Mike: My guest today isHartej Sawhney,, the CEO and founder of Zokyo. Zokyo.io is an auditing firm forWeb3 companies, specifically for blockchain smart contract auditing. Auditingis an incredibly important part of launching any blockchain or smart. Contract projectand Harte has been doing it for a long time.

We talked about the origin, how hestarted the business originally in Vegas and grew it and ended up. Crashing itor closing it down only to start Zokyo later as a completely decentralizedremote company. So,, we talked about what they're doing exactly why auditingand blockchain is So, important and difficult.

We moved on to discuss what venture andWeb3 investing looks like today. What are the unique attributes of the Web3.Crypto investors compared to web two. And then we touched on some geopolitics,how decentralization US, China, India are playing a major role and the tradeoff between privacy and safety.

Hope you enjoy the conversation as muchas I did. Here is Hartej Sawhney,.

All right, Hartej, let's just pick offwhere we were going. We had such a great pre-show here, So,. We were talking alittle bit about your journey, which was all over. You were one of the mosttraveled cultured men I've met. Of the different places you've lived in, in yourbackground, what were some of the most influential parts of your worldview?

Now, obviously given your time inUkraine and the relevance of the war, I imagine that has to be a part of it.Your time in Vegas, getting in more familiar with crypto, but how do you sortof view the landscape of the world and what's influenced you?  

Hartej: I gotta be honest, thecomputer lagged the internet live in the middle question. So, I'm gonna have tohave you repeat it, please.  

Mike: Yeah, sure. Just,yeah, just wanted to ask you about your, what, what places that you've livedhave been the most influential in your perspective, your worldview?  

Hartej: Every chapter has itsown positives and negatives. You know, when I lived in Vegas, I was just in adifferent mindset. I was fortunate to be amongst a lot of people that were alittle bit more experienced older than me by 10 to 15 years, including TonyShay who was a CEO of Zappos. People like Gabriel. She I had a lot of mentorsand smart people that were around me in downtown Las Vegas, and I was able tolearn a lot from them.

And there's lessons along the way. WhenI was in key of Ukraine, I was exposed to really immersing myself in a culturethat was very different than the one at least I was raised in and the one thatin the house. And my culture is Punjabi. My roots are from India. And I wasborn and raised in Princeton, New Jersey.

And I've been living for the last fourand a half years in Kia, Ukraine. And I've immersed myself in that culture andI'm grateful that they were So, welcoming in such a beautiful city. I do missit. I hope I can go back. You know, I but you know, I learned a lot in eachchapter in Las Vegas.

The responsibilities of running aBitcoin meet up and being a part of that community were kind of falling on myshoulders for a bit. I was grateful to be friends with basically people who arevery passionate about Bitcoin and Ethereum at a very early stage, including YoSub Kwan, who essentially saved me from staying in FinTech and dealing withreally long sales cycles in the restaurant industry.

Restaurant point of sale, we were doingFinTech for restaurant point of sale payments who were trying to help bigrestaurants accept EMV, chip and pin cards while integrating to the legacy pos.And I was flying around the country trying to get huge restaurant groups tosign onto this software.

Meanwhile, all I really read about andcared about was crypto, and especially Bitcoin at that time. And like, I wouldgive lectures to my friends about freedom and how SoundCloud could be onBitcoin and you can make micro transactions. And my friends eventually justbought a bunch of Bitcoin that I couldn't afford.

It made became really rich and you know,2016 I had to do something and that's when I started hos show.  

Mike: And that the entrypoint in for you was auditing for, in particular, for auditing the blockchainsprior to them going live? Or what, what specifically was the early niche inwhere you found some product market fit?

Hartej: So, in 2016? Late YoSub Kwon in Las Vegas, who, you know, he himself is a, he's an engineer, he's agreat architect. He's able to read smart contracts and audit them himself. Andyou know, it's he calls me and we basically realize, There's criticalvulnerabilities that can be found with someone's bare naked eyes withoutwriting any tooling.

Some of these tokens are already listedon exchanges. Some of them we've already invested in wi in ourselves with ourown capital. And someone needs to be auditing these smart contracts and tellingexchanges that they should not be listing a token that's not been audited. Andwe started researching.

And at that time we found there was afew companies, two or three companies focused on auditing smart contracts. Butmost of them, well all of them at that time had a division within their companythat was auditing smart contracts. And we decided, well, you know, as youngbucks we're like, we're just gonna focus on blockchain, cybersecurity, andthat's it.

Like we're a company that just doesblockchain, cybersecurity stuff. And we started with auditing smart contracts.We expanded into penetration testing, and then we moved into Basically anythingthat a white hat hacker is capable of doing, but which, you know, it juststarted moving on into things like compliance, which we do now, we do.

I So, to pci, at least back in 20 16, 2017, it was tough to convince someone to get an audit and a penetration test.And it still kind of is, to be honest. People you know, they're more up to dateon auditing and wanting multiple audits, but penetration tests, penetrationtesting or source code auditing or checking for data leaks in your cloudsecurity.

There's not a lot of standardization ordemand in the Web3 space yet. Due to a long list of reasons. So,, that was ourentry point, just auditing a crazy number of smart contracts during the ICOboom, mostly on Ethereum in Solidity. And, you know, if fast forwards today,you know, we're operating on evm, not evm, move everywhere.

Mike: And was this familiarto you, given the background that you had? Or what was the kind of connectionthat you had to your, your co-founder who had more experience in auditingblockchains?  

Hartej: My experience wasbuilding startups. I, I built companies and I had been geeking out of crypto.I've been reading everything the earth know about it.

But from a non-technical perspective, I,you know, I know the basics of Python, but I knew very early in my career thatif I'm the one coding, I'm gonna, I'm gonna be poor . Mm-hmm. , So,, mm-hmm.So,. That's not my forte. And I'm not focused there. I'm, I'm better atbuilding a business. I'm better at hiring, I'm better at having a vision.

I'm better at raising capital, deployingit. And So, it was a good yin and yang situation. Yeah. Yo is a actual securityexpert. Yo is actually technical. I just kept, kept keeping up and asking lotsof question. And So,, you know, that my background was in finance in college. Iwent to Penn State.

I grew up in New Jersey and I was built,I was in FinTech, focused on payments and point of sale. And I just felt deepdown the crypto as some people call it a rabbit hole. And I feel like somepeople hate when you call it a rabbit hole, So,, I'm gonna call it a rabbithole. Yeah. If you don't like it.

