SECURITIES AND EXCHANGE COMMISSION v. BINANCE HOLDINGS LIMITED et al Document 141: Redacted Document, Attachment 10

District Of Columbia District Court
Case No. 1:23-cv-01599-ABJ-ZMF
Filed October 3, 2023

REDACTED DOCUMENT- Exhibits of Matthew Beville Declaration to[126] ORDER granting Application to Seal Exhibit 1 (Redacted) by BAM MANAGEMENT US HOLDINGS INC., BAM TRADING SERVICES INC.. (Attachments: # (1) Exhibit 2 (Redacted), # (2) Exhibit 3 (Redacted), # (3) Exhibit 4 (Redacted), # (4) Exhibit 5 (Redacted), # (5) Exhibit 6 (Redacted), # (6) Exhibit 7 (Redacted), # (7) Exhibit 8 (Redacted), # (8) Exhibit 9 (Redacted), # (9) Exhibit 10 (Redacted), # (10) Exhibit 11 (Redacted))(McLucas, William)

BackBack to SECURITIES AND EXCHANGE COMMISSION v. BINANCE HOLDINGS LIMITED et al

Tags No tags have been applied so far. Sign in to add some.

Jump to Document 141 or Attachment 12345678910

  Formatted Text Tab Overlap Raw Text Right End
Page 1 Declaration of Matthew Beville
Ex. 1
Page 2 EXHIBIT B
Page 3
UNITED STATES DISTRICT COURT

FOR THE DISTRICT OF COLUMBIA

SECURITIES AND EXCHANGE
COMMISSION,
)
)
)
Plaintiff,
)
)
v.
)
) Case No.
BINANCE HOLDINGS LIMITED, BAM ) 1:23-cv-01599-ABJ
TRADING SERVICES INC., BAM
)
MANAGEMENT US HOLDINGS, INC., )
AND CHANGPENG ZHAO,
)
)
Defendants.
)
______________________________)

VIDEOTAPED DEPOSITION OF ERIK KELLOGG

THURSDAY, AUGUST 24,
9:50 A.M.

Washington, DC

REPORTED BY:
SHERRY L. BROOKS,
CERTIFIED LIVENOTE REPORTER
JOB NO. 230824SLB
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 4 10:
10:
Amazon environment that was not established by

Binance Holdings?

A.
If I'm understanding correctly, so Binance

-- so BHL helped to -- they spun up Bam's AWS

environment.

don't -- I wasn't here for that.

manage anything as of today, as of a couple months

ago or -- right.

10:53
Q.
But -- so they helped set it up, and I
But they don't
What access do they have to that AWS
environment that they set up for Binance.US?
A.
So the -- few folks -- a few BHL people

who have access are only allowed to access and help

support the services and/or systems within AWS that

run the matching engine, that comprise the matching

engine.
10:54
Q.
What about the wallet software?
10:54
A.
The wallet software is in a BHL on the AWS
10:54
10:54
10:54
environment.
Q.
It's separate from ours.
So the wallet software is not in a
Binance.US AWS environment?
A.
Components of it are, but, no, it is not.
The back end of it is not in our environment.
Q.
Okay.
So then circling back to my initial

question, the SOC reports -- I had initially asked if

the SOC reports cover all components of the
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 5 10:
10:
Binance.US services and infrastructure.

I feel like we're getting caught up on

infrastructure, so please clarify, but even that

which is provided by third parties.

And, again,
So in my view -- and, again, correct me if

I'm wrong -- the wallet software is a component of

the Binance.US system.

understanding?

A.
No.
Is that not your
The wallet software is to me -- we

treat it as any other third-party software or service

that we're using, but the components that -- that

control that software do live in our environment.

there's a part of that that -- which is P and K.

