Xavier: 0:00

You know, if you want to do security well, you actually want to remove technology as much as possible, because anything that's complicated, anything that's technical, is a weakness.

Joeri: 0:10

Hello everyone and welcome to the Web3 CMO Stories podcast. My name is Joeri Billast and I'm your podcast host, and today I'm excited to be joined by Xavier. Xavier, how are you?

Xavier: 0:23

I'm great, thank you.

Joeri: 0:25

Yeah, excited to have you on the podcast. Maybe people watched our LinkedIn Live before, xavier, you know with these other two panelists, where we are talking about Web3 wallets and the future of it. Today I have a solo conversation with you, actually a one-to-one conversation, but, guys, if you missed that or if you don't know who is Xavier, Xavier Hendricks is partly university educated in computer sciences, mostly self-taught. As a crypto veteran, he experienced several hacks firsthand, ultimately making him shift to the security side. He has been in crypto space for a long time. He was the CTO of a Belgian-American top blockchain project, Swarm City, which ultimately he left for a full-time position at NGRAVE, and now he's leading NGRAVE as a CEO, and he's a Belgian, just like me, but both of us don't live anymore in Belgium. That was an intro, xavier. Now you have been long in crypto, long before it was cool. Let's say how have those early scars shaped your personal mission with NGRAVE?

Xavier: 1:36

I think everyone starts with blockchain and most of them are not immediately interested in security. We are all bitten by something else about the blockchain space that makes us passionate. For me, initially, it was a feeling of freedom, right before you had bitcoin. Even if you wanted to work with money online, it was a very difficult situation. You couldn't easily link money and programming and you know the money and financial systems were not equal to the sandbox environment that we associate with the internet, where your creativity can do whatever it wants. Um, so that's I found the most uh of all. It's like this total freedom, the sandbox environment. You can just unleash your own creativity and imagine anything that you want to build or do regarding money, and there's, there's, there's so much interesting stuff to be done. Um, and then you start thinking beyond that and once you understand the concepts of value and how you can just work with it, like you do with programming, with code, and you start thinking about bigger concepts like society, how to reorganize society, and and uh and the role in this in the world, and, and you go back to the initial promise of the Bitcoin white paper, which is fundamentally about the individual freedom in the digital age, right? So that's my story goes from first buying and playing with Bitcoin, getting engaged with Ethereum, on helping on Swarm City, which was a project that was building a marketplace, an insensible total freedom marketplace on the blockchain Think about replacing Uber or Airbnb or whatever and you cannot be blocked. It's more free and you don't even have to be de-anonymized if you don't want to.

Xavier: 3:18

But every single time I experienced hacks all along the way. On my first Bitcoin experience, I got lost on my initial Bitcoins on the Mt Gox hack. Then I have BTC on blockchaincom. It kept happening. And then on Ethereum, I joined Swarm City the founder there but I joined quite early in their journey. They had raised 76,000 Ethereum in an ICO. They stored it on a multi-stake smart contract. Within the year, the contract suddenly was drained. It was 44,000 Ethereum remaining. All was gone and you know again at like.

Xavier: 3:55

First my initial hacks undermined my own personal journey. Then this huge hack undermined this bigger world changing project that we were on right. So you start realizing like, yeah, I mean, all those concepts are really fascinating to me and I feel extremely empowered to work on these things and it's it's it's a lot of my own purpose and my own mission and the impact that I want to have, but every single time the hacks prevent me from doing this. And before we start thinking about the ultimate potential of what crypto and block and blockchain brings to the world, maybe we should take a step back and fix first what are the foundational weaknesses, and I had the same I think the same realization happened with other members in my team at Storm Seed at the time.

Xavier: 4:32

They went to do other things. Some went to work on Ethereum 2.0. Some worked on better node infrastructure by the networks that we had in Belgium and the partners that we had. We started working on security Because, ultimately, for me, the question was why was the money stored on a smart contract, multi-sech, and not on what intuitively feels as the most secure solution?

Joeri: 5:01

which is a dedicated offline solution. Okay, so that's how I got into security here. Yeah, interesting for sharing all of that. So trust is really important that you mentioned all those, those hacks. If there is one lesson that you learned from this early journey, what would that be regarding trust?

Xavier: 5:16

well, it's regarding trust yeah, you know I have.

