Everything You Wanted To Know About Decentralized Identity And Crypto Wallets; Dynamic on the Chainalysis Podcast

Co-founder & CEO Itai Turbahn joins Ian Andrews, CMO of Chainalysis, for a look at what a multi-chain, authentication-based wallet looks like in web3 and how we can go from “wallet wars” to interoperability. You can read more here, and listen below.

‍

Listen to the podcast:

‍

Read the transcript:

‍Ian Andrews: Hello and welcome to Public Key, the new podcast from Chainanalysis. This is your host, Ian Andrews. One of the Web3 topics I'm most interested in is digital identity. I believe that after money, the killer use case for public blockchains is changing how authentication and authorization work on the internet. In this episode, I'm joined by Itai Turbahn, the co-founder and CEO of Dynamic Labs. Dynamic is building a platform for developers to bring Web3 off to any application. In our conversation, Itai explains how he went from Chief product officer at a coffee company, Cometeer, to founding a crypto startup. We compare the current crypto wallet competition to the browser wars of the '90s and debate the balance of privacy and information sharing and what the future interactions for personal information will look like in Web3. After the episode, if you want to learn more about digital identity and wallet tech, you can find past Public Key episodes with Caroline Hill from Circle and Omer Sadika of dWallet Labs in the show notes. Today, I'm joined by Itai Turbahn, co-founder and CEO of Dynamic. Itai, welcome to the podcast.

Itai Turbahn: Thanks for having me. I'm excited.

Ian Andrews: Oh, this is going to be a fun conversation because we're combining a whole bunch of things that I'm interested in crypto. One is wallets, another is identity. We've got all the topics today. But before we get to that, I was reviewing your background, preparing for the podcast and I'm always fascinated about how people get into crypto because I think these are the best stories. You're a product guy from early on, started out as a product manager, I think in the Israeli Defense Forces, went to MIT, and then from there, you've worked in a number of different companies. Tell us a bit about that and how you ended up founding Dynamic.

Itai Turbahn: Absolutely. My background, to your point, is a little bit all over the place. It is coherent in my head, but I'm not sure if that reflects anywhere. In terms of background, so I grew up in Israel, so I originally, I'm from Haifa, Israel, born and raised. I had a web development company growing up, and this was early 2000s. I was trying to figure out how I helped small businesses in Israel get online for the first time, so I built websites for folks.And then after that, just like most other Israelis, I joined the Israeli Defense Forces, Army Intelligence, worked. Honestly, one of the funniest parts of my career so far, I'm not sure if you can define it as a career, but I got to work on some really, really exciting things, which I won't dive into. But that was my exposure to the fun of working on anything software. And after that, within eight days of finishing my Army service, moved to Boston, did my undergrad at MIT. That's where, by the way, I met my co-founder Yoni. We're both Israeli. There were two Israeli undergrads at MIT every year, so we had to be friends.

Ian Andrews: Perfect.

Itai Turbahn: Exactly. Wasn't really a choice. And then, I continued on the software track for a while, worked at IBM research for a while, did my undergrad in computer science, then completely switched to strategy consulting at BCG. So I spent two years in refineries and paper mills and chemical plants, so I guess not very software-y. Moved back to business school at Harvard, where I started a startup. But to your actual question about crypto, before I continue on the background, between undergrad and my master's, Yoni and I dove into crypto, so this was 2012/2013/2014, and we got really excited. I think that's when we bought our first Bitcoins, and we've been passionate about this since. If you go back and had you stood next to us for the last 10 years as we just talked, you would hear probably, I would argue 50% of our conversations would be crypto-related.

Ian Andrews: You're what I call an OG. You've been in this since the beginning is what it sounds like.

Itai Turbahn: I don't know if I can claim that title, mostly because I feel like the fact that I didn't take the pledge. I look at folks who did in awe. Those are very much the real OGs. I'm, let's call this a sideline OG.

Ian Andrews: Perfect.