That lives in our AWS environment.

was included in these third-party assessments.
10:55
Q.
So
That is -- that
And what components of the wallet software

are in the Binance Holdings AWS environment that was

not included in the SOC report?
10:55
10:55
10:55
A.
I would consider it the back end of the
software.
Q.
And what does that back end do or how
would you define "back end"?
A.
I would define the back end that that's

what actually is the part that interacts with the

keys in the chain in the blockchain aspects.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 6 10:
10:
I think just with -- as with any of the

third party that we would use, I couldn't tell you

exactly what a third-party spec and system were

doing.

do what we need to do as a business with those assets

and we treat it as such.

We were told -- we were given the ability to
Q.
Okay.
So just so I understand, the back

end is the part that interacts with the keys.

what you're saying?
10:56
A.
end works.
10:56
Q.
I couldn't tell you exactly how their back
I couldn't tell you.
But I think you testified previously that

the back end interacts with the keys.

changing that testimony?
10:56
A.
That's
So are you
I would say that there's some interaction

with the keys there.

back end interacts with the keys, at least to me.

yes.
10:57
10:57
10:57
10:57
Q.
Okay.
I think it's obvious that the
So
And Binance.US does not have access
to that environment?
A.
No, not -- we don't have access to the AWS
-- to their AWS.
Q.
To the AWS that hosts the component of the
software that interacts with the keys?
A.
Correct.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 7
Q.

environment?
10:
A.
Yes.
10:
Q.
And who has access to that AWS

environment?

A.
10:
10:
10:
And Binance Holdings, that's their AWS
I wouldn't know.
We're not involved in
their -- in their management of that system.
Q.
So just so I understand, sitting here
today, you don't know who from Binance Holdings has

access to the AWS environment that interacts with the

keys for the Binance.US wallet software?
10:58
A.
Correct.
10:58
Q.
And we're going to get into the systems a

little bit in more detail, but I'm just trying to get

the lay of the land.
10:58 10:58
10:58
10:58
A.
Um-hum.
MS. FARER:
Now maybe -- now might be a
good time for a quick break.
MR. BEVILLE:
Yeah.
We've
been going about an hour.
THE VIDEOGRAPHER:
The time is 10:58 a.m.
We are now off the record.
10:58
(A break was taken.)
11:11
THE VIDEOGRAPHER:

That works.
The time is 11:10 a.m.
We are now on the record.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 8 12:
12:
12:
Q.
How do you know that someone from Binance
can't do that as well?
A.
You know, we have access to the portal and

see which users are in there.

know.

Q.
So to that extent, we
Do you have -- when you say you can see
what users are in there, what do you mean?

A.
Okay.
12:07
Q.
Do you have visibility into all means of
12:
access for that TSS portal?
12:07
A.
As far as I know, yes.
12:07
Q.
How are you supposed to gain comfort with
12:08
that if it all sits in the Binance environment?
A.
Again, this is where we would fall back on

the third-party risk assessments, our own security

diligence, our conversations.

all of our custodial solution partners.
12:08
Q.
And it's standard for
So your confirmation that Binance doesn't

have access to the TSS portal is confirmation from

Binance?
12:08
A.
And the third-party reports we saw.
12:08
Q.
The third-party reports you're referring
12:08
to are the SOC 2 and ISO reports?
A.
Correct.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 9 12:
12:
Counsel, we've made a number

of requests for production of documents relating to

access controls and the infrastructure here.

12:
MS. FARER:
MR. BEVILLE:
We can discuss this on a
break.

MS. FARER:
Well, I'm going to put it on

the record that we would like a copy of those reports

given that is how Mr. Kellogg just testified that is

part of the way he gets comfort in the level of

access from Binance to this portal.
12:09
MR. BEVILLE:
Understood.
Do you want to

ask Mr. Kellogg about how he's accessed those

documents?
12:09
MS. FARER:
12:09
BY MS. FARER:
I'm happy to ask.
12:09
Q.
How have you accessed these documents?
12:09
A.
The SOC 2 report and ISO -- well, the SOC

2 report was provided to me from BHL, through our

standard third-party diligence.

chance to review them, that's been revoked and I

haven't had a chance to -- I don't have them anymore.