Xavier: 5:22

I have a, I have a. An answer it's it's. It doesn't directly relate to the experiences I just described, but if there's one lesson that I learned about trust, just looking at my experience in the space, it's quick to lose right, Especially when you deal with security, and I think of some of my competitors. They made mistakes and I just don't see them recovering in their trusts. I think about Ledger's hacking their customer's database. So trust is extremely valuable. I mean it's true for every business, but if you are in crypto and in security, there is no there's no harder requirement for trust than in this space.

Joeri: 5:59

Yeah, absolutely. And now you stepped into the role as a CEO at NGRAVE and I'm curious how you're thinking about telling the NGRAVE story in a way that resonates not specifically with those crypto people, but a bit larger than the crypto community. You mentioned trust already interest already.

Xavier: 6:24

Yeah, actually, this is essential. So we designed our product in a way that I would have used it. I, I designed the product in a way that I would have used it. So it starts, of course, with an initial technical mindset right. So it's the technology underneath, under the hoods.

Xavier: 6:35

But every step along the way I try to simplify and the whole, the whole product is simplified to the maximum extent we could, because we all were aware that even if you are a technical person, if you have to rely on it to 100%, you want to remove complexity, you want to remove all risk and you do this by removing complexity. That's like it's not because you're a developer or a technical expert that you want to maintain complexity. If it becomes critical for your own security, no, no, that's, that's the basic principle you remove complexity. So all along the way, during product development, we remove complexity, especially in the um user uh interface, in the, in the intuitive use of the device. And, now that I've become ceo, that is because the product has reached a phase of maturity that, under the hood, the technology is sufficiently mature that the focus cannot be to go beyond and explain to the end user the decisions we made and how it ultimately all leads to a very simple solution where you, as an end user, only need to understand some very basic concepts, and if you understand this, you will intuitively understand that you are secure, that you don't need anyone else's vouching for it. You don't need to trust any technology. It's the basic things that the wallet needs to do. Key creation, transaction signing and key backup are designed in such a way that they should be intuitively simple.

Xavier: 8:00

I see this as the end goal of our company, because that's how we solve self-custody for the average person. The average person is being asked to take full responsibility of storing all their savings. It's a big ask, right? So how do you do this? You don't do this by overwhelming them with technological concepts, with telling them you should trust certain experts. They won't vouch for your money. So you need to just come up with a very simple solution that's still fundamentally secure, and we started working on this from the very first, from the very first lines of code at the product until what it is now, and now it's time to for me to bring that story out so people understand that and know what they should use this yeah, I love that.

Joeri: 8:40

The story, the narrative. That's why you are the right podcast. You know it's all about stories here now, and graves core strength is that the private key never touches the internet. Yes, so yeah, how do we translate this message to users that you mentioned? You know it's not. It's. It's also a bit about you know some of the users and they hear about all these hacks and so on. It's about emotions. It's not always about technical features. So, yeah, can you talk a bit about about that?

Xavier: 9:10

there is a very few technical concepts that you need to understand. One of them is, um, how, the importance of your private key. Okay, so, unlike the traditional world where there's always someone else taking responsibility for your money, like the bank, in the blockchain space you come down to a private key, which is like a long password that is generated to make your cryptocurrency accounts. If that key in any way ever is exposed to anyone, they can take all your money and you have no recourse. So that is a very fundamental concept you need to understand. But it is a very fundamental concept you need to understand. So, obviously, the solution is to just never put this key on a network device, never on your computer, never on your phone. Keep it out of sight, on a piece of paper or whatever. That's how it initially began, right, the blockchain story. People would write this on a piece of paper. That's a fundamental concept. So you stay offline. You call this an air gap. You put some air between the key and the device, but then, yeah, you can create a key and you can store it offline. But how do you sign transactions? Because every single time you want to send money, you need to use this key to sign a transaction and then, yeah, if you have software in your computer, you need to enter the key, and that's every single time. Is that? That's like a surface of attack? For you know, there's an arm phrase going on. There is hackers that now have a real incentive to hack you. They don't just put malware on your computer to spam you with ads, no, they still. They want to find keys and they want to steal your money, so you have to. There's an arms race with ai right, so you're being very careful. That's why, then, you need to have a device that keeps your key offline but can still help you to send transactions without being itself connected to the internet.

Xavier: 10:43

So how this works is you have a device, you have a software on the computer or we have an app on the mobile phone. It will, it will. You can see how much money you have on your addresses, and the addresses are not keys, so there's there's no risk there. You can just see how much money is on your addresses and then you can prepare transactions, say like, I want to send one bitcoin to someone else. It will gather all the necessary information from the internet, because you need the transaction costs, which fluctuates in time. You need the recipient's address, which they probably sent you over message. So you put all this into this application mobile application, and then it will prepare a transaction. All that needs to be done to it now is to sign. It's to be signed.

