In brief
- Beyond the high-profile $290 million Kelp DAO hack, Wall Street firms are concerned about their fiduciary responsibility to prevent state-sponsored bad actors from interacting with their systems.
- Digital Asset's Yuval Rooz highlighted the Canton network’s “guardrail” design as a solution to infiltration, a feature that remains a point of contention for crypto purists.
- Rooz believes that Arbitrum’s 12-member security council didn’t do “a bad thing” by effectively freezing funds that Kelp DAO attackers had left exposed.
North Korean-linked hacking groups have sent a shiver down the cryptosphere’s spine amid mounting losses for decentralized finance projects, but those fears have grown just as intense on Wall Street, according to Digital Asset co-founder and CEO Yuval Rooz.
Even before Kelp DAO’s $290 million hack rattled confidence in DeFi last month, Rooz told Decrypt that the team behind Canton—a public, permissioned blockchain—had fielded questions from financial institutions about threats from the so-called Hermit Kingdom. North Korean hackers have stolen over $6 billion in crypto since 2017, per a report from TRM Labs.
“They have to make sure that bad actors cannot engage with their systems,” he said. “That’s what they’re responsible for from their fiduciary duty as a traditional organization.”
Because Canton allows participants to implement guardrails for subnets they create or digital assets they issue, Rooz is confident that North Korean-linked hacking groups would struggle to work within Canton’s ecosystem, despite their evolution from simple phishing attempts to months-long infiltration campaigns aimed at gaining privileged access to DeFi protocols.
Since the network debuted in 2024, crypto purists have chafed at Canton’s design, arguing that it’s not a “true” blockchain partly because participants can limit users’ control; however, allegations of centralization have cropped up recently within DeFi more broadly.
When Arbitrum’s 12-member security council moved to freeze $71 million in funds that Kelp DAO’s attackers had left exposed on the Ethereum layer-2 scaling network, for example, debate followed about whether the move compromised the fundamental, permissionless nature of DeFi.
“Nobody should say that that’s a bad thing,” Rooz said. “One of the things that, to me, is pretty interesting about DeFi is that people want all the freedom in the world with none of the risks.”
Rooz acknowledged that participants on Canton can create environments that mirror the unrestricted access of networks like Ethereum and Solana, but he wagered that safety parameters will be table stakes for most applications aimed at consumers.
For stablecoin issuers like Tether and Circle, Rooz said the dynamic is already on display.
After North Korean-linked attackers used the USDC issuer’s infrastructure to move funds, Circle said it wouldn’t lock down stablecoins without a court order. Tether, meanwhile, has worked with authorities to freeze funds allegedly connected to illicit finance.
Ultimately, the tension between absolute decentralization and safety shows no signs of abating. And in a world where a single exploit can wreak havoc, Rooz suggested that the ability to flip a switch on bad actors will shift from a controversial feature into a go-to standard.