Mike: Yeah, yeah, yeah. .That's fun. What's a general price tag for a, say a blockchain is getting spunup? What's the, what's the like prototypical structure of this project? It's,you know, I would imagine it's an LLC with a bunch of developers, maybe 3, 4,5, that have some angel funding, maybe from private investors, and they wannalike go from testnet to main, Like what's kind of like the classic example thatyou would run into, and then how much are they typically looking to spend on anaudit?

Hartej: So, smart contractaudits differ greatly from protocol audits. So, a blockchain protocol audit.Typically they'll go to an auditor. All projects, blockchain or protocols orsmart contracts should be going to multiple auditors, multiple third partyauditors that are qualified after doing multiple internal audits and writingyour own tooling and test suites.

But a smart contract audit is far moretypical than an entire blockchain or even portions of that blockchain, cuzwell, there's far more tokens being created and smart contracts being writtenthan there are layer one and two protocols, So,. What's easier to kind of ballparkin today's industry is definitely what is the cost of atypical tokengeneration?

Maybe an ERC 20 Solidity smart contract.I'd say anywhere as in the range of 10, as low as 10 k all the way up to sixfigures, a hundred, 120 k. It really varies based on complexity and timing. Alot of people's pipelines are really full. Sometimes people give us extremelycomplicated multi chain, cross chain smart contracts that you have to rack yourbrain around.

The thing about auditing that oftenpeople are not discussing is that So, VCs, for example, VCs really like to hearthings are getting automated, Right? They love everything being automated,right? It's because it's like sas, you're gonna make more money, retainerpayments. Mm-hmm. Automate, automate, automate So,.

In 2018, we tried to raise VC capitalfrom all the name brand VCs as an auditor who had crushed it and done more ICOaudits than anyone else in the industry. And they all said, Why would we investin a services business? Some of them even said, You're not even gonna have abusiness as an in a couple of years because of formal verification.

Right. And this is like the, some of thebiggest thought leaders in this space who we still have respect for. It's good.This is like this, It happens. It's okay. VC's one automation and the biggestcritical vulnerabilities today are being found manually from you need two tothree auditors to kind of rack their brains around each and every smartcontract today and find the flaws in typically is the logic.

And we're typically finding flaws in, inthe logic of the smart contract. And well, not much has changed. And well youneed manual smart people with a quality assurance background to think what isthe goal of this smart contract and how could I think like a black hat, howcould somebody exploit this smart contract because, Exploits are not alwayscritical vulnerabilities.

They're not it's not a vulnerability inthis smart contract. You had to think like the blackout and how can I exploitthis? And So,, these are the kind of the things that we're, we're all workinghard in the industry, I'm sure all the other auditing firms that we, you know,basically partner with the top tier firms because either we're the firstauditor or they're the first auditor.

And So,, we want more and more people tobe audit code. We want more firms to be out there. We want more firms that aresystematically able to handle more work while doing really high quality workout there. And yeah, Kumbaya one love just to .

Mike: Yeah. Do, do you feellike the decision that VC's passed generally almost on the, on the category ofauditing as a services business, do you think that was a miss?

Like I think a VC as typically, youknow, you raise high risk investor capital, one out of 10 wins.  

Hartej: Let's put it this way.Halburn just raised 90 million and they do exactly what we do. And this was2018 So.  

Mike: They raise 90 millionin 18. That's this This year. This year. Okay. Wow.  

Hartej: I would argue that ifthey raised 90 million this year, we do exactly the same thing. It's prettygood deal. Someone was about to get in 2018 and we had a, Yeah, yeah. Theydidn't even, they didn't even exist at that time. Yeah. Basically when westarted and we spent a whole year auditing, there were no firms out there thatdecided to launch their own token as an auditor. So,, you know, we have agroup, we have some auditors out there still that back in the ICO days decidedto launch their own token.

And those firms are still out there aswell. Some of them are visa funding as well.

Mike: I tend to think of VCfunding as being ideally for businesses that have a a high, have a lowpotential, but a possible potential of a high ratio of market cap to employee.So, effectively, that's a representation of scale, but there is kind of a,there a tendency for services businesses to have a cap to them.

There's examples of that that, you know,defy that log logic or, you know, counter that rule. But do you see that being,do you see there being a barrier to entry for auditing businesses in crypto orblockchain that then kind of consolidates the market into one or two majorplayers? Or do you think it sort of remains pretty fragmented over the years?

Hartej: I mean, are you askingis the barrier to entry high to enter the auditing business?

Mike: Is, and if it is, ifit's not high or if it is, do you see the market consolidating where theretends to be, you know, two or three really large players and they sort of ownthe market?  

Hartej: So, I think what weneed at the moment is, More we need, you need firms that are kind of that sweetspot of size where you're able to make sure that you're able to keep yourquality really, really high.

You have the skillset of running likeoperationally a clean business So,, that you're, you're keeping your leadtimes, two weeks, maybe four weeks. You're able to filter through working withthe right teams, you're able to hold each team's hand and give them a verypersonal experience. These things are tough to scale and you know, groups ofindependent security researchers often are not they don't have that skill setto operationally run.

This a 50 person operationsystematically auditing smart contracts right, And So,, it's really about theright group of people coming together with the right mindset in the rightplace, right places. You know I think places is a big key point because yougotta be auditing 24 7, in my opinion, So,.

That's why we're remote first. We havepresence in 17 countries. And I, I did that after building Hosha where ourentire office was in Las Vegas. Our whole team was in Las Vegas. And we werelike yeah. As soon as that we switched over to Zokyo. I said, I'm not gonnamake that mistake again. We're good this time.

We're gonna go remote first. We're gonnagive everybody freedom and mission one audit 24 7. You know? Yeah. You know?And in terms of consolidation, I do think there will be consolidation. I don'tknow if there's gonna be like just three. They think the industry is gonna growtenfold, So,. We're gonna just need more auditors that have unique specialty.

We're already seeing some people say,Hey, we have a team of 15. We as a company specialize on only Rust and now moveand they're no longer maybe accepting Solidity smart contracts. And you haveother folks that say, Hey, we specialize and we're bullish on E we only do eSolidity Smart contracts. And then, you know, you have a lot of other firmsthat are just trying to go for the whole lot and they raised substantialamounts and they're building big teams.

