Ariel joins to discuss using hard wallets on a daily basis (especially when chasing mints!) and why having a hard wallet matters. She also covers the future of wallets, self-sovereignty and why security is essential for Web3's future. Recorded on August 1, 2022 for Crypto Packaged Goods Genius Call series.
Ariel Wengroff runs Global Marketing and Communications for Ledger, the world's leading platform for securing your critical digital assets in Web3. With billions in assets scammed and hacked in 2021, we want to make sure the CPG/POP community stays secure and understands how to navigate Web3 in an easy and fun way.
Follow Ariel at https://twitter.com/AWengroff
Follow Club CPG at https://twitter.com/CPGCLUB
To learn more about Crypto Packages Goods, visit https://www.cryptopackagedgoods.com/
Mikey Piro (MP)
We have quite a line up if anybody had missed the news of the past week on open Sea. Seeing the number one by Ledger in the marketplace, we are joined today by Ariel Wengrof. So this is genius. Call number seven, not your keys, not your coin, keeping your web three and crypto secure with Ledger. A little preamble here. With billions in assets scammed and hacked in 2021, we want to make sure the CPG Pop community stays secure and understands how to navigate web three in an easy and fun way. This session is going to cover using hardware wallets on a daily basis, especially when chasing mints, and why having a hardware wallet matters. Also going to cover the future of wallets self sovereignty. I don't want to spoil it all. Let me get to why Ariel's amazing. Ariel runs, and I hope I'm saying this correct, I'm pretty sure I am. Ariel runs global marketing and communications for Ledger, which is the world's leading platform for securing your critical digital assets in Web three. She is also an active member of the athletics community and is super generous and has hooked up CBG Pop with so much stuff. Ariel, thank you so much for being here this morning, this evening, and the floor is yours. Thank you again.
Ariel Wengroff (AW)
Thank you. Thank you for having me. I mean, honestly, I'm very happy to be speaking with everyone today if you don't know kind of the origin. And also, I'll say I'm calling in today from Vermont, actually, where I went to school. So I'm at a friend's house, which is really nice to kind of be here from there. But if you hear any dog noises, it's just a dog chiming in on the future of NFPs. But I think it's incredibly important because I actually got so much of my education when I first joined Ledger, which, if you don't know, is actually kind of the world's most secure way to access and protect your digital life right now through crypto and emerging with Blockchain, but with the way that that's evolving, which we'll get into, it'll continue to be more and more important. And I really learned so much through Chris and through Jamie and the whole group in CPG Genesis. And so it's really just always my pleasure and kind of first priority to be able to give back to the top and CPG community. So if you have questions, as it was mentioned, save them for later on. And if there's an answer that I can't get to you today, I will absolutely make sure to get it to you as soon as possible. So what's really nice about this conversation is there's no way that you could be in Pop without actually having some form of a wallet. So we will start by going through these different phases. But it's incredibly exciting to think about the progression of where we are and still how early we are. We have over 30 million wallets that have been on boarded, which is human beings, some have more than one into the space. But there's still only 300 million people who actually participate in the blockchain and in crypto today. So if you think about that, we're still incredibly early. We are very niche and we are a representation of think about when the ipod came into play and people were using MP3, but you had to put so much effort into that iteration and time period to actually make it worthwhile. There's a lot more to go and it's creating a very special progression of art and artists and utility and showing value. And I focus as an introduction within NFT because realistically, that's actually how most of us found ourselves into this space right now. And it's important to understand that that might be the impetus for why you came in or why you're here. But I hope that you're starting to see more utility and examples popping up of indicators of what this might mean going forward. So for example, realistically we could see in the future that you might be using your wallet or your digital identity to actually secure your bank information, your digital passport, your driver's license, your Coped vaccine or your political affiliation. It would be probably more likely that you could verify your identity through your wallet without actually having to give up the information of your identity. Then using all of these systems that we use today, why they're desperate. The way that the phone has evolved wasn't actually made for the Internet in the way that the Internet and web Three exist today. And it would only make sense that something needs to come in the future that does to your phone or to hardware what Apple essentially did to your phone in revolutionizing and rebuilding it from the ground up. And I will say I think that's important because as you enter web Three, it's an opportunity to actually hit reset on the relationship that you have with the ownership of your identity online. Basically, we're seeing this huge revolution of value and it's a once in a generation, probably once in an ever experience of true digitization of humanity. I can't think of another time in history where every single piece is actually being integrated. And because of the blockchain that means that there's a history and a record of every single thing. And so therefore, instead