex Leishman


Interview Transcription

Peter McCormack: All right, we'll open the show with that Ripple summary judgment is obviously not the last word on the issue.  If Ripple Labs accepts the limited win here, which they won't, they're still turbo-fucked because they've got multi-billions of dollars in institutional sales they're on the book for.  "Has anyone checked on SEC and Gary Gensler lately?" says Cameron Winklevoss!  Right, "Breaking: US judge rules Ripple XRP is not a security". 

Danny Knowles: How did they figure that out?  What Ripple Did! 

Peter McCormack: So, it's not a security.  How's that bad for them? 

Alex Leishman: Well apparently, there's something about how they sold it that is a security.  I don't know, I haven't been on Twitter today really.  But it's a nuance. 

Peter McCormack: Anyway, how you doing, Alex? 

Alex Leishman: Doing great.  Nice to be in Nashville. 

Peter McCormack: Yeah, and finally we do this in person, long overdue. 

Alex Leishman: Absolutely. 

Peter McCormack: I think we've hung out a few times, me and Danny have been to your office, had some canapés!

Alex Leishman: Yes.

Peter McCormack: It's been a long time coming.  We really want to you about, well talk to you about Prime Trust, and talk to you about how an exchange like yourselves can do things properly.  So, when you're building exchange, so people understand, because it's a really important issue in that I assume most people still don't self-custody, you can tell them again and again to self-custody and they won't; and so when they're considering an exchange to use, we were talking about it this morning, there's essentially a trust model or a rug model in that you might be trusting the exchange, but really you're actually trusting somebody else in the background as well.  So, there is this rug model, this trust model that you have to be aware of. 

So, Prime Trust was a big issue recently, because I think they were a pretty well-respected company publicly, wry smile!

Alex Leishman: Well, I mean depends who you are.

Peter McCormack: Yeah, okay, fair.  But I hadn't heard any whispers or any issues with regards to them myself.  And so, my assumption was they were a trustworthy company, got trust in their name.  So, can you give some background?  And so people listening, try and explain what Prime Trust is/maybe was as a business. 

Alex Leishman: Yeah, so this gets into some specifics on how things work in the United States.  So, what Prime Trust offered as its core business that was attractive to a lot of firms trying to build consumer crypto apps, was Prime Trust was effectively what Evolve Bank is to fintechs for crypto companies.  And so, specifically what I mean is, if you look at famous neobanks in the United States, Chime, Revolut, N26, like these guys, they actually aren't banks themselves.  They have this bank behind the scenes that's doing all the regulatory work, and they're building a really sexy app on top of it.  So, you're sort of decoupling concerns; you have the old-school company that's checked all the boxes, and then you have this new, fast-moving company that outsources handling the money, handling the regulation compliance to them, they sort of have an agreement, and they're building a wrapper on top of that. 

Prime Trust was effectively that, but for crypto apps.  And basically what that meant was, if I wanted to build a crypto wallet and brokerage, all I needed to know how to do was market and build a web app.  So, what Prime Trust would do is, well, the way it would work is, so when I build my app, somebody signs up, I collect all the KYC information that I've been told I need to collect, and I send it to Prime Trust.  And there's an account on the back end at Prime Trust for my user.  And actually, I don't touch any money, any financial transactions actually, I'm just proxying that through to Prime Trust.  So, Prime Trust is handling the debiting from their bank accounts, converting it to Bitcoin, custodying that Bitcoin, sending the Bitcoin out when they initiate a withdrawal.  None of those activities are actually happening on any system that the wrapper controls.  They're just more of a distribution model.  And they work out a deal with Prime Trust for how much to pay per user.  There's some pricing structure that's like an enterprise contract. 

What Prime Trust brings to the table is basically their regulated financial institution had done all the regulatory work, all the licensing, etc, so this startup founder doesn't have to raise millions of extra dollars to hire all the lawyers and do all the compliance stuff and build all the custody stuff that they would otherwise have to.  They can just focus on building a nice app and focusing on their distribution model.

Peter McCormack: So, they're basically brand marketing?

Alex Leishman: Effectively, yes.  Now, you can get a little funny with it, but effectively that's what it is.  It's basically a crypto app as a service, slap your own brand onto it.  And so there's all sorts of companies that built on Prime Trust.  And by the way, I don't blame people for doing this, right?  There's a lot of apps where it just doesn't make economic sense to go get all this licensing.  If you're building an app, for example, where holding Bitcoin, your users would only ever have like $20 of Bitcoin at a time, it's like a rewards thing, right?  But technically, you're still doing money transmission, so you need someone to handle this for you.  Going and getting a bunch of licences to build an app like that doesn't make any sense, so it does make sense sometimes to use these services. 

But what we saw was a lot of companies just kind of slapped their front end on Prime Trust and called it a day, a full spectrum of companies.  I mean, I think even at one point, Binance US was built on them. 

Peter McCormack: Oh, right.  Okay. 

Alex Leishman: Yeah.  So, they had some big names.  And the reason that Prime Trust didn't get the attention that other firms got was because they're a B2B2C company.  So, they're not directly serving any end users.  So, the vast majority of people would never know to look into that, right?  They're not dealing with them at all.  It's behind the scenes.  And so it's kind of one of those things where like, if you're in the know, you know.