Itai Turbahn: If I'm defining that as a trademarked term going forward. But we love everything and anything crypto, and we've been passionate for a while. But to your point, we haven't made the actual full-time jump until recently after business school. I had a startup in online travel, then worked in HR tech Zenefits, then on identity and drew on the software side. Then in coffee at a company called Cometeer, as the chief product officer. By the way, shameless plug on the podcast, check out cometeer.com. It's a great coffee company. Last year, we actually jumped into Dynamic and jumped into crypto full-time. It felt to us very, very similar to the early 2000s like Ajax, where you play around with it and it blows your mind in terms of the things it can do. And for us, it felt like, "Okay, this is really the only thing to work on," so that's the extremely long version of background plus the origin story of how we got excited about crypto.

Ian Andrews: You were definitely the first person we've had on the podcast who's gone from coffee to crypto, so I love that trajectory. We're going to have to search for more people who've made that move. As you started thinking with your co-founder, Yoni, about building Dynamic, what was the market opportunity or maybe the problem that you were seeing that you felt like had to be addressed and led you to found a company? Because obviously that's a pretty big leap off a cliff there.

Itai Turbahn: First on the founding of a company, Yoni and I have been trying to figure out ideas for a company for... I would say since we met. Actually, I think at one point, I want to say in 2012, we applied to Y Combinator together, trying to build something with a terrible idea, which clearly was not up to part of what YC was expecting, so we didn't get in. I would say the amount of side projects or ideas for side projects that we went through has been tremendous. Anything from thinking about email innovation to thinking about travel. Became very clear to us that really two things happen that enable wallet-based authentication or enable everything and Web3 identity. The first of which is when you go... And this is how we thought about Dynamic.

When you go into an open sea or a Magic Eden and you connect your wallet and all your information shows up and you don't have to create an account and you don't have to create a password and it just works, is this magical moment. It's this one-way door, you can't unsee it. And so, that was this really, really fundamentally cool thing for us, which was, "Hey, over time this is how you're going to interact with websites." You're not going to create an account, you're not going to need to remember password, you're just going to connect with your wallet and we can debate what wallets will look like in five years, but that interaction is here to stay and everyone who sees that interaction realizes the power of it. That was the first part.

And second part is we looked at the wallet space and we thought about it very similar to the wallet, essentially wallet wars. It felt like the '90s browser wars on steroids, because instead of five browsers competing for ownership, you get 50 or 100, 200 wallets trying to compete for ownership. And then, there's competition at the chain level and across identity standards and so on. And so, it felt that plus the growth of wallet-based authentication is not a sustainable thing for developers to handle on their own. And so, that's where Dynamic comes in into play, which is how do we, "reduce the noise” of speed of innovation in the industry and abstract that away for developers?" Very much similar to Auth0 model that has worked phenomenally well and we're giant fans of Auth0. As a company, that was really how we were thinking about this when we started.

Ian Andrews: I love that because these are observations I've been having. I started tweeting toward the end of last year that 2022 would be the year of the wallet wars and I saw you actually using that in some of your blogs on the Dynamic site. Because it seemed to me it was such an open wound of problem domain. The UX wasn't amazing, but it would also be ultimately a very important control point in the ecosystem. If you had an incredibly popular wallet that would drive huge flow of funds and opportunity to monetize around transaction fees, as we've seen MetaMask do successfully, and then this blossoming of all the major exchanges creating their own wallets, and then there's chain by chain specialty wallets. There's some wallets that focus on NFTs rather than cryptocurrency.

I think ultimately we'll see that trend come into a consolidation. But in the meantime, it creates this massive amount of complexity for everybody who's trying to build a dApp. Which wallets do I support? And today it's like, "Well, de facto, MetaMask, and then we'll use the open WalletConnect standard, but that means maybe some degraded experience or functionality or additional testing complexity that we've got to sustain for all our non-MetaMask users." And that whole cycle, it feels very messy to me. It's like the days when web developers had to support four fairly major popular browsers times five or six different versions of each, so you had this matrix of 20 browsers you were supporting, different web standards supported throughout really hard problem to maintain for a small dev team.

