Crypto has always sold openness as a virtue. In DeFi, it has also become an attack surface.
That tension is giving Canton Network’s guardrail model a sharper case. In a May 3 report by Decrypt, Digital Asset co-founder and CEO Yuval Rooz discussed questions from financial institutions about how to prevent malicious actors, including North Korean-linked hacking groups, from reaching on-chain systems. The concern follows the $290 million Kelp DAO hack and broader attacks on DeFi infrastructure.
For crypto purists, access controls can sound like a retreat from the ideals that made blockchains useful in the first place. For banks, asset managers and regulated issuers, they look more like the minimum condition for participation. A sanctioned wallet, compromised account or hostile counterparty is not just another market participant. It can be a compliance problem, an operational threat and a breach of duty.
Rooz’s point was direct: institutions have a responsibility to make sure bad actors cannot engage with their systems. Canton’s claim is that this does not require abandoning shared blockchain infrastructure. It requires giving applications and asset issuers a way to define access before something goes wrong.
Most public blockchains make openness the default. Anyone can interact with an application, asset or smart contract unless controls are added elsewhere. Canton starts from a different premise. It is a public network, but permissioning is defined application by application. An application provider can decide whether an application is permissioned or permissionless, with applications ranging from fully open to entirely private while still operating on an interoperable network.
Privacy is the other half of the argument. Canton is designed so transaction data is distributed on a need-to-know basis rather than broadcast across the whole network. Digital Asset’s documentation says that, unlike chains where all state and transactions are replicated to all validators, Canton distributes state and transactions only to the nodes or validators specified in the relevant smart contracts.
That makes Canton’s model more than a simple allowlist. It is a bet that financial markets need programmable boundaries: who can enter, who can see, and what each participant is allowed to do.
The caveat is important. Canton does not remove the need for security. Rooz emphasized that projects must choose to use these safeguards, and that Canton should not be viewed as a silver bullet for DeFi’s problems. Bad code, weak governance and poor operational discipline can still produce losses. Guardrails do something narrower, but potentially more valuable: they move access decisions before an attack, rather than after one.
That is where DeFi’s ideological argument becomes harder to sustain. Permissionless systems often reject access controls in principle, then rely on intervention when losses become large enough. The report noted that Arbitrum’s 12-member security council moved to freeze $71 million in funds left exposed by the Kelp DAO attackers, sparking debate over whether the move compromised DeFi’s permissionless character.
For purists, emergency freezes can look like centralization. For institutions, the inability to contain a known threat can look like negligence. The philosophical gap is wide. The practical gap may be narrowing.
Canton still has to prove that its model does not become too heavy. Guardrails can protect markets, but they can also become choke points. Too much permissioning could weaken the openness and composability that made crypto useful. The real test is whether Canton can offer control without turning shared infrastructure into a collection of isolated private systems.
That is why the current security debate matters. This is not only about stopping one class of hacker. It is about whether institutional blockchain infrastructure can preserve the advantages of shared settlement while allowing issuers, applications and market operators to manage access the way serious financial markets require.
Crypto’s next phase may not be a contest between open and closed systems. It may be a test of where each belongs.
Canton is betting on a configurable middle ground: open where access creates value, private where information matters, and restricted where risk demands it.
If that bet is right, guardrails will not look like a compromise with blockchain’s ideals. They will look like the price of bringing serious finance on-chain.