of assuming that web Two and the Internet should actually have ownership over you, over your value, over your information, you actually have the opportunity to have that self custody and to have that ownership in a way where you get to choose what you want to share. And so through the reference of NFTs and the introduction to crypto, most of this is around finance, right? I paid for something, it has something of value to me, I'm a part of the community. But the initial implication was I'm curious if this might make me more money, right? And so a lot of the framework around custody or self custody, which we'll get into is actually around this idea of becoming your own bank and learning why it's important to actually have more autonomy over that. And in that way and it's wallet adoption has become more important because a, when something gets taken from you, there's no take backs, there's no insurance, there's no recovery. We're seeing these really interesting use cases where people lose projects that they're working on or the ability to progress on something and it's complicated, it's scary and it's very overwhelming. And so we're kind of going to go through these three categories of understanding. One is the basics which a lot of you already know and so I'll gloss over it. One is kind of avoiding threats which are a little bit more complicated and the third is sort of like master level and let's get into it from the beginning. And I would say honestly, I think it's worth going through these again because truthfully, if you're explaining it to someone else, which I would say is kind of your responsibility being so early in the face because we're constantly always getting asked questions and it's very confusing. You just need a very simple way to explain it, which is essentially like not your keys, not your coins. Think about it like sending mail. You have a public account where anyone can send you something in the mail, right? Like whether or not you want it. Could be spam, could be a bill, could be all of these different things or it could be something amazing. But only you can access that mail. When you have your mail key, that's essentially what your private key is. It's where on the blockchain through cryptography you have access to that. And so that private key is just you. And so essentially when we're thinking about that protection, we go into these three factors, the exchange account, the software wallet and the hardware wallet. And this is actually, I think, important because in some of the sub pop chats, like even in the no boys allowed or in pop NFT, I see questions coming up around this where I think there's an assumption that we all have shared more education around the why than there actually is. So I would assess these three categories within kind of like ownership, security and ease of use as the ratings metrics. And I will also say like, our job here is to try and lift up security and education in the whole community and space. The choices are yours to make. And we just know that when one person gets wrecked or when one person isn't thinking about this future thing, it actually hurts the whole community. And so that's why leisure, we really see that as part of our role and it's very important to me because I also think education allows for more people to feel comfortable taking that leap of faith, which otherwise could create the same types of patterns that we've seen in other eras. And so with Exchange accounts, think about like cracking NFT, think about finance. This is not self custody. This is username password. This is very web to. This is I have not been given a recovery phrase. I do not have to have any autonomy around this. But this also means if I want to do something, if I want to exchange my funds into fiat or into something else, I essentially have to get permission, approval, and there's a process that takes time to do so. It also means that if there's a glitch on the site, if it goes away, there are issues sometimes towards getting the things that you want and need. And that's a very web to framework, which is you have the luxury of accessing some type of digital good for a period of time based on the longevity and sophistication of that business. And as we've seen recently with a lot of challenges around custody and exchanges, some people are unfortunately getting really screwed. And I would say to that point, if it hurts the community, it's like if you've listened to a lot of media recently, they are immediately so quick to attack the possibility of crypto. And it's as if you were comparing the entire process of the stock market to Bernie Madoff. It's like, yes, there's always going to be a range of these outcomes, but if you are trying to be Web 2.5 or you're trying to be in between, ultimately it's just going to have some of the same challenges we've seen before. The second version is a software wallet. I'm assuming that every single person that is in Pop obviously has a software wallet because you need to be able to connect to get into DPG or into Pop. And this actually has great ownership, right? Like you get a recovery phrase, which is that seed phrase is a twelve or 24 word phrase. And what's really amazing about blockchain technology is no matter what happens, you can always reset your information with that, which is really incredible. It doesn't matter what wallet you're using or if you lose it or anything like that, it's always available to you, but it doesn't have good security. And that's because we all love convenience. And I would say, like, if Netflix is competing with sleep, I always say Ledger is competing with convenience because we just like easy stuff. We've been trained for instant gratification and that's fine. But Web three infrastructures are still outdated in that regard. Like, think about 20 years ago. The Palm Pilot was worth more than Apple and Amazon combined. We've come a long