The quest of Colombia’s #1 hacker to solve LatAm’s crypto insecurity 

By Natasha Pentin February 16, 2023

This piece was co-authored by Tereza Bízková

The 26-year-old Colombian, Jose Pino, started working in cybersecurity when he was only 13. In 2018, he was the youngest Colombian to speak at Black Hat Arsenal, one of the biggest hacking events in the world held in Singapore. This was thanks to Trape, an open-source recognition tool he created that allows government organizations, companies, and researchers to track people, like cyber criminals, and execute intelligent engineering attacks in real-time.

Pino is in a prime position: As crypto adoption rises across Latin America (LatAm), he’s developing advanced tools to help prevent crime online. And now he’s turned to protecting crypto users from an increasingly volatile market. He too has even felt the uncertainty of this currency, as when LUNA—one of Terra blockchain’s stablecoins—crashed, he felt defenseless because it was something he wasn’t able to predict or track.

“I was lucky to save a lot of my funds exposed to LUNA, but the paranoia continued for weeks as I diversified into other stablecoins. Many people lost millions. I thought: The crypto world is not safe.”

An idea was born from this catastrophe—Andro, his new company redefining the way people save money and use decentralized finance (DeFi) technology. According to Pino, the company is aimed at “protecting people against the loss of parity while increasing the value of their capital to combat global inflation through digital dollars in a transparent and self-custodial way.” 

Andro is expected to launch by Q2 of 2023. 

Living in the HTTP era of Web3

According to a recent Chainalysis report, it was emerging markets, as seen in developing regions such as LatAm, that drove large-scale crypto adoption last year. High cellphone penetration, relatively low rates of banked populations, and record inflation (in Argentina, it reached 78.5% this August) are all reasons why the region will likely remain bullish in the crypto market in years to come. 

Blockchain has opened Pandora’s box of opportunity in LatAm, with the uptake also presenting an opportunity for crime.

There’s been a boom in hacking, fraud, money laundering, ransomware, and other types of crime across LatAm. The caveat is that crime never really stops; it just mutates. So, to counter this, security development is also a battle that will never end, and the evolution will need to be constant.

In a conversation with The Bogota Post, Pino suggested that it’s the lack of education and protective infrastructure that are to blame. For crypto to thrive in LatAm, further education needs to be a priority, and blockchain professionals must build decentralized protection to push innovation forward.

A lack of financial knowledge is a systemic issue across LatAm. That’s why people fall for traps like buying an NFT for $100 with the hope of becoming a millionaire. “But this is also crypto’s power; mistakes make people learn about finances—and fast,” said Pino.

“LatAm is passing through the stage that Europe and the US have already experienced—the creation of good-for-nothing projects,” Pino notes, highlighting how this can diminish the credibility of crypto among inexperienced users and put them off from investing. 

Jose Pino giving a talk at HashHouse, Medellín. September 14, 2022.

Not all advances are good, and steps in the wrong direction can push the entire ecosystem backward. “Monkey portraits in Medellín won’t revolutionize Latin America… NFTs and tokens that are useless will go out of style quickly,” said Pino. Instead, he referred to technology projects needing to deliver the infrastructure this region needs.

While security should be paramount, Pino notes that economic gain has been the key driver of activity in crypto to date. “Blockchain builders need to innovate and build high-quality projects, not raise capital and build MVPs. And, as users, we collectively need to learn how to identify and avoid projects that don’t support the ecosystem.”

Today, many projects in LatAm define themselves as Web3, even though they only incorporate some of the defining principles. True Web3 is yet to make its mark in the region to garner the full benefits which include transparency, safety, and scalability. 

“I view LatAm’s blockchain ecosystem as an HTTP version,” Pino claims, comparing it to previous less secure and efficient structures for communicating data online before HTTPS was adopted. “Blockchain structures have already been invaded by governments and need a security and privacy boost. We need to advance to the next version of blockchain.”

Bitcoin for tomorrow, stablecoins for today 

Privacy is a human right. That’s why Pino believes blockchain builders in LatAm should be developing products and mechanisms with privacy as the ultimate goal, rather than concentrating on short-term hype projects that die out. 

A focus on disruptive projects is what he thinks will build a more stable and resilient world of crypto and potentially convert a city like Medellín into the Crypto Valley of South America. 

One of Pino’s plans to advance privacy without sacrificing security with Andro is moving to KYT (know your transaction) from KYC (know your customer). In blockchain, there’s no need to know who’s behind the wallet—you just need to know whether a wallet is associated with criminal activity in any way.

Tools like Chainalysis and TRMLabs analyze the risk of wallets and can prevent the income of irregular funds to different crypto exchanges and platforms. This is all while users are the owners of their data. Andro, for example, still wouldn’t collect any personally identifiable information like emails or addresses.

Another aspect of Pino’s vision for the safe use of crypto in LatAm is centered around stablecoins. Already, a JPMorgan report claims they now represent a record 17% crypto market share. Stablecoins’ potential to eliminate the high amounts of risk so characteristic of the crypto market that is so characteristic within the region could be a game-changer.

“If you pay a woman selling empanadas in Bitcoin, by the time she decides to cash out 1 million COP ($225 USD) a month later, it could be 800,000 COP (180 USD),” said Pino. “Using Bitcoin puts her at a disadvantage.”

But stablecoins are much less volatile and comparable across markets. For example, USDC or USDT gives anyone easy access to the US dollar. For communities worldwide, this reduces their reliance on unstable local currencies, empowering them to participate in the global economy—without regulations or high conversion rates.

This is partly what inspired Pino’s solution, Andro. “Bitcoin may be a long-term game, but for now, stablecoins are the solution. Despite their potential, though, the crash of LUNA showed us that even stablecoins can be vulnerable.”  

Andro offers a form of “decentralized savings account” that splits users’ funds according to their preference or by diversifying them across stablecoins such as USDC, USDT, and DAI – the latter being what Andro recommends. The algorithm automatically scans for any fluctuations; should one token show a downward curve, and Andro automatically pours the funds into the other two. This way, it aims to become a security mechanism to maximize ROI and protect the money of users—even of those with no substantial financial knowledge.

“The DeFi world is currently not for everyone,” Pino adds. “If we talk about a 50-year-old person, they don’t know what a whitepaper, roadmap, or staking is,” he continues, hinting at how the lack of understanding can result in inherent user vulnerability. “We also want an easy Porsche-like dashboard to let everyone reap the benefits of web3—safely. For example, every day many people use the HTTPS protocol, without knowing how it works. The focus should be more on usability.”

There are simple actions users can take to protect their funds, like turning off their phones overnight and never revealing how much crypto they have or where they store it. But the transition to crypto across LatAm would be expedited if more concrete safe spaces existed too. 

For example, until now, there was no solution to help crypto owners protect their wallets: If you lost your wallet or it was stolen, there was nothing you could do. For that reason, Andro has a section for a backup wallet with a specific disconnection time. If you lose your primary wallet, a second one can be accessed after a certain time, giving users more security, independence, and control. 

And this is just the start: Pino foresees many more security tools building threat detection or defense mechanisms for a more robust crypto ecosystem that helps bolster LatAm as a future destination for crypto. 

Disclaimer: This article mentions a client of an Espacio portfolio company.