Xavier: 11:24

So then the mobile app shows this transaction in a QR code format, and our wallet has a camera. It can scan the QR codes, and so you understand that this is again the intuitive part about it. You understand that just by scanning QR codes, you are still safe with your key, because scanning with the camera is one directional On top of it. It's a transparent operation. You can, if you want to, you can, scan the qr code to some other phone and check what's in there. Right, it's, it's, it's what you think it is.

Xavier: 11:51

So then, on the wallet we have on this dedicated offline products, the hardwood, the NGRAVE, zero the wallet will itself receive this transaction request. Decode it. So it it. So it will verify the whole message and it will show you what you're actually signing. It will show you okay, I'm signing to approve one Bitcoin send to this address and it will cost me so much in transaction fees, right. And if you then approve, it will ask for your PIN code and then it will get your private key from a very secure storage in the device. It will use it temporarily to sign the transaction and put the private key back into secure storage device, and then the hardware wallet will show a QR code on its turn containing the transaction plus the signature right, and then your mobile app or your computer can scan this QR code. It has a signature now and then it sends a signature to the blockchain and your transaction is confirmed. So you have been able to send transactions remaining fully offline.

Joeri: 12:49

Explanation and maybe also people, because some of the people listening to this they are maybe new to NGRAVE or they are maybe even new into crypto they're using like central exchanges. Explain a bit about how the seed phrases start stored if you have an N-Grave wallet.

Xavier: 13:04

Yeah, so the seed phrase is basically the same thing as the key that I just mentioned. The seed phrase is a human readable format of a long, complicated key to memorize. Imagine the key that you were storing on the device to memorize. Imagine the key that you were storing on the device. Usually it's a 64-character hexadecimal number between E and F and 0 and 9. Those things are difficult to memorize. Also, if you try to write it yourself, there is a high chance you make a mistake somewhere. Instead of F, you write B or whatever. So that there is a standard that's appeared called the mnemonic. The mnemonic is a different representation of an hexadecimal number into 12 to 24 words. Look all those words. There is like a decoding library somewhere. It's an open source tool where every word is associated to a certain hexadecimal number. So you can just use it to decode to put this 12 to 24 words into an hexadecimal number. So you can just use it to decode to put this 1234 words into an hexadecimal number and the last words few words in this, actually not even part of the the key, but they're a checksum, meaning that if you make any mistake in any of the words, few words will show that there is a mistake, because it will do. It will do like a mathematical operation on the last on, on all the words except the last one, and then the last word should be a deterministic outcome, and if it's not correct the last word, then you know you made a mistake somewhere. So it also has like a fail-safe mechanism in case, an error detection mechanism in case you make a mistake in writing it out. So the seed is just a human format for managing your hexadecimal seed. Now the NGRIF 0 supports both. So when you create a key you can either choose a hexadecimal key or a mnemonic seed key.

Xavier: 14:49

Why do we also allow the hexadecimal key? Because that's more complicated, because we want to involve the user when he creates his key. We were thinking there is also an intuitive aspect necessary when you create your key. We did like the fact that when we buy other wallets they just give you the seats I'm sure they're secure, but again they ask you to trust them. I want the user to be involved himself also in the seat creation so they have this intuitive understanding that it's their key, that it wasn't just pre-generated by the way of speaking. Now you cannot do this with a seat because, as I just explained. The seat has a checksum at the end. So if you start changing randomly words in between, the checksum won't match anymore. So then we do this with hexadecimal whatever you want until you're satisfied.

Xavier: 15:33

Also, another reason why we do hexadecimal format is because it is the only format that works with our backup. Our backup solution is two metal plates. The top plate is a unique plate to you. Everyone gets a different plate. It's the same format but it has a lot of holes and all those holes have a different hexadecimal number, like randomized. So that's where the uniqueness comes from. The order of the hexadecimal number associated to the holes is unique per customer.

Xavier: 16:02

So when you make your key you put the two bottom, you put the two plates together and the bottom plate is just a plain sheet of steel and then you make holes, you punch with a punch pan, you punch holes into the bottom plates and if you've done your operation you have one metal sheet and all you have is just a bunch of marks on it like hole marks. It doesn't tell you anything about the key. And the other plate is just a steel plate with holes and a hexadecimal number next to it. So you can essentially easily split your key in two parts. That's the idea and that's why we also support the hexadecimal format of the key. But our users are free to choose. Of course, they can also use it in any way, both work. Once you choose the hexadecimal key, if you go to your settings, you can extract it as a heath, as a mnemonic no problem, they're interchangeable, you know. And then you can import this mnemonic into another wallet, to metamask, if you want.