Itai Turbahn: I think that's an important observation. The browser analogy here is really, really critical observation. There's one difference that I think it is important. But to your point, it's about future proving. It's the fact that even if you support wallets today, the market is moving so quickly that you actually don't know who you need to support tomorrow. And again, it doesn't end just at wallet support, it's around the thing after authentication, it's around NFT gating, it's around all these really interesting identity solutions that are coming up, whether obviously things like ENS or Unstoppable Domains or other really interesting solutions.

But the idea is that you have to... It's not about today, it's about that ongoing maintenance. One thing on the browser part, one highlight is my hypothesis is actually consolidation doesn't necessarily need to happen. Wallets are very much windows to Web3, very similar to browsers, but there is an argument to be made that you might have a gaming wallet and you might have a social wallet and you might have a DeFi wallet and they might be very different. And they're very interesting problems to solve within the wallet space and how it plays out within the next five, 10 years is going to be this fascinating thing. I'm excited to see it. It's one of those things I've realized my ability to predict the future is very poor, that I know would be wrong, but it's going to be this exciting... The fun of chaos, essentially.

Ian Andrews: You and me both on that ability to predict the future. I definitely agree there. And that's such a different perspective than I would have on a wallet per purpose almost, or a wallet per identity. Because at the end of the day, a wallet is really managing one or more private keys and potentially tokens and NFT, so I would've bet they would all go to the same place. Maybe unpack why you think that users end up having multiple of those over time.

Itai Turbahn: Discount what I say a little bit because I'm usually wrong, never in doubt. One of the things that are fascinating about the wallet space and so many talented people competing in this space is that when you compete on shared rails, when everyone at de facto, to your point, builds a thing that generates a public key out of a private key and so on, you start innovating on other things and you can start innovating vertically and start building experiences that are very different than other wallets.

First, there is an argument to be made that the way wallets get to a billion customers is not necessarily as an additional app on your phone, but rather as the app on your phone today turns into a wallet. And a good example of that is Coinbase's MPC approach of taking their entire customer base and saying, "Okay, let's now generate an MPC wallet for them. They don't have to worry about private keys, it'll be semi custodial." But then, de facto, they have turned 70 million or however many folks they have, into wallets and added 70 million people to, or 60 or 50 million people into an ecosystem.

The likelihood that you go into your Coinbase MPC wallet and use it to interact with Instagram, in my opinion, is slightly low. You might have a completely different use case of an Instagram-related wallet or even Instagram building a built-in wallet within the app, or Twitter wallet within the Twitter app with that use case. And I'm basing this, by the way, not my idea, there are much smarter folks that I've talked to that provided the clear inspiration for this. There is an argument that there isn't a winner-take-all within the wallet space and there isn't even a wallet as a separate app or other wallet-as-technology that's embedded across multiple types of applications with their own specific use cases.

Ian Andrews: Okay, I'm buying that. I can see wallets become de facto feature within lots of different types of applications. Makes a lot of sense to me. And then, of course you get to Meta wallets that manage all the wallets of wallets. But maybe shifting gears a little bit, so I think the landscape that led you to create Dynamic makes a ton of sense. The problem domain is one that definitely is in need of a solution. Talk to us a bit about where is the company now? Is the product available in market? Can I go sign up and start using Dynamic if I'm a developer? And maybe even a bit of the solution pitch, what are the problems you're solving?

Itai Turbahn: The way again to think about Dynamic is really Auth0 for wallet-based authentication. If you're a developer who needs to think about authentication, and then potentially orchestration of everything post authentication, so NFT gating, access lists, collection of contact information through these really interesting Web3 communication protocols and so on. That's when you would come to Dynamic. Where the company stands today is we started late last year. We announced our funding towards the end of June, if I recall correctly. And one thing I found that in startup land, time is an illusion, and my ability to remember when we actually announced has gone to zero. But we announced towards the end of June our closed beta. And today we're in closed beta, slowly onboarding folks that come in.

