Autor Cointelegraph by Yohan Yun

Decentralized finance (DeFi) protocols are stepping in to freeze stolen funds while centralized issuers face criticism for holding back.A recent intervention on Arbitrum saw attacker-linked assets frozen after a major exploit, while some stablecoin issuers, including Circle, have faced public backlash for slower or more limited responses in similar situations.Connor Howe, CEO and co-founder of cross-chain infrastructure project Enso, said that crypto protocols are not that different from centralized platforms or banks if a small group of people can freeze funds.“The differentiation from a bank compliance officer is less than DeFi idealists will ever admit,” Howe told Cointelegraph.The debate isn’t the usual kerfuffle between decentralization and centralization, but about who gets to intervene and how quickly they can act. In practice, it can determine whether stolen funds are stopped or slip through.Crypto community divided on Arbitrum’s decision to freeze stolen funds. Source: Joe HallThe limits of decentralization in DeFiTo put it simply, the industry is split on whether protocols that call themselves decentralized should be able to freeze funds during exploits.Protocols like THORChain said they cannot freeze funds by design, even during exploits. Security researchers have questioned that claim, pointing to past cases where intervention did happen.THORChain founder’s defense against the security community. Source: JP ThorbjornsenRelated: Crypto projects shut down as token models fail under pressureBernardo Bilotta, CEO of stablecoin infrastructure platform Stables, said the function is necessary but must operate within clear constraints.“Freeze capabilities need to be narrowly scoped, time-limited and governed by transparent criteria that existed before the breach occurred,” Bilotta told Cointelegraph. “A protocol shouldn’t be making up the rules while the house is on fire.”Bilotta characterized choosing “philosophical purity” over user protection as “negligence.”The recent $293 million Kelp DAO exploit brought those discussions back into the spotlight as Arbitrum froze some of the stolen funds linked to suspected North Korean hackers. Some in the industry said the decision cut against DeFi’s grain.The Ethereum layer-2 network has a 12-member security council with the ability to carry out certain changes to the protocol. In emergency situations, it can do so through nine of the 12 in its multisig wallet.Arbitrum security council members are voted on by the network’s decentralized autonomous organization. Source: ArbitrumHowe said that transparency in how such security councils operate can still separate DeFi platforms from traditional finance or their centralized counterparts.“That’s notably different from a TradFi institution that invokes discretionary powers buried in their terms of service and guarded by their legal team,” Howe said.“There should be transparency in every protocol around who holds the keys, and the safeguards in place to prevent them from going rogue. If there’s no clear distinction, then it’s a vague claim of decentralization.”Centralized issuers face different constraintsCentralized stablecoins are among the most-traded cryptocurrencies in the world. Tether’s USDt and Circle’s USDC are the largest, accounting for more than $266 billion in combined market capitalization.Both issuers have the ability to freeze their stablecoins, but they approach that function differently.While Tether freezes funds more quickly in most security breaches, Circle emphasizes legal process and jurisdiction before intervening, “Let me be clear about something that is frequently misunderstood: when Circle freezes USDC, it is not because we have decided, unilaterally or arbitrarily, that someone’s assets should be taken from them,” Dante Disparte, the company’s head of global policy, wrote in a recent blog post.“Our ability to freeze funds is a compliance obligation — exercised only when we are legally compelled by an appropriate authority, through lawful process,” he continued.Circle was pushed to explain its stance after the recent $280 million exploit on Solana-based Drift protocol, also attributed to North Korea.Circle’s explanation did not cut it for security experts demanding answers. Source: ZachXBTRelated: Ethereum’s EEZ could pull other blockchains into its orbitBilotta said waiting for formal legal orders in cases with clear, onchain evidence of an exploit is a “failure of responsibility.”Who decides what counts as “extreme”Large-scale exploits, including those linked to North Korean actors, have pushed the industry into situations most would consider extreme, where hundreds of millions can be drained and laundered in real time.Such cases raise the question of who defines what qualifies as “extreme” and when intervention is justified.“This is the question the industry has been ducking the longest,” said Wish Wu, CEO of institution-focused layer-1 Pharos.“In practice, ‘extreme’ is too often defined after the fact by whoever holds the keys, which is exactly the failure mode decentralization was meant to avoid,” he added.Wu said the more credible approach is to define those conditions in advance and encode them into governance, even if that means accepting that some edge cases fall outside those rules.“Can a small, identifiable group move user funds before users have a fair chance to exit?” Wu asked.“If the answer is yes, then whatever the marketing says, the system is custodial in substance. If the answer is no, only then are we in an honest conversation about which governance and safety tradeoffs make sense for different use cases.”Below that line, decentralization loses its substantive meaning, he added.Magazine: AI-driven hacks could kill DeFi — unless projects act nowCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