way and we kind of have to hit reset again. And so essentially, a software wallet is a phantom temple MetaMask. It is something that is essentially a browser extension that allows you to utilize your crypto on the different chains for these purposes, particularly usually getting NFPs. And the reason why it's a challenge from a security perspective is because essentially you should always assume that your hardware or the technology, like the operating system around the hardware is lying to you and you won't know. So you think that you're signing a transaction, getting mosquitoes, which who knows what the mosquitoes would do? But the transaction you're really assigning in the back end has an attacker's address in it and you'll have no idea. And essentially, like, you can see that number in the back end is different right, for the total. So you think you're getting something for three E's and you're actually ten ETH and you're getting taken. Something I'll say about that, which I'm happy to get into later, is if you're using your laptop or your phone and you have information on your clipboard, especially within browsers, you should automatically assume that that's public information. And I always tell people when they're explaining something to a family or friend, think about it as if you're in a heist film. Like think about it as if you're in the Born Identity or you're in Oceans Eight, or you're in The Italian Job, whatever floats your boat. But it is that type of experience that we're having right now and it really happens all the time. And that is really what leads us to the hardware wallet category, which is essentially a device that keeps your private key, that private mailbox key, stored off the blockchain. And that's incredibly important because A, it provides you self custody. It does not matter if a company exists, dies, anything happens with it from a top level corruption. You always own your assets and you control your withdrawal, transfers, anything around that. It has incredible security and the ease of use is what needs to be improved over time. And the reality is that not all of the ways that hardware wallets are secured are kind of born equal. There's something called a secure chip within a hardware wallet and that's actually where your private key is stored. And I would think about it as in a credit card or in your passport. There's actually a key in there that stores your individual information and that's just the vehicle or form of which it shows up. So similarly for a hardware wallet, it might seem weird and strange now, but it's actually just a traditional form of security from that category. And I would say that I'm biased because I work for ledger, but I'm actually not. The reason why I joined Ledger is because I believe in ledger becoming like the apple of luck three. And I believe in the fact that the entire system of which we exist is changing. And in order for us to allow individuals to make that change in a way that could have intergenerational impact, we have to fundamentally disrupt the hardware and interface that we live our life through. And so within ledger, this private key that we've generated is something called a secure element key that we actually store everything through and we have our own trusted display screen that we've developed along with the actual operating system. And so your private keys are always offline in the secure element and no one can access them except for you, which we always say like if you find another hardware wallet on the street, bring it to us, bring it to our dungeon, which is our white hack hackers in France that can hack into anything in the world. And they're hackers for good, they work for the community and trying to always make sure everything is as secure as possible. They can hack into literally anything else, they can hack into a phone, they can hack into another hardware wallet like anything. And the ledgers are the only things that truly are secure in the world like that. And trusted. Display is important. And this is why clear signing is so important because basically going back to that software wallet example, you would be able to see within the trusted Display if the thing you think you're signing is actually that thing to say that your trusted display says something that you think is right, but it could actually be wrong. If you're looking at your ledger device, it will repeat what the actual transaction should be and it's more sophisticated in summary and then you can tell if it's right or not. So if it is actually wrong, you can actually reject the transaction and kind of bypass that challenge that happens in the software element. And so basically what we find today that's most effective, at least for now, is sort of the software and hardware combo and it brings together that ease of use and security. And I would say the biggest version of that is within MetaMask and ledger we're really lucky because we're a platform, we're able to have very healthy partnerships with everyone in the ecosystem and we want them to be as secure as possible. And this essentially brings you sort of that extension interface of the transaction with the kind of ability to use the ledger anywhere you are. But we recently announced actually that we're going to be doing something called Ledger Connect which will take it so that it is its own browser extension and it'll make it so that you can actually connect directly from the extension to your nano and you won't need the in between. So long term it really removes the need for the software wallet and makes it so that you have 100% security. And it also actually will have this like web three check function where if it thinks you're finding something that could be messed up, it will also bring that up in the browser extension version so it's not just within the wallet and you don't have to use ledger, live with it, and that's not just