You can apply at dynamic.xyz and we reach out to you and have a conversation. And the reason we're going a little bit slow, at the end of day, we're an authentication company and all authentication companies are fundamentally security companies. And so, as we offer our services on the list of things we cannot afford to do anything short of a phenomenal job on is everything security, stability, uptime, and so on. And so, we're spending our time making sure that we do that correctly before we go out of closed beta towards a bigger expansion. But for now, we're in closed beta. Anyone who's interested can go to dynamic.xyz and just apply. And you're likely a good fit if you are actively thinking about multi-chain authentication, you're thinking about gating. We have some customers who use us for gating, and then a redirect to Shopify for gated commerce. Those types of use cases are super interesting to us and we're working with beta customers on.

Ian Andrews: That's amazing. I love this. Assuming I can get myself to the front of the line, if I'm building a dApp and I care about multi-chain, need to support multiple wallets across those chains, Dynamic takes all that complexity out of it for me. Meaning I just implement some of your JavaScript libraries into my app that I'm building and I then get a control panel that allows me to administer all of my user authentication flows.

Itai Turbahn: Correct.

Ian Andrews: Is that a fair way to summarize or am I making that too easy?

Itai Turbahn: Let's say it this way, which is that's the immediate value proposition we provide, to your point. The idea is how do you do that within five minutes, and we provide that. And ideally you can set up at Dynamic within five minutes, but the magic of Dynamic is actually what happens after you set it up, which is we think about the world in how do you then start toggling things on that are identity-related? How do you turn on, again, an access list as an example? Or one day, how do you turn on a spruce ID for storage? Or Disco for Lens or CyberConnect for social information?

How do you automatically pull that without having to implement a second and a third and a fourth thing? So don't think about Dynamic just as multi-chain wallet support, but think about it as everything that has to do with Web3 identity, ideally you set up Dynamic once, and then as new things launch, you just have support for them. As you start wanting to retrieve Lens protocol information, you should just be able to turn that on and pull that information into your Dynamic profile. There are more opportunities to work within DIDs and verifiable credentials and privacy-preserving ways to store information. You shouldn't, as a developer, need to think about the complexity of that. You should just be able to turn that on within Dynamic and enjoy the benefit of that.

Ian Andrews: It's such an amazing simplification of an area that's really high complexity today. One example, and a little bit of a plug for Chainanalysis is we saw this big gap when sanctions suddenly became front and center to the crypto world with Russia's invasion of Ukraine earlier this year. And obviously, the world responded to that with significant financial limitations on Russian nationals and the Russian state. And suddenly, everybody needed to be concerned about the sanctions activity, so we released a free on-chain smart contractor, Oracle service and then an API. And I think you were able within just a few weeks to incorporate that screening check as a feature within Dynamic, which a developer can turn on or off as they decide it's necessary for their application, right?

Itai Turbahn: That's exactly right. I think that's a great example of for very specific use cases, to your point around DeFi, around use cases that touch money. In specific jurisdictions, you have compliance requirements and the question is, how do we make sure that if you have requirements that you need to adhere to, you have a tool that you can just toggle on to your point and restrict access within a specific use case you have with a Chainanalysis? That's an example of one vertical within DeFi where the toggle concept works really well, which is, okay, how do I just turn that on? In a very similar... Either examples extend to privately preserving information sharing or things of that sort or Web3 based communication. The idea is how do you completely abstract the way, the need to implement and maintain another thing and just toggle it on and off? And we handled the complexity beneath the surface of that.

Ian Andrews: Very cool. You mentioned something a couple minutes ago that I want to jump back to, which was this idea of verifiable identity. There's this term, a DID or a did, I hear some people pronounce it as that is becoming more and more popular. My perspective is currency was really the first killer use case in the blockchain domain. It's driven all the popularity over the last decade. Identity seems like the next use case that is going to have widespread implications. You all published a blog we'll link to, but maybe if you can summarize the big pieces around this new layer of identity management. Because I think it's a core part of what Dynamic is building to support, if I understood it correctly.