A wave of crypto shutdowns is unfolding across the industry this year, hitting projects from trading platforms to analytics tools.April was no exception, as decentralized email service Dmail said it is shutting down due to high infrastructure costs, failed fundraising and weak token utility.“In prior cycles, projects could extend runway through new issuance or venture support,” Roshan Dharia, a restructuring advisor and CEO of crypto holding company Echo Base, told Cointelegraph.“That path is largely closed, so losses are being recognized earlier, and outcomes are more often wind downs than recoveries,” he said.Crypto built a fast way to raise capital through tokens, but still lacks a framework to unwind it when things go wrong, making it difficult to reorganize claims or coordinate stakeholders once conditions deteriorate.Dmail’s token market cap fell below $1 million in November. Source: CoinGeckoToken funding falters as projects unwindAs market conditions have tightened in recent months, projects are drifting into slow declines instead of the abrupt collapses seen in past crypto downturns. Projects are deteriorating over time as user activity declines, treasuries weaken and funding options narrow.“You see this in cases like Tally and Step Finance, where there is no single failure point, just a steady decline in treasury value and user activity that compresses optionality over time,” said Dharia.DAO tooling platform Tally said it was winding down after concluding the market for governance tooling had yet to develop at scale, while Step Finance moved to shut down after a hack, saying efforts to secure financing or a sale failed to produce a viable outcome.Step Finance suffered a $40 million security breach in January. Source: Step FinanceRelated: Ethereum’s EEZ could pull other blockchains into its orbitSome breakdowns still follow more familiar patterns. BlockFills filed for bankruptcy in March after freezing withdrawals. Its creditor, Dominion Capital, alleged in a lawsuit that the firm commingled customer assets to cover company losses.Tokens once offered a fallback, allowing teams to raise capital or subsidize growth, but that mechanism is no longer as reliable, Dharia said. He added:Earlier cycles treated tokens as a primary funding mechanism with an implied alignment between users, holders and operators. That alignment has proven fragile in stressed scenarios, particularly where token holders lack defined rights or recourse.”Some are starting to treat tokens as claims that may need to be consolidated or reworked. In March, Across Protocol proposed a token-to-equity buyout. Risk Labs, the team behind Across, said the token and decentralized autonomous organization (DAO) structure limited its ability to close deals with enterprises and institutions.Crypto lacks a playbook for restructuringUnlike traditional companies, most crypto projects lack a clear path to restructure once conditions deteriorate. Corporate bankruptcies provide mechanisms to pause obligations, renegotiate with creditors and reorganize capital structures. In crypto, such avenues are often missing or poorly defined.Each month in 2026 had a crypto project announcing shutdowns. Source: Stacy MuurRelated: Prediction market battle gets closer to Supreme CourtCrypto projects often operate through a mix of foundations, offshore entities and token-based communities, with no unified legal structure governing liabilities. In restructuring, token holders typically have no formal claims on assets or cash flows.That limits what they can do under pressure. Projects are often left choosing between raising new capital on worse terms or shutting down without a clear hierarchy of claims or a way to bind stakeholders to an outcome, entirely.“Most projects do not have access to formal restructuring tools, and their stakeholder base is fragmented across token holders, equity investors, and users with no clear hierarchy or enforcement mechanism,” said Dharia. “That makes it difficult to recapitalize, restructure obligations, or run a controlled process to preserve value. In that environment, once liquidity tightens, outcomes tend to default to wind downs or distressed asset sales rather than coordinated recoveries,” he said.Limited recovery paths in token-based systemsTokens made it easier and more accessible for crypto companies to raise capital and scale quickly, but offer limited support once conditions deteriorate.Dharia said the current wave of shutdowns is driven by tighter capital availability and structurally weak balance sheets. Many projects entered the bear market with treasuries heavily concentrated in their own tokens or correlated assets. As prices fell, the runway contracted.“At the same time, funding channels have narrowed, with more selective venture deployment, weaker token issuance and thinner secondary liquidity limiting both exit and financing options,” Dharia added.So far this year, projects have more often wound down quietly than attempted formal restructuring. Without clear frameworks to reorganize claims or coordinate stakeholders, recovery paths remain limited.Some projects have begun exploring ways to consolidate ownership and introduce more formal structures, suggesting parts of the market are starting to adapt after running into the limits of token and decentralized governance models.Magazine: AI-driven hacks could kill DeFi — unless projects act nowCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