Peter McCormack: And you agree to the terms without reading them, like we do with everything.

Alex Leishman: Exactly, yeah.  You signed up for the app that built on Prime Trust.  You said, "Oh, yeah, your Bitcoin will be with Prime… okay, whatever, sounds good.  I don't even know how to reason about that".

Peter McCormack: Yeah, "Let me buy some fucking Bitcoin".

Alex Leishman: Yeah, exactly.  And so, the consequence of this is the systemic risk that people don't realise existed, which is one custodian could have an issue and take down like dozens of companies, and that's what just happened.  Some companies escaped in time, which is still kind of TBD, depending on how the bankruptcy estate thing plays out.  But that was a systemic risk. 

Peter McCormack: So, what actually happened with Prime Trust?  I mean, I know, but you're going to explain it better.  Because at first when I heard about it, I assumed it would have just been like most rugs/failures, they tend to be some misuse of funds, some kind of rehypothecation or, well, I mean we've had Mashinsky arrested today, essentially gambling with funds and doing funky things with people's funds.  To me, it sounded like it started with a very poor administrative error. 

Alex Leishman: That is my understanding.  So, the short answer is, they screwed up key management.  And I think, my background is software engineering and cryptography and computer security.  I deeply understand how easy it is to mess stuff up when it comes to securing cryptographic material.  Like, the maths of Bitcoin is not the same as the reality of actually doing it all with a computer, which is just a complex machine that sometimes messes up and has errors.  And then you have humans on top of that, that have to make sure that it all keeps working properly.  So, the short answer is, they messed up key management. 

The higher level takeaway here is that, so they were actually in a category of companies, so they were a regulated trust company.  So, they had this special status as a trust company which is chartered by a state that allows them to kind of serve a higher grade of financial and custody services for all sorts of things, dollars, Bitcoin, securities, all sorts of things.  But the thing is, this whole legal regime wasn't built for Bitcoin, it wasn't built for cryptocurrency.  If you think about it, there was never really a type of property that a trust company was the fiduciary for, or had to keep safe, that could just kind of go "poof", right?  It was securities, which is like legal ownership in a company. 

It's just like the definition of the law, you have the right to this cash, but it's not like it just disappears someday, right?  Or it's this piece of property in a trust for a family.  It's a ranch, the ranch isn't going anywhere, it's right there, someone can't just steal it, right?  And so the legal structure was around how they need to do accounting, how they need to make sure they're not commingling assets and using the assets they're custodying.  And so all the rules are basically around making sure they're not fraudsters.  And as far as I know, from at least at a very basic level, they didn't steal anyone's assets. 

What happened was, from what sounds like from the disclosures, they had a wallet, they had, from my understanding, a hardware wallet that was originally used to custody customers' assets, and eventually there was some management change and some change in the company, and that wallet was discontinued to be used, it was no longer used.  But then something happened where some change was made to the system that re-enabled deposits to those addresses.  It started distributing addresses to this old wallet to new customers to send assets to.  And they didn't realise that that wallet, they no longer had access to that wallet.  So, assets were being sent to a black hole.

Peter McCormack: So, okay, when you say there was a hardware wallet, it wouldn't be a single hardware wallet managing customer funds?

Alex Leishman: I don't know.  I don't know, I don't know these details, right?

Peter McCormack: It's funny, because you do sometimes wonder what really -- I personally have two multisig solutions.  I use Unchained and I use Casa for separate things, and I'm pretty diligent about what I do.  And I sometimes wonder if some of these companies are really just like maybe operating with one Ledger that's locked in a safe somewhere.  And it's like all their customer funds are on this one Ledger!

Alex Leishman: Well some are.  And that's what I was getting at with my description of this legal regime, which is a lot of people assume that -- this is like a fiat credential, right, being a trust company.  Nowhere in the process of getting that trust charter did anyone have to prove they knew anything about cryptography.

Peter McCormack: Yeah!

Alex Leishman: And so, you can end up with a bunch of guys that know how to run a bank, with a trust charter, and they're now responsible for custodying Bitcoin, but they don't know how to do that.  And so, being a trust company is probably good enough to make sure your stocks and your real estate is safe in these entities or something, right?  But that will not tell you whether or not your Bitcoin's going to be safe, because just like you said, there's nothing preventing them from just having a Ledger in a closet.  And yeah, that's the nature of this.  These fiat checklist things that protected traditional assets don't really apply well to Bitcoin. 

Danny Knowles: And so, as far as we know at the moment, that hardware wallet they retired, they just burned the keys for?

Alex Leishman: I don't know exactly what happened.  I mean, it could be that they didn't keep a backup of the seed and someone burned through the pins on the device, who knows?  There's so many failure modes with key management that it could be a number of things, right?  I can list all sorts of ways people -- I actually did a poll recently on Twitter where I asked, "If you have ever lost Bitcoin, how did you lose it?  Did you lose access to the keys; or did you have it stolen?"  And ten to one, it was lost access to the keys. 

Peter McCormack: Wow!

Alex Leishman: And this is kind of where some of my opinions get a little heretical, but you are way more likely to just lose access to your Bitcoin than to actually have your Bitcoin stolen. 