Itai Turbahn: Absolutely. I think to your point, the beauty of crypto in my opinion is not necessarily the money part, but it's the shared rails part. It's the fact that everyone works on these shared rails, whether it's shared payment rails or whether it's shared identity rails and the ability for you to go from website A to website B and reuse information in a way where everyone can work within these open set standards. One of the challenges you face today in Web2 is that you go to website A and you enter your information and you have to provide everything, and then you go to website B and you enter your information and your address, et cetera. And again, you have to provide everything.

And this is the complete reverse of this privacy approach, which is what is the minimum information I can provide to you in order to prove what it is you need to be proven on the website side, while maintaining my privacy and while maintaining my sanity or not having to fill out the same information over and over and over again? And there are multiple ways of doing this, either with verifiable credentials and DIDs, decentralized identifiers, or with soulbound tokens. But the principle is that, can I do something once, sign it in a way and store it in a way where the second time I'm asked to do the same thing, I can show a proof that I've done it and potentially show a subset of the information allowing me to portray that I have completed the proof required without re-sharing my information?

The example I like to use is the one click checkout for the web, which is inherently, can I go to website A and via a combination of a wallet for payment and a wallet for storage of information, my address, et cetera, with a verifiable credential and decentralized identifier, can I really complete one click checkout on website A, and then one click checkout on website B without re-entering the same information over and over again? That's the beauty of these shared rails for identity is they allow you to start doing these magical things of cross site information sharing. And I know that was an extremely long answer to your question, but hopefully it illustrates the exciting things you can do with privacy preserving identity that you can take with you. And Disco brands this a backpack, which I think is a really cool branding, of take with you in a backpack and share across sites as you see fit.

Ian Andrews: I think that last point that you just made is the key one there, is this privacy-preserving identity sharing, which to me is like two concepts that are a little bit in conflict, but we're seeing this is highly topical right now in crypto. Tornado Cash, obviously, was this decentralized mixing service, where the core premise was let's break some of the on-chain traceability of transactions notionally for privacy purposes. It shouldn't be the case that everyone can trace every transaction back to the originating wallet because there's good reasons for privacy. But obviously, we saw some very bad people, North Korean hackers, in particular, who were abusing that Tornado Cash service to launder really large volumes of money.

And so, treasury stepped in and took some action to basically remove Tornado from being something anybody that touches the U.S. financial system could then in turn touch. And I think privacy-focused people, there's a huge outcry here for good reason. I believe privacy is a fundamental right, but at the same time, I think there is another side to that which is we also need methods and broaches to be able to prevent bad actors from abusing the platform. And so, it seems like the middle ground here that we necessarily need to get to is this idea of verifiable identity that doesn't necessarily link me to my real-world identity. We had Caroline Hill from Circle on the podcast recently. She was talking about a project called Verity that they are launching, supporting getting off the ground, and I think that is key to this whole idea of privacy decentralization in Web3 is going. I'm curious if you agree, if you have some thoughts on the topic.

Itai Turbahn: It's a topic I'm personally fascinated by. I think it comes down to a fundamental question of when you interact with someone, do you need to know everything about them or do just need proof that they are who they say they are? One of the cool things about Verity ID, or there are a lot of other interesting startups in this space, which are essentially trying to do tokenized KYC. And the fundamental thing they're trying to solve is, do I need to... Let me actually say it in a different way. Today when you go to a bank, you have to upload your ID, you have to upload the front of your ID, the back of your ID, and you have to take a selfie and you have to do a bunch of KYC AML type processing. And then you have to go to a second bank and do the same thing all over again, and then the third bank and have to do the same thing all over again.

And so, you provided these three banks your entire history or whatever it takes. Can you technically use verifiable credentials or tokenization with soulbound tokens generate a certified result of your interaction with the first bank and take that to the second of a financial institution or second institution and say, "Hey, I went through this process, I got approved for this process and I am who I say I am?" Can you essentially reach the same level of trust with that person without having that person redo the entire process? What Verity ID does, or any one of these, is really the concept of, can I do this process once, get some sort of certified result and use it as a pointer and say, "Hey, I already went through this process, here's the result, now approve me?"