Kelp DAO suffered a $292 million hack on Saturday, overtaking Drift as the largest crypto exploit of the year so far. North Korea-linked hackers are suspected to be behind the attack.Kelp DAO said Monday that the exploit stemmed from a failure of cross-chain messaging protocol LayerZero’s infrastructure. LayerZero said the breach was enabled by Kelp DAO’s use of a single verifier configuration to approve cross-chain messages.LayerZero said that “preliminary indicators” attributed the exploit to TraderTraitor, a subgroup of North Korea’s state-backed hacking unit known as Lazarus Group. Blockchain investigator Tanuki42’s findings also found ties to TraderTraitor. Tanuki42 said Tuesday that funds stolen from the Kelp DAO incident have commingled with previous exploits linked to the same group.While North Korea’s cyber activity targeting decentralized finance platforms has accelerated in April, its tactics also pose a threat to companies and end users.Funds from the Kelp DAO exploit have commingled with wallets linked to the $1.4 billion Bybit hack in February 2025. Source: Tanuki42North Korea’s crypto schemes back in focusThe April Fools’ Day exploit on decentralized exchange Drift totaled $285 million, bringing suspected North Korea-linked crypto theft to at least $578 million across major incidents throughout the month.The two attacks are the largest crypto heists attributed to North Korean actors since the Bybit hack.By now, the crypto industry has caught on that DPRK-linked operatives pose as IT developers to secure remote jobs at tech companies. Security researchers and the United Nations say that this tactic generates millions of dollars to support North Korea’s weapons programs.Weak background checks allow North Korean IT workers to secure remote gigs. Source: Tanuki42Related: North Korean cyber spies are no longer just remote threatsIn March, the US Treasury Department sanctioned six individuals and two entities for their alleged roles in North Korean IT worker fraud schemes. The FBI also issued guidance in June, recommending that employers verify candidates’ professional history and require in-person meetings.However, the Drift exploit suggests Pyongyang’s cyber operatives are adapting. The DeFi platform said its contributors were approached in person by individuals posing as a quant trading firm at a major crypto conference in November. The attackers continued to communicate and build trust ahead of the breach.Smaller-scale attacks have continued in parallel. Crypto wallet provider Zerion said DPRK-linked actors used AI-assisted social engineering to steal about $100,000 in a separate incident.North Korea rarely responds to such accusations, though its foreign ministry issued a statement in May 2020 denying involvement in cyberattacks and accusing the United States of attempting to tarnish its image.Retail crypto scams surge as DPRK tactics spill overThe Federal Bureau of Investigation (FBI) reported a 21% increase in crypto-related crime complaints in its 2025 Internet Crime Complaint Center (IC3) report. The FBI launched IC3 in 2000 as a portal for victims in the US to report online fraud.Cryptocurrency cases were linked to 181,565 complaints in 2025, resulting in $11.37 billion in losses, more than half of the total.Investors aged 60 and above reported the most complaints involving crypto in 2025. Source: FBIRelated: North Korean spy slips up, reveals ties in fake job interviewOlder Americans aged 60 and above filed the highest number of crypto-related complaints. Investment scams were the largest category, generating 61,559 complaints, including 13,685 from people 60 and older.That doesn’t mean the retail sector is untouched by suspected North Korean operations. An investigation published last November found that DPRK-linked operatives also recruit individuals to support remote IT worker schemes.Throughout 2025, Heiner García, a cyberthreat intelligence expert at Telefónica, came into contact with a suspected North Korean operative.García previously told Cointelegraph that the individual attempted to use him as a proxy to bypass VPN restrictions set by freelancing platforms. The tactic involves using a victim’s device in a local jurisdiction by installing remote access software such as AnyDesk.In August 2024, the US Department of Justice arrested Matthew Isaac Knoot for running a “laptop farm” that allowed DPRK IT workers to appear as US-based employees using stolen identities. In July 2025, Christina Chapman was sentenced to more than eight years in prison for her role in helping North Korean IT workers earn more than $17 million.The tradeoff behind