Trust nothing... except me? • CEO Letter #59

Top o' the morning to ya! Bottom of the morning too, while we're at it. "Who is this generous fellow handing out mornings willy-nilly?" It's me! Taylor! I'm the CEO of Hedgehog, where you can track and trade your whole crypto portfolio in one place. Sync your exchange accounts and wallets via API, then you're good 2 go. Easy-peasy lemon-squeezy.

Weekly giveaway: It exists, this is your reminder! Read to the end of the newsletter for the chance to win a Ledger Nano S hardware wallet. Entering is simple — simply email your reply to my question of the week.


Let's talk about trust, which is a Big Deal in the crypto space. There's a scam around every corner so we're all mega paranoid. Not long ago I referenced "trusted third parties are security holes," an iconic phrase coined by crypto luminary Nick Szabo in 2001. The basic point is that relying on someone else to protect your assets gives them the opportunity to screw it up, whether intentionally or accidentally.

The old idiom is "trust but verify," but in crypto it's more like, "don't trust until after you verify, and then verify the verification."

For example, if you get a phone call from someone claiming to be your bank, you should hang up and call back using the number from the bank's website or the back of your debit card. Anyone can simply say they are from a bank, and they might sound pretty convincing if you're not already on alert. Caller ID is spoofable.

So, how do you get that independent confirmation in the crypto world? On the Hedgeblog, Lipsa explained how to vet a crypto project through web research. However, unless you audit the code yourself, eventually you're gonna be trusting someone — in fact, a cluster of associated someones. So like, how is that supposed to work?

Honestly, the answer is that you have to pick good people to trust. Duh, I know. But if there were a reliably foolproof method, everybody would already be using it! I do worry that many of us skip the derisking process that Lipsa outlined, crossing our fingers and outsourcing these choices to the wisdom of the crowd with a dash of pure vibes.

That approach is perfectly valid if you're willing to stomach the risk. Short-term traction does not guarantee long-term ROI! Short-term traction doesn't guarantee short-term ROI either, now that I think about it…

Choosing the right people to rely on is genuinely difficult, especially when money is involved. Folks in crypto for the long haul have learned to trust no one further than they could throw them. Even established brands like Coinbase are subject to constant suspicion (I'm not protesting this dynamic, just observing it). The general attitude amongst crypto users, while wholly justified due to the Wild West nature of the industry, presents a dilemma for companies like mine that offer related services.

I came across a comment on Hacker News by Kristian Kielhofner, the founder and CEO of Tovera, a startup that detects NFT fraud. The demo project is appropriately named Fight NFT Fraud (FNFTF). Now that you know who this guy is, here's what he wrote:

One of the biggest issues in the space (for Tovera and FNFTF) is that the crypto ecosystem is so sleazy no one in our targeted user/customer base (slightly sophisticated users and beyond) trusts anything or anyone — and rightfully so.

In reaching out on Twitter, etc getting anyone to engage with something like FNFTF to even upload a PNG/JPG is near impossible. Install a browser extension?!?! Yeah right. Our most common response is "Nice try, scammer".

This is why we have "Show me a Random Ape" and "What have other people searched" buttons. It's practically all anyone who visits the site uses because of the issues I mentioned. So that's why we try to lead with something above the fold.

It's a chicken/egg reputational issue for us. Granted all of this is the creator and collector space — the real customer is an NFT platform, marketplace, etc that would integrate us in the backend somewhere so a user that already trusts wherever they are would inherently trust us.

Hedgehog's situation is somewhat different because we are the platform, but we still deal with the responses Kielhofner described. Naturally Hedgehog follows finance best practices and has invested heavily in secure architecture for Hedgehog's tech, plus any related infrastructure that we use. Hedgehog is accountable to the SEC as a registered investment advisory service. They have my home address and everything!

Is it enough? Well, that's up to you, right? Realistically you gotta trust some third parties in order to function as a human without spending 100% of your free time freaking out about private keys.

In crypto, building and maintaining trust should be every company's highest priority. Aside from technical assurances, Hedgehog's credibility comes from the team's background (notably, our Hedgies come from Acorns, SAP, Credit Suisse, Oracle, and Zcash, to name a more than a few), and from investments by "name brand" VCs like Dragonfly Capital, YCombinator, Khosla Ventures, etc. These bona fides make it a lot easier to convince users that we're trustworthy — but how do you know I'm not just saying that? Ultimately longevity, track record, character, and DYOR all play major roles.

Tldr: You can absolutely trust that when I started writing this newsletter, I did not anticipate having so much to say about trust.


Quick Hits

Latest from the Hedgeblog:

"An Arabic ENS Domain Sold for 100 ETH. Here's Why."
Tldr: Currently 100 ETH = $185,760+ so yeah that's a lot of money.

"How to research a cryptocurrency: Your DYOR Checklist"
Tldr: Step 1: Check the DYOR checklist.

"SuperRare — A OG's thoughts on how the NFT marketplace has grown"
Tldr: More like SuperCommon at this point, amiright?


Speaking of trust… DetectHoneypot, via Reddit: "I wanted to share the app we have been working on for the last 1 year. It's a honeypot checker for BSC, ETH, AVAX, FTM, POLYGON, SOLANA, CARDANO, CRONOS, KCC, HARMONY, MILKOMEDA, METIS, DOGE CHAIN, HECO Networks."

Tldr: "It's cool that stuff like this exists, but who verifies it is not also some long term type of scam?" /u/gnarley_quinn pointed out. Priceless response from /u/Ghant_: "Just plug the website into the honeypot checker." GOTTEM.


"Why Coinbase's balance sheet has massively inflated"

Apparently due to an incoming law that requires Coinbase (and other entities like it) to be able to make customers whole in the event of a disaster. Blog author Frances Coppola wrote:

The SEC, it seems, is not satisfied that keeping customer assets off the platform's own balance sheet and those of its agents necessarily means the assets are either bankruptcy remote or protected from fraud, theft, technological failure or other losses beyond the customer's control.

So, in the interests of protecting customers from these risks, it has simply decided to make the platforms and their agents liable for everything. The new accounting guidance says that the companies must carry on their own balance sheets a "safeguarding liability" equal to total customer crypto assets at fair value.

So if anything happens to those crypto assets, the company, not the customer, will bear the losses.

I'm no lawyer nor regulatory expert, but if this interpretation is correct… wild?! Coppola's background: "Associate of the Royal College of Music and a professional singer and teacher. I'm also an alumnus of Cass Business School, where I did an MBA with a specialism in finance and risk management." Apparently she worked at banks for a while. Take that for what you will.

Tldr: Music teacher has possibly unreliable take on new SEC regulations.


Giveaway question of the week: What's the most annoying trick that you've ever fallen for? Halloween counts. So does Watergate. I will also accept pranks that were played on you. Reply to this email with your answer for the chance to win a Ledger Nano S hardware wallet.

You can always trust me, cause I'm on the internet,
— Taylor


To get future newsletters delivered straight to your inbox every week, sign up here! Or peruse past newsletters in the complete archive.