Peter McCormack: I mean, I've been through a couple of near misses.  I had a Trezor that had 3.5 Bitcoin on it at one point and I didn't know where I'd written down the pin.

Alex Leishman: Yeah.

Peter McCormack: And I kind of knew what the pin was.  Oh, look at that.  Danny's just brought up the poll.  So, it's 3% keys compromised; 18.2% lost access; the rest, see the results.  Yeah, that's mad.  And I was going through the guesses.  I kind of knew what number it was, but I didn't know the exact number, but the problem is every time you get it wrong, you have to wait a little bit longer, and you know it, you get to the point where you have to wait days.  I eventually got it and so that was fine.  And then there was another one recently whereby the seed that I'd stored wouldn't work to restore a device and I was fucking panicking.  I had a different seed stored elsewhere.  It was just things that.  And so this, I put my Jameson Lopp hat on, it's every six months I need to run through and test everything. 

Now look, I'm not too worried now I'm in multisig on most solutions, but I've always had that separate wallet with a small float on it.  Have you ever lost Bitcoin? 

Danny Knowles: No, I don't think so, touch wood. 

Peter McCormack: Have you ever lost Bitcoin? 

Alex Leishman: No, I've never lost Bitcoin but I've lost random alts back in the day.  You know actually, a lot of people lost Bitcoin early on because it wasn't worth anything, so they didn't bother remembering their password.  I have $10 of Bitcoin on here in 2011; great. 

Peter McCormack: There's a guy in the UK that every bull run comes up, because he threw a hard drive away, do you know about this guy? 

Danny Knowles: Yes.

Peter McCormack: How much is that hard drive worth now? 

Danny Knowles: I can't remember.  He's always looking in the skips for it. 

Peter McCormack: Yeah, he's always looking in skips.  So, he actually tried to do a deal with the council, the local council, and said, "We want to excavate the tip".  And he had a venture capital fund willing to invest in the cost of doing it, and they rejected it.  But I'm sure it's $170 million.

Alex Leishman: Yeah, it's a lot of money.

Peter McCormack: But the next one, it could be you get to a point where it's over $1 billion.

Danny Knowles: It's 8,000 Bitcoin. 

Peter McCormack: 8,000 Bitcoin!

Alex Leishman: An interesting thought experiment that I think is always funny, is if you've lost Bitcoin by losing access to your keys, if you just had your seed words in your Google Drive, what is the likelihood you would have lost your Bitcoin, right?  Probably much lower.  I'm not saying --

Peter McCormack: Don't do that. 

Alex Leishman: -- you should do that. 

Peter McCormack: This is not advice from Alex. 

Alex Leishman: I'm not saying that's what you should do, but it's an interesting thing to think about, right? 

Peter McCormack: Yeah, but there's lesser ones you can do; you can have a seed plate and leave it under your bed. 

Alex Leishman: Yes, I'm a seed plate fan. 

Peter McCormack: Yeah, well, I'm kind of a Casa fan in that you don't actually need their 3-of-5, you don't actually need to keep your seed.  You can go seedless with that because one's on your phone, they've got one, you've got three others, you can rotate them.  I do keep one magically hidden away somewhere for one of them, but you can.  I'm a little bit more worried on my seeds with my, say, 2-of-3, because it's a slightly different scenario, but yeah, look, there's a range of different things you can do.

Alex Leishman: Yeah, but one of these things happened at Prime Trust.  And so, yeah, doing it yourself, right, but then also at an institutional level, institutions at a whole other level of complexity and this requirement for institutional permanence, with you, it's one-to-one, it's always you.  No matter what you do in your life, you're that guy responsible for that custody.  Institutions aren't people, it's an entity, people come and go.  If you don't have the right structures built into the institution to do key management properly, it's really easy to mess up, it's really easy for these things to happen.

Peter McCormack: Well how do you guys then worry about that?  Do you partition that code and have to constantly retest if you've played with it, or update things, and do you lose sleep over this? 

Alex Leishman: All good questions.  So, I don't lose sleep over it because we have built the company to do this and do it really well.  It's in the DNA of how we've built the company.  We don't ever get complacent, right?  We're always thinking about how can we level up our custody.  But I guess maybe in contrast to the Prime Trust model, which we didn't go with as a startup, we decided we didn't want to outsource our custody and specifically our custody to somebody else, because not your keys, not your coins.  So, we went through the hard work of getting all the licences we needed to be able to hold people's Bitcoin and transmit it for them.

Peter McCormack: From day one?

Alex Leishman: From day one.  In the United States, you have to do this in every different state.  So, there were actually a number of states where we didn't need one from day one, so we were able to launch in a number of states without these.  And then we went state by state and got licences, and that took about two years.  And it's a lot of work.  It's a lot of expense, has a lot of complexity, but it forces you to get mature really quick.  And so, because I knew that all that would -- I couldn't sleep at night knowing that some guy at some other company could mess up and my business is over. 

Peter McCormack: Yeah, which has happened multiple times in our industry. 