Yeah. And So,, there's gonna be, there'sdefinitely gonna be some acquisitions because of the She factor. The, thisEarth doesn't have that many really talented people with the right backgroundand the incentive to want to audit smart contracts. And I think the incentiveis a key part because really smart human beings like it's not always theeasiest thing to incentivize them to be auditing smart contracts.

There needs to be Self-interest, passionis for this industry. They, they want to be, they, you have to have the rightmindset to want to be learning all the time and to have a QA mindset and tofind excitement in that. But even then, I think most of these people areexcited by focusing on learning on other parts of this industry.

Maybe they're literally buildingsomething else in their free time. We do have that in-house and they'rebuilding tooling. That's a big part of what we're trying to do. We're trying tobuild as much tooling as we can, as fast as we can in between auditing smartcontracts, but the load is So, high that it's tough to get your hands off theactual audit to go build some tooling.

And I think that's a not an uncommonproblem. You know, the, we're all, everybody's growing. We're all growing. Evenin the bear market. We're growing.  

Mike: Yeah. Maybeespecially. What do you think of the are there any projects that stand out toyou as having misplayed the auditing process, either done it far too late ornot at all, and played a, a major pay to major price for that?

I mean, I, I think of in May, obviouslyCelsius and the, the Terra Luna projects, those are, you know, high level projects,So,, those kind of a casualty of not having enough auditing, or...

Hartej: No, there are some,there are some clear cases where somebody found a critical vulnerability in asmart contract after multiple audits were done.

I, I'd rather not bring up those names,nor would I rather bring up the auditors that . There's the cases are all out,out there, but I think on that topic of hacks, what's really interesting. twothings. One, the finger almost gets pointed to the auditor. And what's actuallyinteresting is in some of the most notable hacks, it wasn't actually avulnerability in the smart contract.

It was the company having pooroperational security, not having a chief security officer in charge. Or if theydo have one, then here she's not doing the right thing, which is mm-hmm. , youneed to have proper fishing training because people are fishing low-levelemployees and gaining access to validator node.

And this is not because of avulnerability in the smart contract. Not a, not a technical issue. Yeah. It'snot a vulnerability smart contract. This is someone got phished, someoneclicked the wrong email. And there's a very simple you can Google very simplythe task of a C I S O at a company and what they do for in-house cybersecuritypractice.

People have quarterly fishing training.They check for two factor authentication. Does everyone use corporate laptops?They make sure very limited people have access to the office wifi router. Theyare very mindful of the, the internal operations of the office. Who's allowedin the office? Who's allowed to touch the computers?

Do you know everyone in the office?Like, is the door locked? Can someone just walk in here? There's a nation statepeople trying to join your company if you're in Web3 and they are trying to getin there, you know, they are nation state actors from North Korea being sent toapply for a job at your DeFi protocol.

And if you work as employee number 145at Coinbase maybe, or maybe 1,145, and you think, you know what? I'm like a lowlevel employee. I'm just chilling. No one cares about me. I only got one btc. ,sadly, you are a target because it doesn't matter that you only have one btc.The hacker thinks that you have a thousand btc.

You work at Coinbase. Mm. You're atarget.  

Mike: You're saying, andthis is to say, not Coinbase specifically, but that companies, or I guessprojects have keys?

Hartej: Any company in cryptobasically any company in crypto, if you work in Web3, you work in crypto, youare, whether you're a co-founder or your employee, 1000 or 2000 or 100 or four,you are a target.

And I find that that is a pill thatpeople in our industry find difficult to swallow and for them to start thinkingabout their world's, their personal lives, operational security a bit differently.And that starts, it starts with your, your, your wife, your family, your lovedones, your kids. Your, your parents, and then it goes, extends to your justcore.

You start a company and like when weinvest in companies, we ask some very basic questions like, is everyone using acompany laptop? Have you guys ever heard of or used UBI keys? Do you currentlyuse UBI Keys? I will mail you a big bag of UBI keys with your company logo onit. If we invest in you use them, You know?

Mm-hmm. for what on your neck? , youknow? Mm-hmm. . Mm-hmm. and like ba, The ba The basic cybersecurity shower isneeded. Yeah. Way more in our industry and like people don't have the incentiveto even hire somebody who's in charge of security at a really early.  

Mike: And So, like, Andwhat, what do you think, speaking, speaking generally about this, I, I wouldimagine that most people are familiar with like the auto responses to Elon Musktweets about, you know, some Bitcoin giveaway.

There's simple, and at this point playedout tactics of, you know, give me 0.1 BTC to buy a ticket into this giveawaykind of thing. Maybe that comes through on an email. In what ways do you see oranticipate these either state actors or sophisticated black hats getting moresuccessful or tactical with their approaches?

Is it like, like, like, Oh yeah. Maybe,maybe So, things come to mind.

Hartej: We, we are alreadyvery tactical. The, the biggest bridges in our industry are being attacked bynation state actors and like we have groups from North Korea and differentplaces in the. That I'd rather not name that are definitely going after ourbridges.

They are very lucrative assets withhundreds of millions and if not billions of dollars flowing through them. Youknow, there's not that many bridges that you could name that have not beenhacked. You know, hop protocol, which by the way, I'm not invested in backed,audited nothing but HOP protocols one of the, one of the only bridges that hasyet to have been hacked.

Maybe it has something to do with thefact that the co-founder and CEO is one of the best auditors himself in thisspace. Mm.  

Mike: And what's just a,just to spell it out simply, a bridge is a, a piece of decentralized technologysitting on multiple servers that allows people to move between onecryptocurrency and another.

Maybe you can elaborate on what the whyBridges are at Target and how they're generally constructed.  

Hartej: Yeah, So,, I mean,basically the future of this industry is multi chain and cross chain, and wehave more and more people solving for this dilemma of being able to sendinformation at a macro scale between different chains and different protocols.

And So,, we've a lot of different peopletaking a stab at this problem. In the cross chain messaging protocol world, thebig names to kind of research into and see that have taken a really big stab atthis with very significant backing and strong teams. On one end, you have layerzero, which covers all the evms as well as now app dose as the one of theleading crossing messaging protocols.

And on the other side you've got worm.And wormholes backed by Jump and they cover the EVMS plus Solana, and I thinkthey've already, they also are covering Miston Labs as three, the newblockchain. And I think many projects will end up using both of these crosschain messaging protocols because they want redundancy.