So it comes back to the question I mentioned earlier, which is, do you need my information or do you want to see proof that I am who I say I am? And they're very, very different things. And so, do you need my birth certificate or do you just need the ability to show that, "Hey, I was born on the date that I say I was born?" And that's this really cool thing that you can do with verifiable credentials and DIDs and so on. In a way that's coming back to that thing, which is privacy-preserving ways to share identity in a scalable way. That's something I'm super excited about. It creates more privacy and it creates more incentive for folks to comply with whatever regulation they have to comply with because it lowers the friction to redo the process over and over again.

Ian Andrews: I'll take it even one step further, which is I could go through that KYC check that you described, provide all my credit history or government-issued documentation to a centralized provider who then issues a token saying, "Yes, Ian's been verified in the following ways. We validated source of financial funds or country of residents." But then that token doesn't disclose any of that information.

Itai Turbahn: Correct.

Ian Andrews: So zero linkage back to my real-world identity. It's just a confirmation that information's been verified once, and then other services could accept that token. And as far as that, that other company or application is aware, they only have a public key type identifier associated to my user activity. They don't know anything about me, but they have a level of confidence that someone else has done the authorization and assessment of all of my relevant credentials for whatever the application purpose might be. And I think that decoupling of real-world identity that you don't have to release that universally to access most applications makes all the sense in the world.

Itai Turbahn: That's right. It comes back to, I don't know, when I was a kid in math, they would make you write out the proof and the fact that you had an answer wouldn't matter. And I always thought that was weird. What does it matter? As long as I get the final result, that's fine. And it's a little bit similar here, which is, okay, do you really need to see the entire proof of my history or do you just need to see the result of I am who I said that I am? Or "Hey, Circle or Coinbase have certified this address as a real person that they want to work with." There's going to be a lot of debates around it. I'm not very much not an expert in this specific field and I think there are a lot of really interesting companies trying to think about things around tokenized KYC or projects like Verity ID that are trying to tackle this head-on.

Ian Andrews: Super exciting. Last question for you before we wrap. What's next on the horizon for Dynamic? What can we expect in future announcements?

Itai Turbahn: We're a little bit under wraps, so we're not going to share a crazy amount. I will say the following, here's what we care about. We are obsessed around first making sure our customers are happy, so you're going to see a lot of our most requested features get launched soon. And the second is a little bit touching on that orchestration strategy, which is how do we do a better job abstracting away more and more of the integrations needed to leverage Web3 identity? How do we turn more of these really cool, the Lit protocols of the world and Lens protocols and guilds of the world into things that you can just leverage as a developer within a click, rather than spend a lot of time implementing.

And really the goal there, and it ties into our mission, which is how do we accelerate wallet-based authentication? And how do we make it fundamentally easy for folks to implement and leverage? And so, you're going to see us do a lot more on anything that ties into that, okay, how do we accelerate? How do I make sure that five years when you log into a website, you're actually not creating a username and a password and reentering your same information, but rather you're clicking on a button and it just works? And so, you're going to see us do more and more things that try to get to that abstraction.

Ian Andrews: Very exciting. Can't wait to see as you start to ship some of those capabilities. Itai, thanks again for joining us on the podcast today. It was a great chat.

Itai Turbahn: Absolutely. Thanks for having me. This was fun.

Ian Andrews: Thanks for listening to this episode of Public Key. We're releasing new episodes weekly, so if you like what you heard, then don't forget to subscribe, review, and of course, share with your friends. The DeFi space was once again rocked last week because hackers stole roughly 160 million in Stablecoin tokens from market maker Wintermute. The attack was made possible by a vulnerability recently discovered in the address creation tool, Profanity. Hackers were able to reverse engineer the private key of a wallet known to be used by Wintermute, which was then able to transfer funds out of a vault. If you want to see where the funds have gone, drop into the show notes and you'll find links to our recent analysis.

‍