Alex Leishman: Yes, yes.  And, I'm just an adversarial thinker.  I'm like, I need to build my company such that another company can't take me down, and I think about that constantly.  I'm constantly running through scenarios.  I'm constantly thinking about how can we build this adversary thinking into our planning processes at River, into how we all operate, because it's non-trivial to think about.  There's fiat, there's the banking system, there's software vendors, etc.  But yeah, so we did things the hard way and because of that, we sleep better at night and we have our own custody system, so we know that all the coins are there. 

Peter McCormack: I guess you have to think about multiple attack vectors though, because there are bugs in the code that could cause an issue; there could be an erroneous developer who injects a bit of code, but you get around that with the work being checked; but then you could have collusion amongst developers to rug.  That's a lot of scenarios to think about.

Alex Leishman: There's a lot.  And by the way, those scenarios don't disappear if you build on a custodian as a service, right?  If your app wrapper is just making API calls to the custodian to do things, you could still introduce vulnerabilities there.  So, you can never actually escape this stuff.  But for us, complexity is the enemy, complexity is the root of all evil in this industry. 

Peter McCormack: Big up Vitalik! 

Alex Leishman: Yeah, exactly!  And so, I'm maximal complexity reduction.  And so we've built the company like that.  We only Bitcoin.  It's not obvious why that's a good business decision, it wasn't to most people when we started.  It's becoming more obvious now, because complexity doesn't just exist in your technical systems, it's legal, right?  Dealing with multiple potential securities is a legal DoS I don't have to worry about right now, and most of my competitors do.  Custodying Bitcoin, we can just do native multisig; I don't need to worry about a much more complex, multi-coin custody system, that doesn't have some of those protocol level guarantees for all of the assets that we custody.  And then, when it comes to custodying the Bitcoin, again, equally weighting the risks of theft and loss of access, that's what I think a lot of people miss. 

So, for example, I have a few rules when we do our custody systems and designs that maybe are a little heretical in Bitcoin, but one is, we never send money to an address we haven't spent from.  That is like, I will die on that hill.  That is something that a lot of people disagree with me on.  But that is the only way to know 100% that you have the key for the address that you're sending the Bitcoin to.  And so, when it comes to the big chunk, single address.  And because, what if the BIP32 derivation had a bug?  Did you run multiple versions of that library and compare the results?  Did a cosmic ray hit a transistor while that computation was happening? 

Peter McCormack: A what, what?! 

Alex Leishman: A cosmic ray.  Lots of people don't think about these things.  Computers are machines; machines have issues.  One of the failure modes that a lot of people don't realise, and it's very rare, but when you're dealing with big amounts of money, very rare matters, and this is something that I saw Greg Maxwell talking about in a meetup once, which is like, you could run a programme in your computer and a cosmic ray, an electromagnetic x-ray or gamma ray, can hit a transistor and cause it to flip from a zero to a one.  If that happens at the right time, that can cause an error in the result.

Peter McCormack: How do you protect against that?

Alex Leishman: You run it twice.  But the way to really protect against it is to make sure that the result you want is completed end to end.  You have to come up with a way to prove that the result is correct.  And so in Bitcoin, if you derive an address -- and yeah, there's checksums on the address that can protect against certain, certain things there, but there are parts of the computation where the checksum won't help you.  But if you can sign for the address, if you can spend from the address, you now know with 100% certainty, you have that key.  And so, these are all these little niche things, right?  Custody is hard.  And so, things like this are the reason I keep it very, very simple. 

Peter McCormack: One of the things I've never understood about exchanges, you might not be able to answer this because it might be a security thing, but I'm assuming you operate with hot and cold wallets. 

Alex Leishman: Yes.

Peter McCormack: And when you need to deposit from the cold one into the hot wallet, when I'm sending, say, some Bitcoin to Danny, he gives me an address, I paste it in and then I check the first four and then check the last four that I'm sending.  And by the way, I have sent hundreds if not thousands of Bitcoin transactions and copy and paste has worked every single time without fail, but I always check.  Is it the same in a big exchange?  Are you copying and pasting addresses and checking, or are there different systems you use when you're on that level? 

Alex Leishman: No, you have different systems. 

Peter McCormack: Okay. 

Alex Leishman: So, I can give you some insight in how the sausage is made here.  So, you have cold, you have hot, and then you have counterparties as well that you're moving Bitcoin with, like OTC desks and stuff that you're trading with.  You have systems in place such that there are controls, often at an application level, to where people can send Bitcoin, right?  So, for example, the way a lot of people operate is Bitcoin can only move from cold to this one address, right, and that's a hot, or more of maybe a warm or a staging wallet.  And then there's some application controls.  Then to move it from there, three people out of this group need to sign off on that transaction.  And then you have white-listed addresses, like this is OTC desk one, this is OTC desk two.  And so you can relax some of the approval controls there because the worst case is it gets sent to another regulated financial institution, right? 

Then the real danger is the proper hot wallet where Bitcoin can get sent to any address that your users are withdrawing to.  And there, you do things like you have rate limits, and you only keep a certain amount there.  So, you move funds from the staging wallet to the hot wallet to keep it topped up and if you hit a certain rate limit, you have people start to manually approve things and take a look and make sure everything's still okay.  So, you have lots of these controls.

Peter McCormack: And these controls, you've built up yourself; or these industry standards that people have adopted?