a plug, it's actually good. Essentially, it makes this one key to rule them all, and you can use it across any chains. And I'm sure everybody knows this, but like, within private keys and the recovery phrase. The recovery phrase was developed originally from the bitcoin community because key phrases are so long and confusing that otherwise it would be really hard to manage them. And this is that VIP three night, 39 standard. So if you have a friend and you want to get really technical and they're saying like, oh, community is biased, or, oh, did a wallet company actually make up your seed phrase? It's like, no. And you can actually have tons and tons of recovery phrases tied to one wallet. There's like a really cool site where you can generate and see all of the different potential ones that come out of it. So it's like a pretty intense generation. And I would say if you want to think long term about your needs, I would always have a backup device. People wear ledgers now, and I actually have one over there, I should be wearing it. And they're always like, what if someone comes up to you and says, give me your ledger? It's like, okay, well, someone could come up to you and say, give me your wallet. You hand them your wallet. You'd lose more with a physical wallet than you would with a ledger, because actually, if you hand them that ledger, just go buy a new one and use your recovery phrase and you can set it up. And in addition to that, there's actually an advanced feature with the ledger where you can set up a dummy account within your device, which we don't talk about that much because we don't want it to be widely known, but you can make it so that it seems like you have nothing in there. So put your pin code in. You could put the second pin code in and it'll make it seem like you have no crypto, and then you save the rest of it and it's fireproof and waterproof within some of the kind of like, accessories that we have. And I would say, honestly, the reason why we're harping so hard about security now on top of digital assets is that, again, going back to earlier, like, critical digital assets will become everything in your life. The same way that people have babies and they get a gmail account for email for that baby as a gift for the future, your web through wallet will be that gift for the future, and then you have control over it. Okay, so let's get into the threats and the hacks. And there's kind of two different versions. There's these viruses, malware and spyware, and then there's targeted hacking for the more viruses. This is actually code that can copy itself and has a detrimental effect, such as corrupting your system or destroying data. I would say that this is very common and this is where an account, let's say there's like a really popular Mint coming. This is one that would try to get into your system. It would be attacking a larger community. And the goal is to try and get as much as possible in a short period of time because we exist in a community of FOMO culture and we always encourage like Jomo Joy is missing out a little bit because you need to take a deep breath. You need to check if something is correct. You should phone a friend. All of the classic tools are things that you should be thinking about in these cases because we're all very active members of the community and then targeted hacking. So let's say I'm Chris or I'm Jamie or I'm someone else in this group. I have a big following, I have a lot of influence and I have a really sophisticated wallet. I'm going to target that person and I'm going to try and attack their infrastructure to get all of their crypto or their NFPs. And we see this happen to where a friend of mine from the boss beauty community, this happened to her. They hacked into her account and then they posted in the Boss buddy's discord so that they were actually able to make it so that because that person got hacked, they could then hack many others. And so these are things that might seem like, yeah, I've heard of that before, but no one actually ever gives the most shit until they get hacked. And then they're like, oh, man. Then they become the biggest advocate. And what we're trying to do is start this conversation before that happens and make it really simple to understand why 30 extra minutes is set up at the beginning and a couple of extra minutes while you're kind of using your device is so essential. The second thread, of course, is physical robbery or theft. And again, as Dry said, you can set up a dummy backup account. But also for this, if someone takes it, if you put in the wrong Pin code three times, the device factory resets and let them. Like, who cares? It does not matter. And you could, of course, get scammed, phishing scams, which I kind of mentioned. This is similar to things you might have seen before. Like, someone sends a bad email and you click on it. To be honest. Now, that could happen even if someone sends you a calendar invite. So if you get a random calendar invite on your calendar, you don't know who that person is. Don't click on it because by clicking except to it, that could actually be a phishing scam. And I know these sound like quite complicated and I don't mean to freak anyone out, but actually more common than you think. The second one, which we kind of talked about earlier, was blind signing where the smart contract isn't actually what you think it is and that's just because we're to that point of ease of use, everything is super complicated right now. And so that's why it's really important to make things as simple as possible and to use something that has clear signing. So also if new wallets come out where like for example Block is coming out with a wallet which is fingerprint Identifier or Biometrics, if it doesn't have a screen it's not secure truly. And that's why actually using Biometrics in a lot of wallets at this time isn't actually the most