I don't have the SOC anymore.
12:09
But since I've had a
I can't get it.
In the ISO report we saw the

certification, the official certification from the

third party.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 10 12:
12:
12:
12:
Q.
So have you ever had actual possession of
these documents?

A.
No.
They've been shared with me from the

-- BHL's infrastructure.

MR. CANELLOS:

"shared," I think, is the question?

possession?

A.

What do you mean by
Is it physical
Is it some other --
No.
So it was like a Google doc link from
their Google environment.
And, you know, they can

control -- like you can't -- you know, we couldn't

download it.
12:10
You know, we couldn't print it.
They had strict controls around what I

could actually do with the report besides pull it up

and read it on my screen.

besides that.
12:10
BY MS. FARER:
12:10
I couldn't do anything
Q.
And why wouldn't they give it to you to
actually like save and have a copy of it?
12:10
A.
In my opinion, the potential proprietary

information that could get out could -- could cause a

security leak if any of that got like -- so it's not

uncommon I would say that given the amount of

sensitive and secure information that are in these

types of reports that you don't necessarily hand them

out.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 11 12:
12:
12:
12:
12:
I think that that goes case-by-case,
business-by-business decision.
Q.
Is that what was explained to you as to
why you couldn't have the report?
A.
Yes, but I also agreed with that point of
view.
Q.
And what entities are covered by this SOC
report that you saw?

A.

Technologies.
12:11
Q.
So on the name I believe it was Block
And I want to turn to that in a second.

But what other third-party vendors that service

Binance only provided you a SOC 2 ISO or other

security report through a screen share?
12:11
MR. BEVILLE:
12:11
MR. NELSON:

Which entity are you
referring to?
12:11 12:11
Which Binance --
MS. FARER:
A.
Binance.US.
Well, I would say BitGo has a SOC 2 report

that they did provide us, but they don't have any ISO

reports.
12:11
BY MS. FARER:
12:11
Q.
They provided you a copy that you have?
12:12
A.
Correct.

Fire Blocks gave us a SOC
report, but they do not have an ISO report.
And I'm
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 12 12:
just giving you some examples of the other custodial

solutions that we are working with, whether they're

implemented yet or not.

Q.
I guess I'm just asking a very specific

question.
Are any of the other third-party service

providers that Binance.US uses -- did any of them say

I'm only sharing the SOC 2 report through a screen?
12:
A.
Not that I'm aware of.
12:
Q.
Now, going back to the SOC 2 report that
Not that I can --

you saw on the screen, you said it was for Block

Technologies?
12:12
A.
Yes.
12:12
Q.
And what is your understanding of what
12:12
that company is?
A.
It's my understanding that Block

Technologies was acquired by BHL for their wallet --

for part or some of their wallet technology and,

therefore, was -- that -- that -- that was the same

technology as what we have from BHL.
12:12
Q.
What is the basis of your understanding
that Block Technologies was acquired by BHL?
12:13
A.
Conversations with Bob.
12:13
Q.
And what is your understanding that -- I
12:13
guess, let met break this down.
When did this acquisition occur?
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 13 12:
A.
That, I'm not sure.
I don't know.
12:
Q.
Was there a Binance wallet solution in

place before Binance acquired Block Technologies in

place for Binance.US?
12:
A.
I don't know.
12:
Q.
So when you say -- I'm just trying to

understand when you said the Block Technology (sic)

solution was the same that you were using.

seems to be -- you were making a distinction between

some kind of wallet software.

understand.
12:13
A.
Well, yes.
There
So I'm just trying to
So my question was the same,

why is -- why is -- you know, why is this name on

this SOC report and why are you giving it to me when

I'm asking for a SOC report for the wallet technology

for the wallet services that we're getting from BHL?