freezing funds stolen by suspected DPRK actorsA unique element of the Kelp DAO hack was the Arbitrum Security Council’s decision to freeze 30,766 ETH linked to the exploit.Crypto’s ethos is decentralization, yet responses to major hacks continue to divide the industry. Some projects lean toward minimal intervention, even as security experts call for action, leaving little consensus on when it is appropriate to step in.USDC issuer Circle faced criticism from industry participants for its inaction in the Drift hack. Source: James SeyffartLedger CTO Charles Guillemet said on Tuesday that the outcome was “probably” good, but not a comfortable one. Freezing the funds likely prevented further losses. The discomfort comes from what the action makes explicit.The Arbitrum Security Council did not exploit a bug or discover a backdoor. It exercised its intended authority to override the state. That authority exists by design and sits in tension with the idea of credibly neutral infrastructure. In practice, assets on today’s rollups can still be affected by governance decisions under certain conditions.Guillemet ties that tradeoff to the threat environment. The Kelp DAO exploit did not rely on a novel smart contract bug. It exposed weaknesses in infrastructure and configuration, showing how attacks are moving beyond code into the systems that support it.At the same time, North Korea-linked groups have evolved into well-resourced, persistent adversaries capable of probing those systems across multiple fronts.That leaves the industry split between accepting intervention or accepting losses that cannot be undone.Magazine: Adam Back says current demand is ‘almost’ enough to send Bitcoin to $1MCointelegraph Features publishes long-form journalism, analysis, and narrative reporting produced by Cointelegraph’s in-house editorial team with subject-matter expertise. All articles are edited and reviewed by Cointelegraph editors in line with our editorial standards. Research or perspective in this article does not reflect the views of Cointelegraph as a company unless explicitly stated. Content published in Features does not constitute financial, legal, or investment advice. Readers should conduct their own research and consult qualified professionals where appropriate. Cointelegraph maintains full editorial independence. The selection, commissioning, and publication of Features and Magazine content are not influenced by advertisers, partners, or commercial relationships. This content is produced in accordance with Cointelegraph’s Editorial Policy.

Banks are moving onchain through competing models that take different approaches to how financial rules are enforced.On the one hand are blockchain-native builders like Matter Labs co-founder Alex Gluchowski, who argue that financial systems require rules to be enforced across all participants. On the other are institution-led networks like Canton, which prioritize privacy, control and interoperability over global state.Gluchowski is among the most vocal critics of the latter approach, arguing it reproduces the limitations of traditional finance in a new form. The core of the critique is whether rules can be enforced across an entire network. That’s not possible in systems like Canton, he claimed.“But they are possible with blockchains — specifically with zero-knowledge systems anchored to public blockchains like Ethereum, which is an environment all parties can trust because it cannot be captured by any single corporate interest,” Gluchowski told Cointelegraph.Crypto’s institutional adoption is bringing banks and financial institutions onchain, but it’s also splitting the industry along a deeper fault line than geography or regulation.Canton rose into the top 21 cryptocurrencies despite criticism from decentralization purists. Source: CoinGeckoWhat counts as a blockchain?Canton has gained traction by targeting privacy and regulatory requirements, connecting banks and asset managers through a network where transactions are shared only with relevant counterparties rather than broadcast system-wide. The network includes institutional participants such as JPMorgan and Goldman Sachs.Whether Canton counts as a blockchain depends on how the term is defined and what properties it is expected to guarantee.For Gluchowski, a blockchain’s core feature is a single shared ledger that allows rules to be enforced across all participants at once. He claimed Canton does not qualify. The network connects institutions through bilateral or trilateral relationships, where each party sees and verifies the transactions it is directly involved in. “Before blockchains, banks had to enter bilateral relationships and define how they handle edge cases through contracts and API interactions,” Gluchowski said. “It’s just taking these existing relationships and workflows and putting them into a tokenized form.”Gluchowski said Canton’s model limits what the system can guarantee. While participants can verify the transactions they are directly involved in, they cannot independently verify system-wide properties such as total asset supply or other rules that apply across all users. He added that those kinds of guarantees require a shared state that everyone can check.Digital Asset co-founder details how Canton differs from legacy systems in practice. Source: Shaul KfirRelated: Privacy tools are rising behind institutional adoption, says ZKsync dev “[Gluchowski] is correct that Canton does not have a global shared state, but he is incorrect in implying that this negatively affects Canton’s trust model,” Shaul Kfir, co-founder of Digital Asset, responded through a statement shared with Cointelegraph.