The new sheriff in town features some familiar faces.
Naxo, a newly-launched cybersecurity firm, was co-founded by former FBI special agent Chris Tarbell and computer scientist Matt Edman. They both played pivotal roles in the arrest and prosecution of Ross Ulbricht, the man behind the infamous Silk Road marketplace.
Now they’re turning their attention to cybercriminals with a taste for cryptocurrencies and other digital assets.
“People are realizing that it is still a wild wild west out there, and not everything is what it appears to be,” said Tarbell in an interview with The Block.
His fellow founder Edman notes that while the good uses of cryptocurrency have increased over the past decade, beneath this layer lies a network of criminal activity that persists in darknet markets. As he played a pivotal role in the technical takedown of the Silk Road website and crypto assets, Edman has first hand knowledge of digital black markets.
“You have to have a very good understanding of the fundamentals of the technology, and that understanding has to evolve with the criminal,” Edman said.
Naxo is arriving at a time when hackers and exploits are at a record high. This year is on pace to be the biggest for hacks so far, according to blockchain analytics firm Chainalysis. And October is already the worst month on record. More than $700 million has been compromised thus far this month, Chainalysis said. It’s a stark reminder of what is at stake to an ecosystem rife with locked value resting on the laurels of freshly deployed code.
Technological leaps lead to more opportunistic cybercriminals that learn and adapt from past mistakes, according to Tarbell. He noted that, although he loves the U.S. legal system, he thinks it provides would-be criminals with a roadmap to pull off future crimes, via affidavits. Cybercriminals, in turn, study investigative documentation and make adjustments to leave fewer traces as they exploit fringe cases, where projects are maximally exposed to a number of risks.
While the good uses of cryptocurrency have increased over the past decade, according to Edman, beneath this layer lies a network of criminal activity that persists in darknet markets.
“You have to have a very good understanding of the fundamentals of the technology, and that understanding has to evolve with the criminal,” he said.
Naxo, which says it is focused on cryptocurrency and serves a number of unnamed government entities, says its approach accounts for multiple needs, ranging from raising education levels around crypto-related human risk factors, to technical network layer factors such as proper deployment and peer review of smart contracts source-code, and protections for cryptographic keys.
In the context of losses in an industry that can see as much as a billion dollars wiped out by hackers or protocol bugs, Tarbell said that developers would be “crazy” not to take a security conscious approach.
Naxo is entering a crowded field. Firms like Hacken, OpenZeppelin, CertiK, Quanstamp and ConsenSys Diligence offer similar services in the crypto-cybersecurity and auditing space.
With a window into the world of cybersecurity investigation and enforcement, Tarbell admitted he isn’t “a big regulation guy,” adding that officials are often misaligned on enforcement, and that although he lacks faith, he holds hope they will get it right this time.
Edman said he “may be a little more pro regulation,” but he agreed that it “needs to be influenced with a strong level of technical competence” and that regulators “need to understand the technologies that they’re regulating.”
Still, Edman acknowledged that the pace of growth in the industry poses ongoing challenges to lawmakers as “technologies are evolving drastically faster than the regulators can keep up.”