And they gave that to me with the response that this

is the technology that you guys are using.
12:14
This is -- this is the technology.
You

know, Block was acquired by BHL for -- again, for

either parts or -- for some part of the wallet

technology, but it was applicable -- definitively

applicable to our implementation of BHL's wallet

software.
12:14
Q.
So sitting here today it is your
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 14
understanding that that SOC 2 report for Block

Technologies covers the solution that is provided to

Binance.US wallets?
12:
A.
That is my understanding, yes.
12:
Q.
And the basis of that understanding is
12:
12:
what?
A.
The conversations with Bob and the
relationship with the -- that we built.
Q.
What included in the report gave you the

understanding that that report covered what

Binance.US was using?
12:15
A.
Are you asking how do I know that the

auditors were actually auditing our infrastructure

versus something else?
12:15
Q.
Yes.
12:15
A.
I don't have anything to tell you.
12:15
Q.
Okay.
12:15
MR. BEVILLE:

hour.

put out a marker.
12:15
So we've been going about an
It's getting close to lunch.
MR. NELSON:
I just wanted to
At this point, apparently the

audio went out on the WebEx.

hosting that, but if you could check it.
12:15
MS. FARER:
12:15
THE VIDEOGRAPHER:
So I don't know who is
Let's go off the record.
The time is 12:15 p.m.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 15
any of this.

our custody software what -- you know, what's the

name of it?
14:
14:
14:
14:
BY MS. FARER:
Q.
A.
But I mean, new entity in the sense
No.
It was my understanding it was still
going to be a Binance entity -- sorry.

Q.
14:11
Okay.
of this is not Binance Holdings?

It was more of like as we referred to
Right.
(Simultaneously speaking addressed by
Madam Reporter.
14:11
BY MS. FARER:
14:11
Q.
So let me ask:
So Binance Holdings is a

company, and so I'm saying a separate entity in that

CEFFU is a separate company from Binance Holdings.
14:11
MR. CANELLOS:
14:11
MS. FARER:
14:11
MR. CANELLOS:

A.
14:12
That's my question.
Is CEFFU a separate company
I don't know.
BY MS. FARER:
14:12
14:12
Yes.
from Binance Holdings?
14:12
Are you asking that?
Q.
What is your understanding of what CEFFU
A.
Right now, I don't know what it is
is?
anymore.
It was my -- at that time it was my
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 16
understanding that it may become a branch of BHL

where they commercially sell their services, was my

understanding at that time.

CEFFU is.
Now I'm not sure what

Q.

referring to?
14:
A.
So early 20 -- earlier this year.
14:
Q.
And so why has your view changed that you
14:
14:12
And at that time what time were you
don't think you know what CEFFU is?
A.
Because I've since then directly asked Bob

are we -- do we have a relationship with CEFFU, and

he said no.
14:12
Q.
So all of the materials including that

which was provided to auditors referencing CEFFU

being the wallet software provider is -- they are

inaccurate?
14:12
A.
14:13
14:13
The name is inaccurate.
MR. CANELLOS:
Well, how is the name
inaccurate?
A.
Instead of CEFFU, it should say BHL.

Nothing is -- the fundamental technology, people,

processes, everything that makes up the BHL wallet

services that we use has never change.

ever changed on that.
14:13
Nothing has
It was simply referring to it -- when I
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 17 16:
A.
Correct.
Yes.
16:
Q.
And, again, in terms of just the approval

process, have there been instances in which any of

the shard holders rejected a request?
16:
MR. CANELLOS:
16:
MS. FARER:

went to their device.
16:
A.
Approval of what?
Approval of a transfer that
Not that I'm aware of, but a -- a -- a
reject (sic) of a certain transaction would not

necessarily warrant a security event.
It may just

have been, hey, communication between maybe
saying I put the wrong

address; don't accept that, or the shard holder

accidentally hitting the wrong button.
16:44
But as far as I know, nothing has been

brought to my attention from a security perspective

that someone rejected a request.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 18 GRADILLAS COURT REPORTERS
(424) 239-2800
Page 19 18:
.com (sic) team will notify .US (sic) immediately of

any incident related to supporting license

technologies or infrastructure" -- and then it goes

on.

