Canton network guardrails pitched as a remedy to North Korea-linked crypto hacks amid DeFi security debates

•

North Korean-linked hacking groups are raising concerns across both the decentralized finance (DeFi) sector and traditional finance, according to Digital Asset co-founder and CEO Yuval Rooz, as losses for crypto projects mount.

Even before Kelp DAO’s reported $290 million hack rattled confidence in DeFi last month, Rooz said the team behind Canton—a public, permissioned blockchain—had received questions from financial institutions about threats associated with the “Hermit Kingdom.” A TRM Labs report cited in the interview says North Korean hackers have stolen more than $6 billion in crypto since 2017.

Cause: Growing scrutiny over cyber threats

Rooz said organizations have a responsibility to prevent bad actors from interacting with their systems, framing it as a fiduciary duty for traditional entities.

“They have to make sure that bad actors cannot engage with their systems,” Rooz said. “That’s what they’re responsible for from their fiduciary duty as a traditional organization.”

Development: Canton’s guardrails and access controls

Rooz argued that because Canton allows participants to implement guardrails for subnets they create or digital assets they issue, North Korean-linked hacking groups would face difficulty operating within Canton’s ecosystem. He noted that these groups have evolved from earlier phishing attempts into months-long infiltration campaigns designed to gain privileged access to DeFi protocols.

While Canton launched in 2024, crypto purists have criticized its design, arguing it is not a “true” blockchain because participants can limit users’ control. Rooz said allegations of centralization have also surfaced more broadly within DeFi.

Data and related DeFi debate

Rooz pointed to a recent example involving Arbitrum’s security council. He said the council’s 12-member group moved to freeze $71 million in funds that Kelp DAO’s attackers had left exposed on the Ethereum layer-2 scaling network, prompting debate about whether such actions undermine DeFi’s permissionless nature.

Freedom versus risk

Rooz said the issue should not be framed as inherently negative. He emphasized a core tension in DeFi: users want maximum freedom while minimizing risk.

“Nobody should say that that’s a bad thing,” Rooz said. “One of the things that, to me, is pretty interesting about DeFi is that people want all the freedom in the world with none of the risks.”

Impact: Stablecoin issuers already face the trade-off

Rooz said the balance between decentralization and safety is already visible for stablecoin issuers such as Tether and Circle.

He said that after North Korean-linked attackers used USDC issuer infrastructure to move funds, Circle stated it would not lock down stablecoins without a court order. Tether, meanwhile, has worked with authorities to freeze funds allegedly connected to illicit finance.

Analysis: Safety controls may become standard

Rooz acknowledged that Canton participants can create environments that resemble the unrestricted access of networks like Ethereum and Solana. However, he suggested that safety parameters will become standard for many consumer-focused applications.

He concluded that the tension between absolute decentralization and safety is unlikely to fade, and that the ability to restrict bad actors—once controversial—may become a go-to feature as the industry continues to face the consequences of high-impact exploits.