Alex Leishman: I don't think there's just one standard, I think that's very heterogeneous.  I think a lot of people end up converging on something like this.

Peter McCormack: Right, okay.

Danny Knowles: I think just before we move on to River, we should go back to Prime Trust just for a minute, because I feel like we're giving them an easy pass!

Peter McCormack: I'm not done on Prime Trust, don't worry!  I'll be definitely coming back to Prime Trust.  Okay, that's a good point to go back to Prime Trust.  Do we know how much Bitcoin they lost?

Alex Leishman: I don't think we know how much Bitcoin they lost.  I think we know they lost, I think, was it $80 million in assets?

Peter McCormack: Do we know how much they had under management?

Alex Leishman: I don't know.  I also don't know what the breakdown of the assets were.  My understanding is there might not have been that much Bitcoin in there.  I don't know for sure. 

Danny Knowles: What I'd heard is that they have almost all the Bitcoin.  In fact, I think they have more Bitcoin than they needed to, but they've lost a lot of the fiat Tether value that they're meant to be holding. 

Alex Leishman: Okay, interesting. 

Danny Knowles: I'll try and pull up some numbers. 

Alex Leishman: Interesting. 

Danny Knowles: But getting back to that, so they'd lost obviously a lot of Bitcoin and then I believe they used customer funds, the customer Tether value, to buy Bitcoin, which is potentially fraud.

Alex Leishman: Yeah.

Peter McCormack: That's where they potentially -- okay.

Alex Leishman: So, then that gets interesting.  So, if they use someone else's, another customer's funds to buy Bitcoin and then people withdrew the Bitcoin from Prime Trust, will a judge say that there's clawbacks?  Like, I don't know how this goes down.  It'll be really dependent on how the judge handles things.

Peter McCormack: Well, it always tends to take a lot of time, and a lot of money gets swallowed up by lawyers.  Time can be a killer of a business as well if you need those assets.  I don't know which companies have been affected, but I do remember the rumours coming out and companies saying they've got out.  But I mean, it's catastrophic for some companies to do this, or individuals who have to cover the funds. 

Alex Leishman: Yeah.  And getting out is like, I think what we're seeing with FTX and Celsius and these others is like, well, you don't really know you're out until the judge says there's no clawbacks.  So, that could be multiple years.  I mean, they have everyone's KYC information, so they know who got the Bitcoin out.  Now again, I had no indication that this would happen.  It's a nuance of bankruptcy law, like there's not real precedent for this kind of thing.  So, we'll see.

Peter McCormack: Are Prime Trust done?

Danny Knowles: It's yet to be seen, I think.  So, Nevada was the last place they had a licence and they've revoked the licence, so they can't trade at the moment.

Peter McCormack: I wouldn't have thought anyone would trust them anyway.  I mean, just change their name to Prime!

Alex Leishman: Well, yeah, now the founder of Prime Trust started another company, called Fortress Trust.  And so, it's kind of the same playbook, but I think this time they probably don't mess up the key management.

Peter McCormack: So, in some ways, well, not in some ways, what you've done with River is you've taken a low time preference in terms of building the business to build it right, to structure it right, to protect your business.  The cos of that is the cost of doing business, scaling, speed.  You've essentially almost taken that Saylor approach, where he talks about building things for decades rather than quickly, because there's so much inherent risk.  How, what have been the kind of pros and cons for you for that?

Alex Leishman: Yeah, the cons have been dealing with -- well, the pros have been sleeping at night, or at least just dealing with a different type of problem than worrying about my custodian.  But the cons have just been all the extra overhead that comes with that.  Now, there's pros to that.  I mean, it does force you to just mature very quickly as an org, right?  If you're getting licensed in all these states, you can't operate just a normal startup; you have to get professional really fast.  From day one, we've had full financial audits every single year.  It's painful.  People listening who have been through a financial audit understand how painful it is, but it forces us to have our act together, and it forces us to have our systems, our accounting, our books, tight to the T, very early, all these controls, all this stuff that only a big company would have, you just have to get in place early on. 

So, the downside is having to do all that, but the upside is, well, we need to be doing that anyways.  So, it's expensive, it slows things down, and I think people say that a lot.  Here's a tangible example of the complexity of that.  Somebody's like, "You know what, I want this service of yours, but I want to pay you in Bitcoin".  Well, we're a Bitcoin company, we should be able to accept payment in Bitcoin.  Well, a typical startup could just say easily, "Yeah, just send us Bitcoin, you're good".  No, we need to make sure that actually, that financial transaction, we know how to classify that in a GAAP accounting way and it's properly documented that the Bitcoin was accepted and when it was converted and how are we recognising this revenue; what if the Bitcoin price changes; how do we explain to auditors the nature of this transaction and this entry on the GL?  There's just all this downstream complexity you have to worry about this single event creating.  And that could lead to 20 to 40 hours of work for people, just dealing this one exception to things, this one new thing.  And that's just a little example about the type of complexity and expense this stuff adds to businesses. 

