Hello everyone, I’m Justin Leroux, CEO of hardware wallet manufacturer GridPlus, and I’m excited to announce my candidacy for the Arbitrum Security Council.
Every day of my life revolves around blockchain security and the greater Ethereum ecosystem. This focus is simultaneously my vocation and my passion: there’s little distinction between work and free time. Researchers, developers, and security experts are both my colleagues and social circle.
Providing secure hardware for critical self-custody applications makes me uniquely suitable for the role, because I understand the full gravity of the responsibility my firm has to end users who are securing their life’s savings, their DAO treasuries, and their startups’ runway and how that is analogous to the responsibilities of this position. In my work, there is no punching out at the end of day: if an esoteric edge case with signing arises creating an issue for our users it means we need to stay up with them through the night to resolve the matter as quickly and efficiently as possible.
I absolutely love what I do. I am lucky and thrilled to be contributing to the design and specification of our next device which will be my own dream hardware wallet, but I also think that anyone else looking to found a software or hardware wallet company is either crazy or oblivious to the gravity of the obligation they are taking on when securing their users’ crypto assets. It’s nerve-wracking. But it’s also deeply fulfilling when we hear from users thanking us for helping avoid losing funds. I know that in this role I will extend that same dedication and sense of responsibility to the Abitrum ecosystem that I do to our customers.
The broader Ethereum ecosystem is very lucky to have a talented community of smart contract security professionals. I have basic coding proficiency, but I am not a software engineer - what I can bring to the table is specialized knowledge and experience that complements that skill set. Even among sophisticated developers, there is a major blind spot when it comes to comes to best practices for private key management and the very unsophisticated ways in which funds are frequently lost. I regularly have the unfortunate experience of talking to people who have lost a meaningful amount of money due to malicious actors in this space and am aware of the common attack vectors by which regular people are losing billions in crypto annually. There’s no more appealing target for bad actors than digital bearer assets which means there is a never-ending arms race between talented and creative bad actors and those trying to make crypto safer for everyone.
All of the above is more of a narrative than a list of skills, but it demonstrates the value I can provide and the ways in which I meet the criteria outlined for the duties, values and practices desired in a Security Council member. I’m terminally online and on call for emergencies at all times. If highly specialized knowledge is required that the council does not have, I can act as a switchboard to connect us to the right resources at any time. I’m experienced with high stress crisis management situations including how to effectively and transparently communicate with impacted parties throughout that process. I am intimately familiar with best practices for responsible disclosures and I would relish in the chance to participate in security drills and flag day events. I am deeply familiar with best practices for opsec, internal controls, and maintaining the best possible security hygiene, and, of course, I will have no problem maintaining a dedicated hardware wallet for the purpose of carrying out my duties in this role.
As someone who runs a company whose book club is currently plowing through Peter Gutmann’s Cryptographic Security Architecture: Design and Verification, when I heard about this role from a friend at Prysmatic Labs it seemed like a perfect fit.
Thank you very much for reading through this wall of text and for your consideration. If I overlooked anything important please let me know in the comments - I’d be more than happy to answer any questions or elaborate further on any of the above.