And you know, increasingly I think acorporate Fortune 500 mindset is entering Web3 where people are not competing,but they're saying, I want redundancy. We're gonna be putting billions ofdollars through two different chains. We wanna launch on Solana and Suite.We're gonna use wormhole, or we're gonna do Aptos and Ethereum and we're gonnause layer zero in between.

That's really interesting and I thinkthat we're in a very interesting time that we're back to layer one wars and wethought they were over, but I think Layer one wars are now war. It's just newlayer ones in a, in a multi chain cross chain future because we have a maturityof cross chain messaging protocols that are out there.

And we're taking a big stab at Bridges.There's different types of bridges that are out there. Some are data bridges,some are, you know, and we don't even know how to monetize data bridges at thecurrent moment. It's almost like a public service So,. And, and, and we're, asan industry, we're kind of just figuring out how to properly do bridges.

I don't know how this will play out interms of bridges. Like will there be a winner? Takes all that. We as anindustry just choose to go with. And they figure it out. They crack the nut. Idon't know. But for now, in terms of like crossing messaging protocols it'sgood to keep an eye on layer zero Worm Hall.

Then you have Axar D Bridge. D Bridge isdefinitely an interesting one. We actually recently audited D Bridge So,. Ireally like that team. I really like what they're doing. Yeah. Cross trainmessaging protocols are definitely a worthy rabbit hole along with ZK gaming.Yeah. Sweet, sweet move.  

Mike: And they tend to be,these bridges tend to be the spot that a, a group of hackers would targetbecause of the amount  

Hartej: of liquidity locked upin it.

Mike: Ah, I see. Yeah. Yeah.And there's liquidity locked up in the bridge. Why would there be So, muchliquidity in a bridge? Would, wouldn't the purpose of a bridge to move moneybetween blockchains quickly?  

Hartej: I mean, essentiallyyou're, you're locking your burning tokens on the source chain through a smartcontract and unlocking or minting the tokens through another smart contract.

And So,, these are the bridges andeveryone's taking a different stab at how to do it right. Yeah. But like, Imean, token bridges are the ones that typically use a cross chain messaging protocol.Right So, you know, you wanna move tokens between blockchains, right? Let's usea crushing messaging protocol.

And that's why I was blabbering aboutlayer zero wormhole, axr deep bridge. Those are four that I can listen on thetop of my head that are just really innovative in what's happening there. It'svery, very exciting what's happening there. And it's a big part of thenarrative for these two new blockchains we and Aptos.

Mike: Yeah. Is yourintuition, or maybe you have a more firm opinion on this, but do you feel likewe're in the earlier stages of like I think of email protocols and just httpand https and tcp i p, these protocols are like the weathered, right? Like Ican't, it would be a shock to me if I woke up tomorrow and Gmail was hacked andsomebody got it.

Like, it seems like we're kind of at astable state. It doesn't feel that way to me. From an outsider on the protocolsand crypto, do you feel like we're approaching a stable state in a year, coupleyears or just a far, far away, or, It depends on every new protocol that comesout.  

Hartej: I think that a lot ofcritical infrastructure has yet to be built in Web3.

But we are reaching a point at which inbetween certain critical moving parts, like the ones that I just. and some ofthe more serious decentralized custody players that are leveragingcryptographic tools like multi-party computation and So,. When you combine abunch of moving parts, like massive institutions already into the industry,multiple world class cryptographers, building custody solutions, check secure,decentralized, and centralized exchanges, more or less check, right?

And in each of these little spaces,you've got at least five to 10 very substantial players in different parts ofthe world or all of the world, taking a hard stab backed by at least two to$500 million each, or they already have that themselves, meaning that none ofthese major infrastructure companies are going anywhere.

We're reaching a point where a Fortune500 company in the next one to three years ha if they connect the right dotsand they look in the right places, then they can launch a institutional gradesolution today. And like that wasn't even true. We didn't have a lot of thesemoving parts where you can put them together not that long ago.

You know? There's, for example,companies leveraging multi-party computation. You've got it started with thisguy, Yehuda Lindel, a professor from Israel who, some say he inventedmulti-party computation. I think there's some controversy there. I don't know.All I know is that when I studied it on YouTube, all the videos are fromTeknion University, Israel, and there's a lot of Israelis that seem to know alot about cryptography, , So,.

It's very impressive. And Then there'sLinde started Unbound. They got acquired by, I believe, Coinbase or Kraken atone or the other. Then you've got fire blocks, curve wallet, Credo, qr, E D o,Copper. And I believe there's like at least 10 people popping up right now andsending the, the decks following on my desk for trying to compete with one ofthem with a different approach.

But they're all leveraging multi-partycomputation to tackle custody. And custody's just a massive problem. Some aredoing it decentralized, some are doing it centralized, some leverage NPC on ablockchain, some don't. But my point is that, you know, with criticalinfrastructure like Credo married with someone as mature as FTX or Binanceright in between, there could be a bulge bracket bank thanks to the technologythat is available today.

And So, a lot is possible, like right. .You know, when you zoom out and you think about it from the perspective of aretail user in the billions using a decentralized application, that's, that'sthe next wave. And I think it's gonna come with gaming the way we had a DeFisummer. We're about to have a gaming summer.

There's gonna be finally multiple gamesthat are actually fun. And they're not just investments and So,, you know, whenyour kid walks up to you and is playing some game, or your mom, your dad, yourgrandpa is playing some game, you know, they're gonna be issued you know, adynamic NFT and on chain app and, and I think the next billion users will comevia gaming.

And you know, personally, very muchlooking forward to the SW blockchain and the way they've innovated on chainassets and dynamic NFTs and parallel transactions. So, keeping a close eye on,on that blockchain, specifically in their approach to gaming. Because on thatblockchain, a world class gaming developer could launch a game without smartcontract expertise.

And SW develops some very interestingSDKs to ease the, the friction of a gaming developer to launch a game in Web3and to leverage the, the fruits of what Web3 has to offer. And So, excited tosee that play out.  

Mike: What are, what are theattributes from a users or a gamer's perspective will drive the rocket ship of,of Web3 gaming?

Will, will it be the appeal of havingNFT based skins in the game that you could move between? And that's just So,exciting. I've heard play to earn yet I'm not very excited or I don't see themajor appeal of how that applies to the mass market.  