Peter McCormack: There's a tax implication on that as well, I was talking to Danny about this the other day.  I don't know if it's the same in the US, but our turnover and profit, any Bitcoin we receive, that is priced in pounds at the day we receive it.  If the Bitcoin we hold drops in value, that doesn't change our turnover.  So, say we were only paid in Bitcoin and we received £1 million in Bitcoin, on our books, in our P&L, that says we received £1 million, not £1 million of Bitcoin, £1 million.  If the price of Bitcoin drops 50%, that entry still says £1 million.  And so if, say, we made £500,000 profit, we would have to pay tax on £500,000 profit, even though the Bitcoin we hold is worth less than that. 

Now, we get a credit on capital gains the following year if the Bitcoin goes up in value, but there can be a tax implication.  Now, I wasn't aware of this at the time.  I didn't think we were receiving £1 million, I thought we were receiving Bitcoin and at the end of the year we value that and pay tax on that.  That's not true.  So, just being a Bitcoin-only business is actually very difficult with volatility.  So, we have to now, whether it's the football club or whether it's the podcast, we have to consider that risk.  And it's annoying because sometimes you get paid in Bitcoin and you want to hold it.  Like the football club, the Bitcoin it held from when we launched it is down in value.  We've still got to pay tax on that.

Alex Leishman: Yeah, and add a GAAP financial audit on top of that, where you have to deal with a third-party audit firm who's putting their reputation on the line to sign off on your books.  And that whole world is fiat, everything is in dollars.  They don't care that you have Bitcoin, that you think in Bitcoin.  They don't care, that doesn't matter, the law doesn't care about that.  The dollar numbers have to be right.  And so, yeah.  But I wouldn't do it any other way. 

Peter McCormack: Of course.  With that, though, you've built a very robust business, right? 

Alex Leishman: Yes. 

Peter McCormack: I know it's your firm, but the way I look at River, I consider you the strongest Bitcoin on-ramp, the most well-established, long-term Bitcoin company.  And I'm not just saying that because you're here; we've had these conversations, that's how I look at River.  But then I also, just to be fair, I look at River and go, "I don't hear a lot from River, you're not out there marketing all the time", and I think that potentially is because you have been doing that hard work.  Has that been a tough thing to explain to investors?

Alex Leishman: Not really, because we've actually had great -- I mean, for the last four months, we've hit all-time high record monthly transacting users month-to-month.  But that said, the lack of marketing was, I would say, predominantly because of who I am.  I'm an engineer, I'm a builder.  The first phase of River was me, it was my team building it, and then also, honestly, just learning how to run a company.  This is my first startup, getting smart as a founder and a CEO, and we had nice organic growth in the beginning, so marketing wasn't this thing we were desperately in need of.  But one of my biggest learnings as a founder was, and one of my biggest weaknesses early on was just, I'm not a marketer, I didn't know how to market something.  And so, that's something I had to get smart about.  We've since built a really strong marketing team in the last year, and it's been paying dividends.  And so, you're going to see that change more and more.

Peter McCormack: But it felt like you were doing the hard work upfront to build the right company first.  You have no shitcoins, Bitcoin-focused, no stupid products.  Now everything I understand about how you've built the back end, in terms of you controlling the stack rather than outsourcing it, it sounds you've built for the long term.

Alex Leishman: Yes.  This company is being built like we're building a cathedral, brick-by-brick.  And so, we didn't feel this need to yell it from the rooftops early on, we needed to figure things out, we had a lot we had to do to get it all right.  And we're just now getting to the point where we're like, "You know what, we can ramp this up", and it took us four-and-a-half years to get there.

Danny Knowles: You've had FTX marketing for you!

Alex Leishman: Yeah, exactly, we had a lot of these guys marketing for us!  I mean, it's kind of funny, our ranking in the market has gone up because basically a lot of the top guys just blew up.  And so, yeah.

Peter McCormack: Yeah, I've also noticed you've expanded your services a lot.  You've offered the mining, which surprised me at first.  I was like, "Wow, where's this come from?"  But you offer the professional services, what do you call it?

Alex Leishman: Lightning payments.

Peter McCormack: No, the --

Alex Leishman: Private client?

Peter McCormack: Private client, you offer that service, you offer the business services.  I've seen all that coming and been part of it, but you haven't gone into the loans market.

Alex Leishman: No, we never will.

Peter McCormack: Oh, you never will; not even in a way Unchained have done?

Alex Leishman: No. 

Peter McCormack: Okay. 

Alex Leishman: I don't like lending. 

Peter McCormack: Okay. 

Alex Leishman: I say -- okay, I don't like to be absolutist.  I don't like to say never, because life changes, markets change, there's opportunities that come up, I learn new things, I learn there's opportunities that are within our risk tolerances.  I have a hard rule: we only build things that allow us to sleep at night.  I don't like lending, I just fundamentally don't it.  It just doesn't make me feel good, it feels weird, it feels leverage, it adds a bunch of risk, it opens us up to all these fiat things.  We're not a finance company at our core.  We're builders, we're engineers, we're product people.  Our growth and our expansion and our product suite is going to be focused on building really, really good software, not building really good financialised sorts of things. 

Peter McCormack: In terms of self-custody, again you might not be able to tell me this, but I'd be interested to know, as a company that pushes self-custody, and is a big advocate of self-custody, what percentage of people actually still do it?