Joeri: 17:00

It's fully compatible yeah, I love that solution. I think it's unique and you know it's really hot. It cannot be deleted, I think, by fire or by you know we hear these stories about a dog eating paper. You know a paper or I mentioned it on on the live that someone set a tattoo. You know on his arm like but but yeah, a it face, like that it's, it's secure and I'm now wondering the the audience that you're now reaching or maybe you would like to reach. Are they more like crypto natives, of people already into the crypto world, and and what is your goal with NGRAVE to reach a bigger audience, or do you want to continue to aim for this typical, I would say, crypto audience?

Xavier: 17:41

so NGRAVE customer kind of follows the journey of the crypto space in general. Initially it's a. It's a tech gadget, right, that's where the existing products like ledger and trezor appeared. But as the space matured, you realize more and more people are coming into this place and they're not necessarily tech or geeks anymore, but they do have lots of money to store. So we appealed initially to the security enthusiasts. Ours didn't have the most features, the most coin supports, it didn't have open source All because we were focusing on some really difficult, hardcore stuff, which is deep security. And how do we do that? Well, I mean we, we were thinking that the future of hardware wallets, only the hardware wallets only have a future if you go deep security, because all the other wallets, all the gadgets, are going to be replaced by a smartphone. People will increasingly feel comfortable storing their money on a smartphone. There will always remain a threshold above which you will feel uncomfortable staying online and then you will go back to a harder world. But then you need to become a serious world, one with the best security guarantees and with the most intuitive design. Right, because you're not appealing to a tech geek anymore that just wants to have fun playing with a tool. No, it's about people that don't have technical expertise. They don't want it and they have a lot of money to secure. So what will they look at? They will look at your backings, the people you work with, your partners, your certifications and how it feels in use. So those are the two things we focus on the first part. We first worked on the external validations. So the two things we focus on the first part. We first worked on the external validations. So in Belgium we got incubation from the best partners we have in the country. We have IMEC. They're a chip design research facility. They collaborate with ASML, for example, and they design most of the chips in the world. But with them, and also with COSEC, which is the cryptographic hub of the KU Leuven, we worked on the initial PCB design and the entropy generation. Then we worked with a military contractor in France that is the only one in the world to have the highest certified firmware EAL7 certified firmware. Think about drones flying over the enemy battlefields. You don't want the enemy to extract keys, so we are the only wallet in the space with this level of certification. So that's what's for the external validation.

Xavier: 19:57

People need this. I mean, of course, right, we got that, and once this device is functionalized, we work on the intuitive. If someone that trusts starts using this, they don't need to trust anyone else anymore. They understand that just how we work. They also trust it by its user experience, and the more we are doing this, the more we are able to appeal to a wider range of customers, and I think that a new wave of crypto adoption will come from a lot of newcomers to the space People that have a lot of money, that are used to invest their money through traditional asset managers on brokerage platforms, that are used to invest their money through traditional asset managers on brokerage platforms, but now, increasingly, you won't be able to join what's happening in this new environment, which is the on-chain blockchain environment where all the traditional tools are migrating to because it's more efficient, there's less overhead and there's just more opportunity.

Xavier: 20:51

So they want to join the self-custody space eventually and we want to be there for them with a very certified trust tool that's intuitive in design. So our end user will increasingly become um, yeah, the average middle class investor. That's a sorghum goal here sounds great.

Joeri: 21:09

Um, and as you know these people, you know they read a lot of stuff in the media. You know, on social media, what is happening in the media. You know, on social media, what is happening in the crypto space. What do you believe, but is still maybe misunderstood by the media or even other wallet companies when it comes to wallets, wallet security and everything related.