secure option because it's really easy to impersonate another person. Sometimes I feel like when I'm having these talks I'm giving some kind of Minority Report discussion or something and I don't mean to be that type of person but these are really common. So again, we have tools that help solve and mitigate against those risks. I would say the biggest risk that we don't talk about a lot, which is the cause of all of these things, is human error. Like we're doing everything that we can despite web two and we're doing everything we can despite natural human error and that's why it's incredibly important to actually understand the full process because otherwise you can just kind of get screwed. So again, reminders, don't give your feedback to anyone. Don't even give it to your partner would be the most intense version. Definitely have a separate wallet than someone in your family. Like God forbid you get divorced or something happens. How are you going to split that up? Also, if you have kids we recommend getting them their own wallet or like a family wallet. And something we do at Ledger a lot is like if you see me wearing a ledger around my neck at a party it probably has a small amount on it for minting or a couple of NFPs and the rest are in different wallets and that are in different phrases and that for me just makes me feel easier about it just as old school style and then just basically make sure that you're constantly checking to have all the best practices in mind. Finally, when it comes to NFPs, if you are in the Pop MFT chat and you're getting some alpha and you're like, oh my God, I have 30 seconds or I'm going to lose this incredible meant that I'm going to flip or I want to be part of this club, don't make these very simple mistakes. A, there's tons of fake collections out there and you can check if they're fake or not by some of the verification tools like having a connected account. These are like small things that you can tell makes a big difference around it. Additionally, a lot of the time there will be misleading offers or offers in different currencies that make it seem like they're higher but it's actually dollars, right? So instead of it being like 28th, it will seem like you're getting that offer, but it's actually in dollars and you'll get rubbed. And this happens to people more than you think it would. In addition to that like fake project founders or social accounts, I would say most exchanges like Open Sea or others take no accountability for the security threats that they help ensue through the lack of build within their product. And it's no one's fault in the sense that who knew the rapid adoption and some of the needs state around it. But essentially if you're on Twitter you might have one that looks like the founder or that community and underneath it, it's a totally different name and literally it happens to us. Some of the folks that ledger that are Djen obsessed are in a WhatsApp group. And I got something from Moonbirds and I thought Ian who worked with me maybe got me a hook up and I was like sick and I almost clicked on it and then it was like oh shit, I should check with them first. And they were like, yeah, that would be nice, but no. And I almost got rubbed. This is my life. So you're not alone in needing to check your brain because the brain is deceiving. Also, again, smart contract functions. So basically if it says function or instead of Mint, you should understand that this is an issue. Or if you see a same transaction but a different interface that's also like a telltale time. And these are two examples from MetaMask and Rabbi underneath. And I'm happy with the Pop group to share more examples so that you kind of have like an image gallery that you could check against to see if something is what it's supposed to be. Same with the Mint. So sometimes it might seem like you still have an opportunity because you go to that website, but if you actually check the date on Open Sea or on a different exchange, you'll be able to tell if the Mint date is correct or not. And this is complicated too, because a lot of the websites are meant to feel really, I think, like old school and lo fi and you aren't sure if it's the right one or not. So again, like verified accounts, proper link checking, ask a friend that's done it or have them share the right link in a group chat. I think Chris has always done a phenomenal job of that, of just making sure that as BBG and Pop have grown, that there's a lot of transparency and making sure everything is verified. And then the final reminder is like the blockchain is public, it's transparent. So either scan is really your validating factor. It's essentially as if you were one of those people that was obsessed with listening to traffic cop radio and you could hear coming through the call in either scan kind of is that especially it's great when someone's like, yeah, I'm. Totally in that club. And then you look and you're like, I don't think so, but really it's good to see. Okay, is the contact address, the transactions, the source code, the symbol, is this consistent with what I know it should be with the community? And how does that tie back? And so I think it was important to get kind of into that piece. Because as much as we want to talk about the future of everything that's coming. I actually found in prep for this. In going through the different chat. A lot of folks within Pop actually don't know enough about basic security to make sure that as the ecosystem develops. It's going to continue to they're going to protect themselves. And then I would say once you've kind of figured that out a bit, get ready for everything that's coming next. If you think about it, everything's around these IP infrastructures that I would argue right now are actually mirroring too much of what we expect from web to gaming or short term results. But if you think about Dows, decentralized