Alex Leishman: I'd say it's growing.  So, we just launched an auto-withdraw feature to try and get more people to self-custody.  So, one of our popular features is we have zero-fee dollar-cost-averaging.  So, we can do DCA for free, and then you can auto-withdraw those Bitcoin.  And I describe that as our Costco hot dog, right?  We don't make any money on it, but it gets people in the door, and maybe they do one-time buys, and we can sell them things over time.  But I'd say it's about 20% to 25% self-custody.  So, the vast majority don't.  And the reason is the vast majority of people kind of know that we can probably do it better than they can.  It's not that they can't do it well, it's just that it's economic specialisation of expertise.  They want to outsource that trust to a firm that specialises in it, and I don't blame them for that.  It's a lot of work to get it right yourself.  And the thing is, we have no incentives to hold onto people's Bitcoin.  We don't get paid for it, it's a free service we offer, so if somebody withdraws their Bitcoin, it's great for us.

Peter McCormack: Please withdraw all your Bitcoin!

Alex Leishman: Please withdraw.  I don't want to hold your Bitcoin.  We do it because if we didn't, people wouldn't use our service.

Peter McCormack: Yeah.  That auto-withdraw, that DCA, say if somebody is doing $25 a week or something, that's a lot of UTXOs for that person to be putting into cold storage.  I saw Marty Bent tweet about this this week.  He's talking about fat UTXOs in cold storage.  Do you think about that at all, because I hadn't considered that until I saw Marty's tweet, and I was like, "That's a great point"?

Alex Leishman: Yeah, we actually thought about that in the design of this product.  So, the way it works isn't your DCA hits and then you withdraw that amount.  The auto-withdraw is a separate thing in your account and you set a minimum threshold that you want the auto-withdraw to trigger.  So, we encourage people to set that to something higher so that they're not getting all these small UTXOs.

Peter McCormack: Yeah, good.  So, in terms of what's coming up then for River, because you've done all this work now, a lot of your competitors have gone fucked.  So, what's now; what's going to come?

Alex Leishman: Yeah, so there's really two sides to how we think about building.  There's the, excuse my French, not-fucking-up side, which is work, right?  So, we have specific projects that keep everything safe, keep making it safer, keep reducing the risks of anything bad happening.  That's a lot of work just for that, just to contain entropy at a business.  And then on the new things side, there's three verticals that we're going to be operating in over the years to come, and we're just going to be building in these verticals: it's serving consumers, the personal side; serving businesses, and I want to see SMBs and other operating companies using Bitcoin more and more; and payment infrastructure, so our Lightning and Bitcoin infrastructure as a service business.  And those are the three verticals that we're going to be building in with the vision of accelerating Bitcoin's adoption as a store of value and a medium of exchange through these best-in-class software products.

Peter McCormack: Talk to me about the Lightning business services.

Alex Leishman: So, that vertical came about in an interesting way.  So, when we launched River, because we were Bitcoin-only, we were like, "Well, you know what, we have the time to ship Lightning Network support", in 2019 when we launched River.  And so, we were the first Bitcoin exchange in the United States to have Lightning Network support.  So since then, we've built up this Lightning Network infrastructure that started getting pretty big and beefy and high quality.  And eventually we started seeing an opportunity to sell this as a separate service offering.  And the need we saw was more and more apps wanted to add Lightning Network support to their custodial wallets, but they didn't want to build all this stuff themselves.  So, we were like, "Well, we should just build an API for this".  And so we did. 

Since then, we've onboarded some really cool customers, some we haven't announced yet that hopefully we can announce soon, which I think will be pretty exciting, but some we have announced.  So, for example, we're the Lightning Network backend for Chivo, for El Salvador's wallet.  And so, our focus right now is going to all these custodial wallets and exchanges all over the world and saying, "Look, I know Lightning isn't huge right now.  I know adding another token will make you more money, but this is a plug-and-play solution".  And actually, we're seeing a lot of adoption here because what's happening is, as the market's kind of gone flat and the long tail of asset trading volumes have dried up, these regional crypto exchanges are going, "Well, we actually want to be real financial institutions, we want to process real economic transactions for our customers, we want to improve our wallet services, we want people transacting through us".  So now they're going, "You know what, Lightning could be huge here."  And we're seeing more and more people want to get involved in remittance flows. 

There's an interesting macro dynamic, which is all of these regional crypto exchanges have built best-in-class fiat delivery to their regions, and they have crypto bridges, right?  And so, I see lightning as connecting, as being the final ultimate connector of all these exchanges that have been built all over the world.  And so now, value can seamlessly transition between all of these companies instantly, and I think that'll unlock a lot of interesting use cases.  So, we're basically coming and saying to exchanges in Europe and Asia and South America and being like, "You want to add Lightning?  Plug and play.  This is as easy to use as stripe, and it just works". 

Peter McCormack: What do you think about the state of where we are at with Lightning?  We're obviously in Nashville for the Lightning Conference at Bitcoin Park.  There were some criticisms pointed at Lightning Network after all the Ordinal bullshit.  We had Matt Corallo on, he said it exposed some weaknesses in Lightning.  Then we've seen other Layer 2s, Ark has come on the radar recently.  You're a techie, I'm not a techie, where are we at in terms of Lightning and other L2s and where are you thinking with regards to these?