18:
But my question is:
Is there such a
process in place?
A.
So -- so we've communicated with them.

But if we're talking about incidents -- yeah, so

there's a few Slack channels that -- one example

would be MBX Slack channel.

form BHL that are MBX engineers.
18:41
That has a few folks
So if there's an issue that they've

identified with a matching engine, they'll reach out

to our engineering team through that channel which

then they can help work through how to resolve that.
18:41
18:41
18:41
Q.
Is there a Slack channel devoted to the
wallets?
A.
No.
There is --
Q.
So how do you
communicate with .com relating to the wallets?
A.
So I typically don't.
That would be,

again, under -- Frank's team usually is engineering.

If it's a security-related event, my team had --

there's a way that BHL -- we have a security team to

security team channel.
18:41
But if it's an incident in the sense of a
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 20 18:
malfunction or a misconfiguration of the -- one of

the -- you know, of a matching engine or maybe a

wallet, the matching engine has a dedicated channel.

The wallet services, there are a couple of

Slack channels dedicated to that.

back to you if there's actually any BHL employees in

that Slack channel.
18:
18:
Q.
I'd have to get
Okay.
MS. FARER:
And, Counsel, we would put

that request on the record for communications with

BHL regarding the wallets and we can talk about

scope.
18:42
We understand you have an objection to our

request for communications, but we maintain that this

is relevant and this is an opportunity based on

information that you all have provided to narrow our

request.
18:42
MR. BEVILLE:
happy to discuss this.
18:42 18:42
18:43
This is exactly the -- we're
BY MS. FARER:
Q.
Okay.
And then the last paragraph --
explain to me what this means.
A.
So I am -- I take this as to say that the

CEFFU BHL SOC 2 report doesn't cover Bam's AWS

infrastructure.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 21 18:
18:
18:
18:
Q.
Okay.
And at the time when you read the
SOC 2 report, did you understand that it did?
A.
No, which is why I don't really understand
why this statement is here.
Q.
I'm confused.
So when you read the SOC --

the SOC 2 report for CEFFU, did you believe that it

covered the solution that Binance.US actually uses?

18:43
A.
Oh, at the time I was -- yes.
I -- yes.
That was my understanding that it did.
Q.
Okay.
But this paragraph indicates that
it does not?
18:44
A.
Right.
18:44
Q.
So aside from the SOC 2 report that was

shared on screen with you and FGMK, is there some

other report that you have received regarding the

security for the controls for CEFFU?
18:44
A.
No.
18:44
Q.
So how in your role as chief information

security officer do you have comfort in the security

of those assets?
18:44
A.
So it's my understanding that it's still

the same technology, same text stack.

nothing is different except for the environment that

it's hosted in.
18:44
Same --
And due to the fact that once we clear the
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 22
air that it -- that it -- once we got the

understanding that it wasn't, we were in discussions

with BHL for them to conduct a new SOC report on

specifically our environment, which they initially

agreed to.
18:
Q.
When did that conversation occur?
18:
A.
Either late last year or earlier this
18:
year.
I don't remember the exact time.
Q.
And you said Binance.com initially agreed

to have your wallet software be reviewed for under

SOC 2?
18:45
A.
By a third party, yes.
18:45
Q.
And when you say initially agreed, has
18:45
that decision changed?
A.
Yeah.
Well, I haven't been told it's not

going to happen, but it -- we haven't made any

progress on that.
18:45
18:45
Q.
And why have you not made any progress on
that?
A.
I think -- I don't know.
I can't speak to

why the communications are slowed down on the -- on

the BHL side, but that's a big part of it.
18:45
Q.
What progress was made when you were under

the impression that this SOC 2 report was going to --

or the SOC 2 assessment was going to occur?
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 23 18:
18:
A.
Identifying which third-party assessors we

-- you know, we would consider going in for that.

it was a collaborative discussion, okay, recognize

that we need a SOC 2 report or some kind of security

report done specifically on our environment, our

implementation of the custody software.