Hartej: Feels a little, Ithink dynamic NFTs. Dynamic NFTs will be the first part.

And there is a lot to say about. In, ingame items. We, that's been like the, the dream for a really, really long time.Everyone's been talking about, you know can I trade my in game item? I spentSo, many hours to earn. Can I go trade it for another item? Can I actually haveproof of owning it? I invested a week of my life in this game and I earned apink shield.

Let me take this pink shield and own itlike, possibly for life, or let me go trade it for X amount of e for someone'sgun that he spent a month to earn. You know, or, and now of course it's expandinginto things like my Yeezys or my Nike shoes that I'm wearing in the games, andit's going from game to game.

There's been a lot of controversy onthat subject because the, the world's biggest gaming developers, starting withpeople like Fortnite have had closed ecosystem. You know? Mm-hmm. and only onlyCall of Duty had an open ecosystem where you could earn a skin and then go onsomewhere like de market or engine and like do something with it.

So,. I, I mean, yeah. That's just the demarket and engine. We were just getting warmed up into what's about to popoff.  

Mike: Yeah. And the pop isreally representative of the liquidity and, and open, really open liquidity.It's as if you were to, I think of it in say, a context of a ticket for asporting event if I had a ticket to a NFL game.

This is, this is kind of in some wayssimilar because there's a firsthand and a secondhand market. The StubHub is aopen, publicly traded company that manages secondhand trading So, that would beyou know, effectively some kind of centralization around. This specific ticket,which you could think of as an nft, there's one ID to it that's associated withone entry.

And then there's also the like closedgarden firsthand sales, which is only issued by one So,. Yeah. It does seemlike the liquidity just creates almost new and innovative ways that peoplewould be able to trade, right? Like they're, they're now able to liquidatethings that they wouldn't have had the ability to do previously, and that's nowexciting for people.

You're creating value where valuewouldn't have been possible previously?

Hartej: Yeah. I think nfg ticketingis a clear winning idea for sure. I think, and it ticket fairies. One of theleading companies spearheading that cuz they've been going up on this ticketferry Ticketmaster, now they're the ticket ferry.

Mike: Makes total sense.Right? I mean, the whole idea, the whole reason why Ticketmaster or the, likethe NFL doesn't want secondhand trading is they don't make money when you sellyour ticket secondhand. Like they don't make money on a StubHub trade. But ifthey could then great. I'm sure the whole game would flip.

It's like, okay, we take a 10% fee or a5% fee every time you make a trade secondhand market. And that, that presentscounter, it's like headwinds against cash flow against trading it. But ifthere's enough liquidity and like, I think it, at the end of the day, thesethings just better meet the market supply and demand is how I think of it.

Hartej: Have you ever seen anNFT of a discretionary asset?  

Mike: I don't know. Whatwould be an example?  

Hartej: So,? A discretionaryasset is something like, the parking spot during a basketball game. So,, rightbefore the basketball match, you're at the stadium minutes before the gamestarts. You, you might pay a hundred dollars per a VIP parking spot.

You might pay $50 per the upper deck.Mm-hmm. , right? Ballpark. Maybe it's, it's ripoff. Maybe it's $5 and $10.Okay. Whatever. It's mm-hmm. . But the point being that when the game starts,the parking spot's worth zero. Right? Right. The game started. Yeah. So, right,And same thing goes per hotdogs. Soon as that fourth quarter ends, the food isworth.

It's gonna The garbage. Yeah. It's over.Yeah. Game over, right? Yeah. And you gotta crack that code of do I createloyalty by giving away these hot dogs before the game ends that are about to goto the garbage and algorithmically figure out who should get this discretionaryasset that's garbage bound.

But I can now say, if you spend morethan $10 free hotdog, why? Cuz I love you. Or you start sending these hotdogout to the highest paying ticket buyers. Or maybe it's everybody who, it'stheir first game, they're automatically sent a free hotdog and they're justlike, Why? Cause we love you. And like little do they know that in less than 11minutes that hot dog was about to go in the garbage.

Mm. Right. So, and So,. You So, So,,you're monetizing a discretionary asset. And yeah, I was just wondering if youever came across. I haven't yet. I'm interesting. If you ever came across n cthat was, that was framed that way.  

Mike: Yeah. Well, I think ofit when I think of your example there, and there may be more examples ofdiscretionary assets, but particularly that one makes it interesting becauseit's So, time sensitive.

So,, I think of a sporting event, whichpretty much all events are time sensitive. They're worth a tremendous amountright before if they're sold out tickets, but then they're worth nothing rightafter. And that might be things like I think of like political elections,right? Like it matters a ton right before the election.

There's all this funding, all thisactivity, and then after the results are out.

Hartej: No, I don't thinkelections are analogous in this case.  

Mike: Well, there's not,there's not a, The voting mechanism wouldn't be right, but the attention forpeople would be Right.  

Hartej: No, tell you more. Isee. Where you're mentally, I mentally I see where you're going with this, butno, I don't, I don't think this is an analogous, you know, cause like nothing'sabout to go in the garbage, but I see mentally like,  

Mike: Oh, okay, okay, okay,okay.

Like something So,, this would be like,This would be like, you're on, you're on an airplane. And they have likethey're, they're, they have a lunch items and you know, their planes about togo down. Not, not the plane's, about the land. Land and and you know, they,they're selling these things for $12 each, but then they're like, Hey, we haveall these extras.

Do we wanna mark it down? And how canthey do that intelligently, assuming they just throw these things away at theend of the flight? Yeah, that would be an

Hartej: right. Whatever'sabout to go in the garbage. Whatever's about to go in  

Mike: the garbage. Yeah.You  

Hartej: know? Yeah. So, like,you got fish, it's about to go bad if it's not eating on this flight.

Yeah. Maybe now that no one, like, let'sjust say it was economy and So,, you have to sell the fish. And you're probablylike, Okay, we got half hour left. When there's half hour left and we're stillsitting on some fish. Like, give it to these people for these reasons. Is thishow you sort of think through?

Mike: Yeah. It's interestingto think about waste. Like I think of what we're doing here is as modeling outa frame for identifying where opportunity exists. Waste that exists isopportunity. Yeah. The inverse of it. Do you think of, circling back a littlebit to Zokyo So,, I, I noticed that the tagline is you are a venture studiothat builds secures and funds, crypto, DeFi, NFT companies.