Alex Leishman: Yeah, so the way I think about Bitcoin is there will always be innovation, especially above the base layer.  I love all the L2 innovation happening and I will invest in that at River, in our business, as we see progress there.  But Lightning today is by far and away the mature and developed L2.  You cannot compare an idea someone wrote down in a blogpost to a protocol running in production that's been hardened over years.  The devil is always in the details when you go to implement these things and build them at scale.  Ark is a really cool idea, but to compare it to Lightning is comparing a theoretical new internet protocol to TCP/IP, right?  It's like, it works better on paper, but it's not real.  So, there's real-world stickiness to protocols and Lightning has that. 

Is Lightning perfect?  Absolutely not.  The worst thing about Lightning and the thing that no one's really figured out how to truly get around is this whole channel capacity challenge and problem, the liquidity problem.  It doesn't feel like you should have to do that, but you do today and there's ways to smooth it out and optimise it, but it's not perfect but you can't strive for perfect, you have to go one step at a time, and I think Lightning has a long life ahead of it. 

Peter McCormack: All right, well listen, I think what you built is brilliant.  I was just remembering that I think we met before you launched at a dinner. 

Alex Leishman: I think so.

Peter McCormack: There was a dinner in San Francisco. 

Alex Leishman: That's right. 

Peter McCormack: There was about 20 of us.  I'm pretty sure that's the first time we met.  I think Liz Stark was there.

Alex Leishman: Yeah, she's a good friend, yes.

Peter McCormack: Was she an advisor? 

Alex Leishman: Yes. 

Peter McCormack: Yeah, I remember that dinner now.

Alex Leishman: Liz was instrumental in River.  She's given me some of the best business advice I've ever gotten in my life.

Peter McCormack: Yeah, she's amazing.  I think that's where we first met, and it's been great to see you build this business up.  Where do you want to send people?

Danny Knowles: Can I ask a question real quickly before we get there?  So, I just thought, I was speaking to someone at Bitcoin Park the day before yesterday, and he was explaining how in the traditional finance world, there's a separation between brokerage and custodianship, and the broker is not allowed to custody assets in, I don't know if it's in every circumstance, and he was worried, or not necessarily worried, but he was thinking that may come to Bitcoin.  Do you think that's likely? 

Alex Leishman: It's unclear.  I mean, there's a lot of nuance in the law.  A lot of those rules are for securities, so, it's possible that if these tokens are classified as securities, it applies to that, but not Bitcoin.  That rule set is built for financial institutions that are offering lots of assets to be traded, to make sure they're not also trading with their customers funds.  So then, rules like that make sense for a certain class of firms.  For example, you don't want Fidelity to be able to sell you Apple shares, and then those Apple shares are in your account, but they're also trading those Apple shares and market-making with them; you want that to be separated. 

With Bitcoin, it's kind of different, because you just take it out whenever you want; you can prove to your customers the assets are there.  So, I don't know what the legislators or the regulators will decide on what needs to happen.  I think it's really overkill for Bitcoin brokerage.  But if those rules do apply, we can handle that because we have the legal expertise to spin up a qualified custody entity. 

Danny Knowles: Just a new entity, yeah. 

Alex Leishman: Yeah.  My concern about this happening is innovation for custodial Bitcoin will just stall out, because a lot of these qualified custodians, their job is to be checklist legal guardians.  So, they're not thinking, "Well, how do we add Lightning?"  If you think about it, if your Bitcoin has to be custodied here, that means the wallet functionality that you have needs to be completely powered by whatever that custodian offers.  So, this could substantially hinder Bitcoin becoming used as a medium of exchange, for example.  You could only have first-class medium of exchange wallet tooling if it's self-custodied, which I think would just drastically stall its use as that in the United States.  So, that's my concern, is these qualified custodians are just slow-moving; they're there to just park an asset, not actually use it.

Peter McCormack: BlackRock.

Alex Leishman: Yeah, BlackRock.  Yeah, I mean the ETF stuff is interesting.

Peter McCormack: Well, look, I'm coming around to the idea that this is a huge advertising campaign for Bitcoin and look, if they end up locking up a million and a bunch of people just aren't holding the asset, fine, as long as it does the job of giving us protection, advertising to everyone that Bitcoin's okay, it gets the poor journalism off our back.  We were with Alex Thorn before you and he said this is what hyperbitcoinisation looks like. 

Alex Leishman: Yeah.

Peter McCormack: So, I'm fucking all in, pump our bags, Larry!

Alex Leishman: Yeah, it's true.  I mean, I don't think it can make the Bitcoin price go down.

Peter McCormack: Yeah, that's for sure!

Alex Leishman: Yeah, so, go for it.

Peter McCormack: Well, listen, we're going to head over to Bitcoin Park with you shortly, but look, congrats on this, it's brilliant.  Seeing you build this business and you're still around while others aren't and you're still growing, it's amazing.  Congratulations and I can't believe it's taken this long to do this.

Alex Leishman: Yeah, thanks for having me on.

Peter McCormack: Anytime, man. 

Alex Leishman: It was a pleasure.