And then it was already -- which they

initially agreed to, and then we were at the stage

of, okay, which vendors are they comfortable with,

So
you know, and that we are both comfortable with.
18:46
Q.
And was a vendor selected?
18:46
A.
We -- we didn't get that far.
18:46
Q.
Who were you talking to from Binance.com

about this issue?
18:46
A.
Bob again.
18:46
Q.
And when was the last time that you had a

communication with Bob about this issue?
18:46
A.
I don't remember.
18:46
Q.
Based on how these conversations have
I don't remember.

progressed, do you believe that a SOC 2 report for

the wallet software that Binance.US uses is going to

occur?
18:47
A.
I don't have reason to think it's not

going to occur.
Our discussions was while it -- my

opinion is it didn't have to be a SOC 2 report.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 24 18:
18:
It just had to be some third-party

security based assessment, whether that's office

security, penetration testing, or an actual

formalized SOC 2 or ISO.

like they agreed, yeah.

forward with that.

Q.
So the general consensus
They were happy to move
And -- I'm sorry.

you.

with them about this?
Maybe I didn't hear
When was the last time you had a conversation
18:47
A.
I want to say it was earlier this year.
18:47
Q.
Okay.
18:48
So like January? February?
What
month are we talking about here?
A.
The initial discussions came up sometime

in Q1, and I think we were continuing to discuss

periodically over the following months.
18:48
Q.
Have you followed up and pressed on the
status of this report?
18:48
A.
No, not recently.
18:48
Q.
And why not?
18:48
A.
Like I said, you know, communication

requests have slowed down.
So I don't know if

they're trying to identify a better point of contact

for us to have for these kind of things or -- you

know, while I have -- you know, while -- while it's

been great to have Bob as a single point of contact,
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 25 18:
18:
I've also asked if we can get more of a formal

contact tree (sic) in place, you know, for support

issues.

And so I don't know if while they work

through all of that they're trying to decide maybe

who should be in that role.

gotten a lot of feedback from their side on this yet.

Q.
18:49
And when you've tried to find an
alternative point of contact, who have you inquired
about that with -- that was poorly worded.
18:49
So, again, I haven't
Who have you asked for an additional point
of contact?
A.
So really Bob has been my only point of

contact.

him, which, again, I think he recognizes the problem

-- or not a problem, but as kind of a bottleneck in

our request and moving things along.

don't know what kind of progress he's made on his

side for that.
18:49
Q.
So for me making requests, they go through
But I just
So you've asked Bob for an additional
point of contact?
18:49
A.
Right.
18:49
Q.
Have you elevated this up within
18:49
Binance.US?
A.
Within Binance.US?
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 26 18:
To try and find an avenue to move forward

with getting a third-party security assessment for

your wallet service provider that holds the majority

of crypto assets for .US?
18:
18:
18:
Q.
A.
So yeah -MR. CANELLOS:
Excuse me.
majority of assets?

MS. FARER:

holds the majority of the assets.

testified to that.

characterization?
18:50
Mr. Kellogg
Is that an incorrect
You mean they provide the
software for the wallets?
MS. FARER:
Again, I ask for no speaking
objections.
18:50
Binance.com is the wallet who
MR. CANELLOS:
18:50
Who holds the
MR. CANELLOS:
Well, then I'm objecting to
your mischaracterization of the witness's testimony.
18:50
BY MS. FARER:
18:50
Q.
You can answer.
18:50
A.
So I would say as a critical software

vendor for our custodial processes that I think I

would love to have more structure around our

communication, you know, tree (sic) and a bit more

formalized structure around them as a -- as a third

party.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 27 18:
18:
18:
Q.
So as it (sic) sits here today, you have

-- you don't have insight into the environment that

hosts the technology for the security of the

background -- of the back end.