“In Canton, as in all other blockchains, I only trust my own validator and assume anyone else can be malicious. This ‘don’t trust, verify’ approach is very different from a distributed API system,” Kfir added.In Canton’s model, trust does not come from a single system-wide view, but from each party independently checking the transactions it is involved in.Network rules clash with issuer controlFollowing the conversation with Cointelegraph, Gluchowski took part in a live debate with another Digital Asset co-founder, Yuval Rooz. He reiterated his argument that financial rules must be enforced across an entire network in a blockchain network.Rooz countered that system-wide enforcement doesn’t eliminate reliance on trusted parties, as public blockchain users still depend on token issuers. Rooz pointed to hacks that involved assets like USDC to argue that issuers remain the key enforcement mechanism.The industry has repeatedly called for Circle to freeze stolen funds before illicit actors trade them for decentralized assets. Source: ZachXBTRelated: Instant settlement strains crypto’s capital efficiency: Ethan Buchman“Actually, we would have been happier — as we’ve seen a lot of the crypto space saying if the centralized issuer were to intervene sooner rather than allowing these assets being traded and swapped into permissionless assets where then they can no longer interfere,” Rooz said.“On Canton, no different than any other public chain, the issuer is centralized in real world assets, and they have different properties or similar properties to what they would have on public permissionless chains,” he added.Gluchowski argued that issuance limits can be embedded directly into smart contracts. He said that on networks like Ethereum, activity beyond a certain threshold can be restricted or require additional approval, rather than relying solely on the issuer’s infrastructure.“On Canton, you rely solely on the multisig. On Ethereum, you rely on smart contracts that are enforced by the network,” Gluchowski said.“It’s just absolutely not true,” Rooz replied.Kfir, whose statement was shared with Cointelegraph after the live debate, said that Gluchowski is “confusing the capabilities of Canton” with how it is used by centralized RWA issuers. “When there’s a centralized RWA issuer, e.g. a stablecoin issuer, you’re already trusting them with the ‘mint’ function, and you’re trusting them and their auditors that the amount onchain is backed by reserves off-chain,” Kfir said.Competing visions for bringing banks onchainCanton and Matter Labs are competing to solve the same problem of how institutional finance moves onchain. Matter Labs, the developer of ZKsync, is targeting institutional use cases with Prividium, a model that keeps transactions private while anchoring verification to Ethereum through zero-knowledge proofs.Kfir argued that systems like Prividium risk concentrating trust in a different place. In his view, users are no longer independently validating the relevant state, forcing them to reconcile their own records against what an operator reports happened onchain.“ZKsync relies on Prividium operators who create ZKPs, but ZKsync’s own open source client doesn’t verify these proofs,” he said. “And even if a user does verify, it doesn’t verify which smart contract logic is running. The user is completely at the mercy of the Prividium operator.”Gluchowski defended ZK technology in a February social media exchange with Rooz. Source: Alex GluchowskiRooz did concede one point during the debate, which is that Canton does not have public verifiability, while adding that there are plans to introduce it in the future.For now, the divide remains unresolved. Canton is built around privacy and institutional control, while ZKsync’s Prividium attempts to preserve those features while anchoring verification to a public network. Both claim to offer a viable path for bringing banks onchain, but they are built on fundamentally different assumptions about how financial systems should work.Magazine: Adam Back says current demand is ‘almost’ enough to send Bitcoin to $1MCointelegraph Features publishes long-form journalism, analysis, and narrative reporting produced by Cointelegraph’s in-house editorial team with subject-matter expertise. All articles are edited and reviewed by Cointelegraph editors in line with our editorial standards. Research or perspective in this article does not reflect the views of Cointelegraph as a company unless explicitly stated. Content published in Features does not constitute financial, legal, or investment advice. Readers should conduct their own research and consult qualified professionals where appropriate. Cointelegraph maintains full editorial independence. The selection, commissioning, and publication of Features and Magazine content are not influenced by advertisers, partners, or commercial relationships. This content is produced in accordance with Cointelegraph’s Editorial Policy.