North Korean-linked hacking groups are intensifying concerns not only across decentralized finance but also on Wall Street, where financial institutions are weighing their duty to keep state-sponsored actors out of critical systems. Against that backdrop, Digital Asset co-founder and CEO Yuval Rooz points to the Canton network—a public, permissioned blockchain—as an example of infrastructure designed with explicit guardrails to resist infiltration, a posture that has reignited long-running debates over decentralization after the $290 million Kelp DAO hack and subsequent fund-freeze on Arbitrum.

Technology Overview

Rooz said interest from traditional firms preceded the recent turmoil. Even before last month’s breach at Kelp DAO rattled confidence in DeFi, the team behind Canton had been fielding questions from banks and market institutions about the risks posed by North Korean-linked groups. A separate industry assessment has estimated that such actors have stolen over $6 billion in crypto since 2017, underscoring why large financial players are preoccupied with who can access their networks and how. In Rooz’s telling, those institutions view it as a fiduciary obligation to prevent bad actors from interacting with their systems.

Canton’s design is central to that conversation. Unlike fully open networks that default to permissionless access, Canton is structured as a public, permissioned blockchain that allows its participants to define policy at the level of subnets and issued assets. The approach is meant to let regulated entities participate on-chain while honoring rules about identity, access, and transaction controls. According to Rooz, that architecture aims to reduce the attack surface for adversaries that have evolved far beyond opportunistic phishing, and now mount patient, months-long campaigns to gain privileged access to protocols.

How It Works

At a practical level, Canton participants can implement guardrails for networks they spin up and for the digital assets they issue. These controls can include restrictions on who can transact, how data is shared, and under what conditions assets move. The model seeks to reconcile blockchain benefits—such as shared state and auditability—with the operational requirements of institutions that must vet participants and intervene when illicit activity is detected.

Rooz argues that such constraints make it substantially harder for North Korean-linked groups to exploit systems within the Canton ecosystem. Rather than assuming that every node and application must accept traffic from any source, Canton’s governance allows stakeholders to predefine who is inside the trust boundary and what they are permitted to do. In theory, that limits the reach and speed of a compromise because attackers cannot as easily propagate transactions or gain control over assets without being inside those predefined parameters.

Crucially, Rooz also acknowledges that Canton’s flexibility allows participants to configure environments that resemble the looser access of networks like Ethereum and Solana. The framework does not prohibit open designs; it simply makes stricter designs possible where necessary. That optionality is part of what has drawn attention from institutions while simultaneously sparking criticism from crypto purists.

Industry Impact

Since Canton debuted in 2024, skeptics have argued that any system allowing participants to limit user control undermines what makes a blockchain “true” to its origins. That critique—aimed at perceived centralization—has not been confined to permissioned platforms. It has also surfaced inside DeFi itself as crisis response measures become more visible.

The aftermath of the Kelp DAO exploit illustrates the point. When Arbitrum’s 12-member security council moved to freeze $71 million in funds that the attackers left on the Ethereum layer-2 network, the action prompted a familiar debate: does intervening to contain damage compromise permissionless ideals? Rooz’s view is that the step should not be condemned. He frames the tension as a mismatch between the desire for open-ended freedom and the realities of managing risk in systems that now secure billions of dollars in value.

Stablecoin issuers are navigating the same trade-off in front of a global audience. After North Korean-linked attackers moved funds over the USDC issuer’s infrastructure, Circle stated it would not lock down stablecoins without a court order. Tether, by contrast, has worked with authorities to freeze funds allegedly associated with illicit finance. The divergence highlights how policy choices at the protocol or issuer level can shape enforcement capabilities—and expectations—during active incidents.

From a Wall Street vantage point, these decisions are not abstract. Financial institutions are evaluating blockchains through the lens of compliance and operational continuity. If a network can constrain the blast radius of an exploit, restrict counterparties, and provide recourse when criminal activity is detected, it is more likely to satisfy internal risk committees and regulators. Rooz contends that this is precisely where Canton’s guardrail model is designed to operate, giving institutions the levers they need without abandoning shared ledger principles.

Future Implications

The rift between absolute decentralization and safety is unlikely to close soon. Open networks continue to power innovation and global participation, but the events surrounding Kelp DAO and the Arbitrum freeze have reinforced that some stakeholders will tolerate, and even expect, controlled interventions during emergencies. Rooz believes that the capacity to isolate, pause, or otherwise block bad actors—once viewed as anathema in crypto circles—will increasingly be treated as standard infrastructure.

If that prediction holds, more applications aimed at mainstream users could be built with safety parameters as table stakes rather than optional add-ons. In such a landscape, permissioned constructs like Canton’s subnets and asset-level rules may serve as templates for how institutions engage with on-chain markets. At the same time, the framework’s ability to support less-restrictive configurations means developers can still experiment with openness where the risk profile allows.

None of this eliminates the challenges of building resilient systems in the face of sophisticated, state-linked adversaries. What it does signal is a shift in priorities: as the financial consequences of a single exploit grow, demand rises for architectures that blend programmability with enforceable boundaries. The institutional questions that Rooz describes—who can participate, under what conditions, and with what recourse—are moving to the center of blockchain system design. For now, the contest between maximal decentralization and pragmatic guardrails remains unresolved, but the institutional market appears to be steering toward models that can “flip a switch” on bad actors when the stakes require it.