You don't have a third-party assessment

that evaluates the security of CEFFU, and you've

replied upon a questionnaire prepared by Binance

regarding the information of security?

I'm just trying to get an understanding of

the different pieces of information that you're

looking at.
18:51
MR. BEVILLE:
So I'm going to object to

the extent that mischaracterizes some of what Erik

says.
18:51 18:51
But please answer.
A.
So Binance did not create our security

questionnaire.
Me and my team created the

questionnaire.
We took input from various custodial

solution partners as well -- Binance, you know, had

some chance to -- to overview that with us, but they

did not create that.

questionnaires.
18:51 18:51
That was ours.
That was Bam's
BY MS. FARER:
Q.
Sorry.
To clarify, their response to your
questionnaire?
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 28 18:
18:
A.
Right.
So, yes.
So, additionally,

conversations that, you know -- again, once I was --

it was made clear that that was not our instance

(sic) of the technology, conversations led to, well,

what is different between what I see in the SOC

report and our -- and our implementation.

The answer was nothing is different.
So

we're taking that -- those conversations.

course, the subsequent conversations dive into more

detail specifics about that.

their word for it.
And of
It's not just take
18:52
As a security professional, I feel like I

know where certain topics need to be dug into versus

what -- what's -- what's realistic versus what's not.
18:52
And then, again, our internal control

systems and testing that we've done that we're able

to do, as well as the fact that we haven't found any

historical evidence of anything not functioning as we

were told, as we were presented.
18:52
Q.
Okay.
And who did you have those

conversations with about the difference between the

SOC 2 report and the solution you all have from

Binance.com?
18:53
A.
Again, that was Bob.
18:53
Q.
Okay.
I'm going to show you -GRADILLAS COURT REPORTERS
(424) 239-2800
Page 29 19:
it's no longer working.
Q.
And why was
the
person who had the shards?
19:
A.
I don't know.
19:
Q.
And why was
19:
A.
I don't know that either.
19:
Q.
How did you coordinate picking up the
19:
shards
?
?
A.
It was through --

and I -- I was given
information.
19:33
Q.
From who?
19:33
A.
I believe maybe
19:33
Q.
19:33
A.
-I don't specifically remember.
It was

somebody -- it was a Bam employee.
I just don't

specifically remember if it was -- I believe it might

have been

understand it, he's the one that has -- he has a --

he has a communication -- he's able to -- I don't

know -- to get communication with
the one that's -- as I
that is basically supporting our instance
from the operational side.
19:34
And so we kind of view
as like the BHL

support person for our wallet operations support, if

needed.
GRADILLAS COURT REPORTERS
(424) 239-2800
Page 30 19:
Q.
19:
A.
?
Yes.
That's how I understand it.
I've

never -- I don't have any direct exposure to see any

communications with anybody.

from conversations.
I mean, this is just
19:
Q.
Conversations with whom?
19:
A.
With
19:
Q.
So I thought we talked about earlier that
19:34
your point of contact for the wallets was
A.
?
Well, that is for the security and

technology and -- of the -- of the -- of the -- of

the wallets -- like the wallet system back end.
19:34
Q.
Okay.
So the role that
plays with the wallets is what?
19:34
A.

a role.

has requests that may affect our -- our shard

operations that -- that

would go to --
19:35
Q.
I don't know.
I wouldn't even say
All I know is that at times
has
may -- if
was the person that they
would go to in the past.
And how much in the recent past?
Like

when did that cut off, when the shards were delivered

to you?
19:35
A.
I don't know -- I don't really know if

this was really a -- like I said, I've never actually

seen anything that would say that they've had any
GRADILLAS COURT REPORTERS
(424) 239-2800
Space
Issues Laws Cases Pro Articles Firms Entities
Issues Laws Cases Pro Articles Firms Entities
 
PlainSite
Sign Up
Need Password Help?