With losses in decentralized finance (DeFi) projects escalating due to North Korean-linked hacking groups, concerns have spread from the cryptosphere to Wall Street, as noted by Digital Asset co-founder and CEO Yuval Rooz. Even before Kelp DAO’s $290 million hack unsettled DeFi last month, Rooz disclosed to Decrypt that financial institutions were inquiring about threats from North Korea. According to TRM Labs, North Korean hackers have pilfered over $6 billion in cryptocurrencies since 2017.
“They must ensure that malicious entities cannot interact with their systems,” Rooz stated, emphasizing the fiduciary responsibilities of traditional organizations.
Rooz is confident that Canton—a public, permissioned blockchain—can effectively thwart North Korean-linked hackers due to its ability for participants to enforce guardrails in subnets and issued digital assets. This confidence persists despite DeFi attackers evolving from basic phishing schemes to extensive infiltration campaigns aimed at gaining protocol access over months.
Since its launch in 2024, Canton has faced criticism from crypto purists who argue it isn’t a “true” blockchain due to its user control limitations. Nonetheless, recent centralization concerns have surfaced within the broader DeFi sector.
The Arbitrum security council’s decision to freeze $71 million left exposed by Kelp DAO’s attackers on Ethereum’s layer-2 network sparked debates about whether this action undermined DeFi’s permissionless principles. Rooz countered that such measures are not negative, highlighting a desire for freedom without associated risks in DeFi.
While Canton users can replicate the open access of networks like Ethereum and Solana, Rooz predicts safety features will become standard for consumer-focused applications. He stressed that projects must opt into these safeguards, cautioning against viewing Canton as a universal solution to DeFi challenges. The ability to control access remains a crucial appeal for institutional adoption.
For stablecoin issuers such as Tether and Circle, this dynamic is evident. Following an incident where North Korean-linked attackers exploited USDC’s infrastructure, Circle stated it would not freeze stablecoins without legal authorization. Conversely, Tether collaborated with authorities to immobilize funds linked to illicit activities.
The ongoing debate between complete decentralization and security shows no signs of resolution. Rooz suggested that the capability to isolate malicious actors might transition from a contentious feature into an industry norm.