Xavier: 21:31

Two things. First, that's from within the crypto space itself. People tend to focus too much on technical complexity, while you know, if you want to do crypto space itself, people tend to focus too much on technical complexity, while you know, if you want to do security well, you actually want to remove technology as much as possible, because anything that's complicated, anything that's technical, is a weakness. You know the secure solution is literally cash in your pocket. No need for a signing algorithm there. The only way to be exposed to the internet is because you need to have a blockchain with a consensus algorithm to validate that you don't do a double spend. So that's another problem. So I think within the blockchain space, there's a continuous effort needed to be done to not focus on technology for technology 6, really focus on what is a problem we're actually trying to solve. It's like how do we preserve the freedom for the middle class investor? By giving them full access to their own money, and you can only do this by giving them the tools so that they feel comfortable doing it. You know it's a psychological issue. It's like you know, yeah, you're asking something big of people and people are not used to that anymore. It's like telling them oh yeah. No, you take all your savings in cash and leave it in your living room like, yeah, but restore it. How do I feel safe? I don't feel comfortable doing that. That's the issue. Not designing the most complicated lock no, you want to have a simple lock that they understand and then explain to them how it works and make them feel comfortable and explaining them the benefits of doing that. So that's one.

Xavier: 22:49

I think another one and that's coming from the other side, that's, from the traditional world is I think it's slowly it's really improving, especially this year is the understanding of what blockchain and crypto space actually are bringing into the world. You know it has had a bad reputation for a long time and it's deserved Lots of. You know like bad things happen hacks, scams, whatever you know. But that's the price of freedom, right? If there were no hacks, scams, illegal activity and all those ridiculous things happening in the blockchain space, it would not be free. So, underneath all this absurdity, there is a real new world being built. It's a peer-to-peer transaction, peer-to-peer future with a decentralized, online native community. Yeah, I mean I think I can't expand on it, but I think it's a beautiful thing and people should not dismiss it just because they see all the ugliness on the surface. Once you dig deeper, there is a real benefit to the world to this technology, and the space needs to do a better job at making this clear to the wider audience.

Joeri: 23:53

Yeah, that's what we want With to the wider audience. Yeah, that's what we want With podcast episodes like this. Now you mentioned that the product is going, it becomes a much more mature project product. So that I'm now wondering what are you now, today, the most excited about, xavier, for when it comes to your company, your product, or maybe things happening in the space? Yeah, what is going, you know, going forward, what are the goals for your company company? So, what are you the most?

Xavier: 24:21

excited about. Yeah, there's a lot of strategic initiatives in the company. First of all, the company technically is, uh, finally at the maturity level where we can start adding more user-facing features. We can improve our coin supports and especially add services like staking, sw swapping, those things Very interesting because people they used to be hodlers, they would put their money on a wallet and they just forget about it. Now people want to have a return right. So I'm very excited to start offering this on our wallet. And then I think beyond that, maybe a bit longer term, is to work on integrations that offer even more advanced returns.

Xavier: 25:00

I think our device can really have a huge potential as becoming the final resting place of your money, and then it needs to still give you returns, either by some services we offer or integrations on platforms that have different specializations, different type of staking services, earning markets. But the ultimate end goal is here that you never need to leave the safety and the comfort of our wallets while still enjoying all the benefits and the opportunities of this new on-chain world. So I'm very excited and there's a lot of work to be done there. I'm very excited because the foundations and the groundwork is there, the device is there, the security is there. I'm very excited because the foundations and the ground torque is there, the devices are there, the security is there, customers are happy, and I mean right now, with the way it's moving. Things are accelerating. Yeah, we need to step up our game as well, and I'm very excited to do that.

Joeri: 25:49

I think there's some people that is about NGRAVE. I will have my link in the show notes and on the description of the podcast episode. But yeah, xavier, if people you know want to follow you or they want to know more about NGRAVE, where would you like me to send them?

Xavier: 26:08

Wow, we need engagement everywhere. Twitter definitely. I look at Twitter In our discards. We have active community members currently mostly doing customer support, but you know, let's add some more fun in there. So Discord Twitter for now are the best places.

Joeri: 26:22

Amazing Well Xavier, it was really a pleasure to have you on the podcast today.

Xavier: 26:30

Oh, thank you, Yuri, for the invitation. I am always happy for the opportunity to send a message out.

Joeri: 26:36

Yeah, happy to happy to have you again. The time flew Like when you were on the LinkedIn Live panel. The time really flew, guys. If you're now wondering or you're interested in a blog article or the LinkedIn Live, it will also be in the show notes. Like you know, every time there is a podcast blog article, there are show notes. Now they always ask at the end if you're not yet following the show. This is a really good moment to do this. Hit the subscribe button. If you have people around you that should learn or need to learn about crypto, about wallets, send them the link to this podcast episode. I'm sure they get a lot of value out of it. And, yeah, if you haven't given me a review yet, those five stars will help me reach an even bigger audience. And, of course, I would like to see you back next time. Take care.