How much of your time or maybe thecompany's time is split among those? Are you actively talking to and anddebating what you're gonna invest in? Or is it more focused in-house onbuilding or some combination

Hartej: So, things thatevolved, but really at our core, it's a Web3 cybersecurity company full. Andthat's really the core focus is auditing, after auditing, after auditing isreally the bread and butter. It's the focus. We're just auditing like mad Menand mad women. Cause we have a lot of, we have actually female auditors thatare awesome. We got a bunch of Ukrainian female engineers and auditors andthey're awesome.

But when you audit, you see a lot ofdeal flow So,. We built an in-house investment team to invest small sums of ourown capital and we send a lot of deal flow to a lot of top tier VCs. And wehelp those VCs, diligence those projects with our investment team. And a lot ofour expertise is already built out in-house to be technical and securitydriven.

And we can design and review tokeneconomics. And we have a lot of, we have a strong network in the space of VCs,market makers, exchanges, who we've been working with for a long. So,, it'sbeen a kind of a synergistic fit for us to also learn about what it's like tobe an investor over the last two to three years and So,, we've had some notableinvestments and we've done a few incubation projects that you can deemincubation or maybe studio.

Everyone I think in our industry abusesthe word incubation. You know, one guy, one person says, I'm teaching you howto do pitch practice. I'll take 6% of your company, and we incubated you. Imade a couple intros and the other person's like, I'm gonna architect all yourtechnology designer, token economics, you know, maybe help you write a couplesmart contracts.

And I'm incubating you So,. I think it'sbeing abused a bit. , it's like how you got on the cap table. But yeah, we,there's a, we can only incubate a handful of companies per year. So,, once in awhile you come across a team. That you are mind blown by and you really wannahelp these passionate calendars achieve their goals.

You wanna invest and So, sometimesbefore they could even close capital, we're taking payment for the audit Intokens, we are taking them invested tokens and saying, you know, whateverportion needs to be paid in stable Coin, you can pay whenever you raise morecapital. Cuz we wanna put in more money into your company in addition to thepayment of the audit.

And we've helped you design maybe yourtoken economics and we're introducing you to other investors and helping themdiligence it. So,, it's kind of been a very natural evolution. At first it wasjust auditing, then auditing, expanded to auditing, plus penetration testingand cybersecurity. We, you know then we built a small team out for designingand reviewing token economics.

We expanded into hiring in-houseengineers, So, that we can take on a couple incubation projects and build somethings on our own. At the moment, we're using a lot of our in-house engineeringresources to build. Security tooling and formal verification for Rust and Moveand SW move So,. A lot of focus is going there.

But you know, Zokyo, at its core, it'sWeb3, cyber security. That's where we're living in breathing. There's, I, I mayhave some news soon that I'll be more public about. There's some, we have somechanges coming and we're looking to have our investment team grow and kind ofspawn out some things that we're focused on.

So,, I'll keep you posted.

Mike: Yeah, yeah. It'sinteresting cause I, I think of this like like by categorical analogy to a, atypical VC in Web two as a VC in web two is really good, especially if you'reearlier up the chain, like series C, series A. You're good at determiningwhat's possible really by pattern matching.

And it's less about the integrity ofthe. The technology and the security, this technology, because you're typicallyrelying like AWS and established infrastructure and you tend to focus more onthe business model, the people, the founders, connections, those kind ofthings. But I think of what makes a really good Web3 investor tends to be theability to, yes, understand the model and the actual market opportunity, andalso make an assessment of the technology.

How impressive is it? How hard is it,how secure is it, et cetera. So,, the attributes of what a good investor in webtwo to Web3 as it stands today. Web3's just going to be much more technical inthe, in what, what stands out. So,, you see that with the funds that are outthere now.

Hartej: Making a bunch ofmaking a bunch of introductions is just not enough.

Right, Right. And an active involvementwith your investment is really what's needed. We need more investors to a run anode, run a validator, know how to do that, have the infrastructure in house todo that. You have some funds I mean the top team, the top dcs out there aregonna have the in-house capability to have a technical expert actually look atthe code of the product that you're about to put money into and look fordecentralization, flaws and holes.

And possibly, you know, what we do is weeven look at the code of the company and this team previously built, we wannalook at the quality of the code of a product that was already shipped. Maybeyou sold it last company. We wanna look at that company. We wanna gauge like, canthis team deliver? Can this CTO build teams that you appointed a CTO?

Who is the ctl? What is their experiencebuilding teams? What is the quality of this team's code collectively? Has thisteam built anything together in the past? Right. And like yeah. Non-technicaldiligence. You know, it cannot be the only thing relied upon in a Web3diligence process, and it's very important to be a ongoing value add.

And, you know, fundraising at the seedand precede is really shrinking. In Web3 companies are raising less capital attheir pree in seed. And a lot of the larger funds are really kind of cline andfighting. Make sure they have enough allocation because they've got LPs, theyhave large AUMs and they need to get in.

And right So,, if you're gonna squeezein with a large tier one VCs and you are a tier one v. Both all parties in thecap table need to prove why they're there. Why are you there? What value areyou bringing So, that we can actually execute. And So, like Web, we're gonnareally see a strong evolution of Web3 vc.

We've seen firms like Enon and Paradigmreally build out strong teams of tech and security experts in house. It'll,it'll be exciting to see how different firms evolve. We've seen some reallycool teams pop up framework. Yeah. So,, Global qcp. There's some really greatteams out there that are reinventing the wheel and they're actively involvedwith their investments.

We're grateful to have a greatrelationship with them.  

Mike: Well, it does seemlike a possibly very successful strategy would be instead of go from VC tovalue add in terms of developing internal technical capabilities like validatornetworks and auditing, you'd go the other way around So,. I don't know, I haveno idea what your plans are, but it sounds like you're in a great position tosay, Hey, we're gonna expand our services to focus also on allocating capital.

And you go out and raise some LPsdirectly and say, Hey, like we have the, we have the deal flow, therelationships, the technical ability to screen the companies. It's like that'skinda, that's kinda all the A agrees, .  

Hartej: Yep. I may or may notbe in the process of doing that.

Mike: Yeah. Yeah. Well, it'sa good idea. So, you've, regardless of what you're doing now, you should dothat.

