Canton Network's Guardrails Defend Against North Korean Hacking, Says Digital Asset CEO

Digital Asset co-founder and CEO Yuval Rooz told Decrypt that financial institutions are increasingly concerned about state-sponsored hacking threats, with Wall Street firms seeking solutions to prevent North Korean-linked bad actors from accessing their systems. The concerns intensified following the $290 million Kelp DAO hack, though institutions were already raising questions about the Hermit Kingdom before that incident occurred.

North Korean Hacking Threat and Scale

North Korean-linked hacking groups have stolen over $6 billion in crypto since 2017, according to a report from TRM Labs. These groups have evolved from simple phishing attempts to months-long infiltration campaigns designed to gain privileged access to decentralized finance protocols.

Canton’s Guardrail Solution

Canton, a public, permissioned blockchain that debuted in 2024, offers what Rooz believes is a defense against such attacks. The network allows participants to implement guardrails for subnets they create or digital assets they issue, enabling financial institutions to enforce security controls while maintaining blockchain functionality.

“They have to make sure that bad actors cannot engage with their systems,” Rooz said, referring to Wall Street firms’ fiduciary responsibilities. “That’s what they’re responsible for from their fiduciary duty as a traditional organization.”

Rooz expressed confidence that North Korean-linked hacking groups would struggle to operate within Canton’s ecosystem due to these built-in security parameters.

Centralization vs. Security Debate

Since Canton’s 2024 launch, crypto purists have criticized the network’s design, arguing that it is not a “true” blockchain because participants can limit user control. However, similar centralization debates have emerged across DeFi more broadly.

When Arbitrum’s 12-member security council froze $71 million in funds that Kelp DAO attackers had left exposed on the Ethereum layer-2 scaling network, the move sparked debate about whether it compromised DeFi’s permissionless nature.

Rooz defended such interventions: “Nobody should say that that’s a bad thing. One of the things that, to me, is pretty interesting about DeFi is that people want all the freedom in the world with none of the risks.”

Stablecoin Issuers and Real-World Application

Rooz acknowledged that Canton participants can create environments mirroring the unrestricted access of networks like Ethereum and Solana, but he predicted that safety parameters will become standard for most consumer-facing applications.

Stablecoin issuers already demonstrate this dynamic. After North Korean-linked attackers used USDC issuer Circle’s infrastructure to move funds, Circle stated it would not lock down stablecoins without a court order. Tether, meanwhile, has worked with authorities to freeze funds allegedly connected to illicit finance.

Decentralization-Security Tension

The fundamental tension between absolute decentralization and safety shows no signs of abating, according to Rooz. In an environment where a single exploit can cause significant damage, he suggested that the ability to restrict bad actors will eventually shift from a controversial feature into an industry standard.

FAQ

What is Canton network?

Canton is a public, permissioned blockchain that launched in 2024. It allows participants to implement guardrails for subnets they create or digital assets they issue, enabling financial institutions to enforce security controls while maintaining blockchain functionality.

How much crypto have North Korean hackers stolen?

According to TRM Labs, North Korean-linked hacking groups have stolen over $6 billion in crypto since 2017. Their tactics have evolved from simple phishing attempts to months-long infiltration campaigns targeting DeFi protocols.

Did Arbitrum’s security council do the right thing by freezing Kelp DAO attacker funds?

Yuval Rooz believes freezing the $71 million was justified, arguing that financial institutions have a fiduciary duty to prevent bad actors from accessing their systems. He contends that safety parameters are becoming necessary table stakes for applications serving consumers.