autonomous organizations plus critical digital assets, plus identity, then you're starting to think more long term about the fact that when we exist online, we exist in a borderless world, and when we have digital assets that we own within certain communities, we will have the ability to use those across many different parts of the metaverse. And you'll note that up until in this whole conversation, I have not brought up the word metaverse. And that's because I think it's used really poorly. I do think that Facebook or Meta's description of metadata is probably the most accurate, which is people coming together and doing things virtually. But the reality is people get distracted by thinking that metaverse means your entire digital self will be online. And what it really means is that you're providing value to your time online, and you should have ownership of it. And what I think is fun about what we build is it's very much a bridge between IRL and URL. And your URL existence should have just as much value and protection as IRL, and the balance is shifted incorrectly. So I really would say in the next five years, eight years, you will have a hardware revolution where the devices that exist today will not sufficiently protect your web to value and the ones of tomorrow will. It will allow you to engage with apps like Signal or different versions of Telegram or new things that are being built by developers that are inherently built on blockchain technology. And so the games that you're playing, you'll earn different value, right? Like D Five, like, your kids will essentially be earning portfolio value from childhood, but maybe they'll be earning educational badges that let them into a school where people are participating from all over the world. Maybe they'll actually be having a version of identity where if you're in the United States, you don't need to rely on something like the credit score, which is very harmful to many people. You'll actually be able to identify, you can verify the value that you have through your hardware device. So we're really just at the precipice of what this is going to look like and there's a lot of indicators and I would say don't get caught up in just what we're seeing right now. Like use the bear market as an opportunity to actually remind yourself why you're interested in the space and what are the long term protections that you can place. Now. I will also say as someone who learned by doing. If you have a MetaMask or another wallet. Like phantom temple. Whatever. And you're getting a ledger or another hardware wallet and you want to secure your assets. It's way more complicated and frustrating to transfer your assets from your current wallet to a ledger than to start with your hardware wallet and build your collection that way because you then have to deal with making sure that you're sending everything correctly and to the right places. And then there's no shortage of, I would say, like transaction anxiety that exists and it is very nice to feel comfortable, but you still have to be smart about your choices. So I'll kind of start with that. And I think we're almost at time for questions if that's cool.
MP
Phenomenal. I really appreciate that you hit the time a little early. We're getting some questions in the chat, I think one that quickly came through as we start to queue them. And again, thank you so much for getting on the call with us. And this is probably like a layup, but also not an urgent answer. How is your Android support coming along for that particular browser extension that you shared earlier? Yeah, that's actually a great curiosity question.
AW
So for those who don't know, we initially started building the ledger Connect on Safari for iOS, which I would say actually our user base is about 50 50 Android Safari. So it wasn't a choice to not include our Android users. It was just like a means of testing, to be honest. Initially we kind of took a SWAT team on the side and said if we want to try and solve against this problem and you're pushing almost like we do basically at ledger. We do Sprints every six weeks on projects and then we actually also have hackathons. Which actually next time I'll bring it to the Pop group because we do it from outside of ledger and there could be some really interesting build ideas together. But it kind of came from one of those. So we're also working on the Android piece, but we have this sort of end to end offering now and so we want to get it right first with iOS and then build on Android so that we're not double building at the same time. And I will also say to that end we try to always make sure when we push ledger live updates that we're pushing both to iOS and Android at the same time and not pushing separately. But if you noticed over the last year we actually had to remove the Discover section from iOS desktop from mobile. Excuse me, because we essentially had an App Store within the App Store that Apple was not reaping any rewards from because we don't because of the function. So they were like what? And so we kind of made that adjustment for the short term for that as well.
MP
The App Store. So for folks that are listening in and want to raise a hand and have a question ask themselves, please do so in the app. Also, if you are listening along and are dying to ask a question but you can't talk right now, which is also common, please hit us in the chat and we will relay them to Ariel. Holly, put it in the chat, man. What do you got?
Guest
No, I can't talk. I just couldn't raise my hand because I was already unmuted. But my question would be regarding ledger. So we know ledger, like, we all have our open sea page where even with our ledger, when we integrated to Metamax, for example, do you have like, for example, those hidden NFPs that get air drop to us? What would be the risk of interacting with those NFTs with our ledger in the head and folder section?