Cool. And I, I would imagine that, youknow, that's, it's also less of a big deal, I think, than in web two becausein, because it seems to me it's just easier to put capital in it. The, it'sless, I mean, push back on this, if you, if you feel, I'm off on this, but inweb two, there's almost a necessity to focus on just capital allocation.

Like you don't see very many funds outthere in web two that are also doing, you know, legal services or auditing orreally anything else.

Hartej: Well, that's not trueactually. Well, I would say the top, well, the top tier funds out there inSilicon Valley, even in web two that's what they, they brag about more howthey're able to really help you, like for and True Ventures cost light speed.

All of those actually are now alsoactive in Web3. But from a web two perspective, I mean, these are, these areVCs that brag. Hey, we will always have your back on hiring. We will alwayshave your back on hr. We will help you find the right talent when you need it.We will help you raise more capital when you need it.

We'll help you with PR when you need it,right. And So,? I wouldn't say that that's nothing. And yeah, I, and a lot ofthe newer Web3 VCs, I don't think that they have paid enough respect to thepillars of venture capital of Silicon Valley that already has existed. So,. Itwasn't like they quickly took their book, learned it, and said, I'm gonna belike an awesome web two VC in Web3.

There's not that many of those. Mm. Youhad a lot of like degen, Chad. That just made a lot of money between a coupleof people and then they were able to convince other people who were alsobasically Chads, but unqualified Chads giving a bunch of people money. So,,you've got a lot of like tier 2, 3, 4, 5, 6, 7 funds in our industry.

And they're like, I'm a bunch ofcapitalist, right? Mm-hmm . But how many of them have like taken the time tounderstand the art of venture capital or, you know, understand how Beau CoastLaw or Vain Capital or Sequoia or Panera or Poly Chain, I mean these paradigm,a lot of these funds, how they're take paradigm definitely stands out as one ofthe earlier funds that cracked the nut of, of what defines a big Web3 vc.

And I think Andreson is definitely onthe same path. Anden, Crypto, very impressive Sequoia as well now, butParadigm, they had an in-house, you know what's his name? They had the Samsung.You know, they had in-house world class, world renowned, full stack, you know,hacker, engineer, builder, So,, like mm-hmm.

So,. They built a squad and you look atparadigm's research and it speaks for itself. Yeah. Dragonfly mechanism. Yeah.Electric capital. You got a lot of notable great firms that are great teams.They know what they're doing.  

Mike: Yeah. Yeah. There'sreally ground up Web3 investing as opposed to web two, web two approach, whichis, it's interesting to dissect it a little bit.

I hadn't thought.  

Hartej: Well, a lot of the topWeb3 VCs now had a strong web two VC background, you know look at light speedright now. Like light speed has that background. They're active, they'veinvested into you know, the move ecosystem actively invested in some coreinfrastructure. Great examples, you know.

Mike: Yeah. Let me ask you alittle bit for a couple minutes. I can't not how do you view the. Technologyfrom a really high level, the whole Web3 world is playing a role into the, thegeopolitics of the earth that we're on. I you mentioned you were in Ukraine.You left Ukraine for obvious reasons.

There, there's a growing centralizationof power in China India as described by biology is the greatest power on earth.That's a dispo, So, kind of a worldwide network of sorts. There's obviously,Yeah, yeah, yeah. I would say an increasingly antarctic leaning Americanphilosophy of, of citizenship. Do you see the decentralized west versus thecentralized China as being the, the tension of our coming decades, or is thereanother perspective on it?

Hartej: You have in, in globalgeopolitics, we are at a, there's a war, a global war on privacy. A global waron morality, ethics. And we have a lot of questions to be asking ourselves on.Well, you know, what, what do we believe is moral? Do we believe that a humanbeing should have a right to privacy? Do we believe that a human being shouldhave a right to private monetary transactions to private communication withtheir loved ones?

These are big questions that need to beasked and thought about. And in Web3, we've been thinking about this for a verylong time. Essentially, since the birth of Bitcoin, a lot of people havethought about these things. And all of a sudden, in the current geopoliticalatmosphere, it's becoming a reality that our privacy is being threatened andripped away from us in So,, many countries, our fundamental human rights of sovereigntyand freedom, life, liberty, and happiness are being ripped away from us in along list of countries through the excuse.

Whether it's safety, safety has been avery big means, and to which our fundamental human rights are being ripped awayfrom us globally. And we, Web3 is a network state. The way biology frames it,he, he framed us very elegantly. And it, it is time that we start fundamentallygiving birth to viable network states as a solution to the fact that we areincreasingly not feeling a part of maybe the state that we live in and thepassport that we were born with.

And it's becoming more and morecomplicated in this digital nomad remote first world for us to collectively asa human species think about what we really value and that we stand up and fightfor those things. Because literally in front of our eyes, we are seeing. onecountry stand for freedom and stand for any human being waking up in themorning and pursuing his or her personal passion.

And we have other countries moving intocomplete opposite direction. And So,, when it comes to geopolitics, I alwaystell people to zoom out and say, which you're picking two countries. If youreally want me to pick, let's pick the one that is respecting human freedom.Which country can I launch the next layer of 100 layer two protocol.

Where can I build an app? Where can Ipractice any religion I want? Or can I be free? Or can I marry whoever I want?Where can I be of any sexuality I want? And I think when you think like thatand you zoom out and you start ignoring what the media is, maybe brainwashingyou with some small details here and zoomed in details there, it's important tojust zoom out and you really think about what matters in the world.

Yeah, and I also think it's a. It's aunique time to create change with all the tools that we have. The internetalready exists and So, the speed of Web3's growth has been between 200 and 240%year over year since the birth of Bitcoin. And that is because the internetalready exists. So,, we have a unique industry that continues to grow at arapid rate year over year, regardless of prices fluctuating up or down.

We are looking for network effects onlayer one blockchains, and you can throw a dart blindly, any of the top layerone protocols that are increasingly getting network effects. Network effectsmeans that you have engineers writing code on those protocols and on thoseblockchains, and you could throw a dart and invest in any of those layer oneprotocols.

Don't touch them for a decade and you'llbe just fine. Hmm.  

Mike: Yeah. Yeah. Reallylook at the, the high level trend.

Hartej: Right. Yeah. Like whata unique time. And at the same time, those very serious questions I asked like,do humans have a right to send a message to your mom and no one read it? Do youhave a right to send money to your loved one, your mother, your father, and noone track It is what is allowed.

Right? A lot of people will say, Notyour keys, not your crypto. And we wanna be our own bank and we want the abilityto start a new life in a new country and control our own assets. And somepeople don't have the technological capabilities of swallowing that pill andthe know-how. So,. Yeah, I think these, I'll, I'll stop ranting.

Mike: Yeah. Well, I, I, justa quick reflection. I, on some level of Right, I, I have a issue with, with theword, right. Because it's, it's cloaked in this idea that it's somehow divinelysovereign. What in reality, it's, it's the, it's like what, what, what do youhave the ability, It's really an ability to do So, if you build a technologicalinfrastructure where there is no ability for a centralized government to readyour messages or track you down or et cetera, then, or decide what you put inyour body.

Right, Right. There you go. I mean, onSo,, on some level, biology made a really good point actually, that thegovernment in particular, like any state government, could enforce their willon any individual person, but it's not economically possible to do it toeverybody. So,. They could come to your house, they could find your identity,you know, take your hardware wallet, but that's very expensive.

And So,, they can't. Distribute thatphilosophy or enforce that across the board. And that's where it just presentslike a counter wind against whatever the state run policy is. And in, in thecase of like China, you just ha their mo has been like widely distributed meansof surveillance So,, they can just quickly stomp it out.

Cuz otherwise, like in the West.

Hartej: It's not that, it'snot that different in the West, if you really look at it, it's, well, theUnited States surveillance wise is not that different from China. If you reallydig into it, it's just China gets, you know, China gets blamed for it and wepoint fingers at them. But I mean, is the US government really not spying onits citizens? They are.  

Mike: Well, I think that I,I agree. I totally agree. But they do it covertly where China is overtly So,.The, the, I think I view it as like a So,. What's the difference? Who fuckingdoes? Well, I, I, well, I, I think it is a difference because it's, it pushesit pragmatic. Pragmatically speaking about the current infrastructure, it maybe identical.

So,, technically speaking, it may beidentical. However, I do think it, it's like a signal for the future. If youcan outwardly criticize a government, that means the citizenry has an, agreater likelihood of disrupting the governance than if you could inChina.  

Hartej: Right. And by no meanssaying that yeah. And by no means saying that you could say that there's a, thesame amount of lack of freedoms in the United States versus China definitelyhave freedoms in America that you do not have in China.

But I was definitely pointing out that,I mean, the surveillance state goes globally. Everybody is surveilling indifferent ways. Granted, in America, you don't have. CCTV cameras on everystreet doing facial recognition, but that's also a yet how long until New YorkCity So,,  

Mike: I, I got a, I got ared light camera, I got $190 ticket for going 40 and a 35 like So,. I just,it's like, to me that's a blatant, I mean, how is that constitutional to have,I mean, but that's what it is. Like you say, and then it's just an extension ofthat policy.  

Hartej: Well, well I couldtell you how that is constitutional, by the way, cuz the go, the government,the government wants to keep its citizens safe and it's their job to keep theircitizens safe.

So,, if it's proven that a traffic, youknow, camera can keep you safe, then there is still some constitutionalargument in this specific case.

Mike: But, you know, Icouldn't you case, couldn't you extend that everywhere? I mean, if safety is.Is the, the  

Hartej: safety's, the netsafety is the thing that always gets abused, you know?

Yeah. In Singapore, when you walk outtamy family's house and you turn left out of their door and you click open on theelevator from their apartment, there's a camera and it says, CCTV camera iswatching you. You know, and like, that's within five feet of their home thatthey live in and sleep in.  

Mike: Yeah. So,, that's thetrade off, right? Safety versus privacy.

Hartej: They have safetyversus privacy and Yeah. We all gotta, I, I feel we, I feel like you caught mein the sense that I'm personally okay giving up my privacy in the case of a redlight camera. If the, they did it in that case, I feel okay. Whereas like whenyou take my picture at the airport for my facial recognition and you're likecollecting my biometrics, I feel violated and, you know, well, to betransparent, I'm figuring this out on my own is Yeah.

Same ear. I can't tell you figured itall out. Yeah. Trying to figure out what's right and where I'm gonna live andstuff like that.  

Mike: Yeah. Well, I feelyou, man. It must have been a terribly disruptive to be pulled outta your home,especially, and I, these conversations,

Hartej: So, we left four daysbefore, and we left four days before rockets fell basically in my bag, yardafter the ru after Russia invaded Ukraine.

Geez. I, I, I basically left because Iwanted to get to Ethereum, Denver, and I didn't want to leave to Ethereum,Denver without my family not being in Ukraine because we were scared that theairport will, will close. We were not scared. I wasn't planning all thisthinking that rockets are gonna actually fall in.

We thought that the east would pick up,let's pack up, let's just move to go to Barcelona, rent a hotel, and then I'llgo from there to to Denver to the Ethereum conference. And even at theconference, people were asking me like, Is anything gonna happen? Is everythingokay? I'm up. Everything's been fine.

And it wasn't four day days, you know,three days into the conference in Denver, I got a call that like, it scarystuff's happening. It started, you know, Russia has invaded Ukraine.  

Mike: Isn't it amazing howwhen these things happen, they just shift the tectonic plates of reality andthen that's the new baseline.

It just, Okay, then that's normal fromthere on out. And it just, to me, this past few years have showed mepersonally, you know, you can read history books, but until you live it, youcan't feel it. That things can change a lot quicker than people, than the bassRaiders say. And I. Yeah. That's the reality of it.

Hartej: Well, I hope this isnot a new normal, and I hope that Ukraine will prevail and get its land backbecause it's, it's, I'm not willing to accept nearly 15 or 20% of the countrybeing as handed to Russia. I think Ukraine has a right to fight back and to askfor people's help, and we should do whatever we can to support them in everyway which possible we should arm Ukraine to defeat Russia.

And you know, as I said before, onecountry stands for freedom and one country doesn't. Yeah. So,. I think it'svery, very simple.  

Mike: Yeah. Yeah. Well, gladto hear you guys made out of there, and congrats on all the success you've hadthus far. I'm, I'm rooting for you. It's been awesome to, great to know youmore Hartej.

Hartej: Thank you, Mike. It'sbeen a pleasure. I'll speak to you very soon.

Mike: All right. Take iteasy, man.  

Hartej: Stay in touch.

‍