Today’s top story:

Canton aims to position itself as the L1 for institutions, while critics argue it’s closer to a permissioned database than a blockchain.

In other news:

Google Quantum paper raises crypto security concerns
Resolv pledges full user redemptions after exploit
Aztec launches private smart contract L2
Plume pilots yield-bearing onchain payroll
Enterprises Are Finally Moving Their Businesses Onchain: RJ Catalan of Aligned [MEDIA PARTNER]

Read more below! But first, please give our sponsors some love; they make this newsletter possible.

Aligned is the Ethereum migration stack. One suite — rollups, wallets, interoperability, and ZK verification — for businesses building real financial products on Ethereum. Aligned token sale is coming soon, join the whitelist.

The most decentralised staking protocol just got a big upgrade.

Saturn One improves Rocket Pool's capital efficiency, helping node operators to stake with less ETH, while increasing capacity for liquid stakers. A withdrawal buffer boosts rETH price stability and enables faster exits, while MEGAPOOL validators reduce bond requirements and increase yield for operators.

The upgrade also introduces a fee switch for the RPL token, transforming it into an ETH-accrual token that captures protocol revenue instead of relying on inflationary rewards. Saturn One strengthens Rocket Pool’s decentralised staking model, improves economics for rETH holders, node operators, and RPL stakers, and lays the groundwork for future upgrades.

Now is the best time to stake your ETH with Rocket Pool.

Start here

We’re back! Here’s what you need to know in web3 today

📈 Markets in the Past 24 Hours

TICKER	VALUE	24H
Bitcoin	$68,185	2.23 %
Ethereum	$2,101.27	3.86 %
BNB	$616.51	1.34 %
XRP	$1.34	1.21 %
Solana	$83.03	0.72 %

Forwarded this newsletter? Subscribe for daily insights and curated news from The Defiant team, Monday-Saturday. It’s free.

Subscribe to Defiant Daily

🎬WATCH

The DeFi Exploit That Exposed a Bigger Problem

In this episode of The Defiant Podcast, Cami sits down with Omer Goldberg, founder of Chaos Labs.

A new DeFi exploit triggered millions in losses, but the deeper story is about risk. Goldberg explains how the attack unfolded, why the damage spread across lending markets, what vault curators got wrong, and whether DeFi is truly ready for mainstream adoption.

Watch the full interview:

Today’s Big Story

Canton Is Permissioned. Own It.

Crypto Twitter is having an entertaining food fight in the past couple of days.

Here's the short version: Digital Asset's Canton Network has been making the rounds at conferences, positioning itself as the infrastructure layer for institutions coming onchain and making the case that public blockchains like Ethereum and Solana are not fit for these markets.

The public chain crowd pushed back, hard. Rebecca Rettig, chief legal officer at Jito Labs, fired the opening shot. Another OG crypto lawyer, Gabriel Shapiro, piled on with a detailed technical brief. StarkWare’s Eli Ben-Sasson weighed in. ZKsync's founder wrote a 218K-view thread. The Canton team called the critics bag-holders and doubled down on their claims.

The permissioning question is settled

My take is that Canton is a permissioned network, and it shouldn’t be a matter of debate.

I interviewed Digital Asset CEO Yuval Rooz for The Defiant podcast recently, and while he refused to say “Canton is permissioned,” his answer made it clear. He walked me through how becoming a super validator works: you submit a business proposal to the existing validator set explaining the value you'd bring to the ecosystem, and if you get a two-thirds vote, you're in. He framed this as superior to Ethereum's 32 ETH barrier because it's based on merit, not money.

It’s an interesting philosophical argument. But it doesn't change the fact that admission is controlled by a governance committee of incumbent institutions. That is the definition of permissioned. The documentation confirms it: Synchronizer membership is set by Synchronizer owners via topology transactions, and Synchronizer owners likely have "legal contracts in place to manage the relationship with third-party" nodes.

The frustrating part isn't that Canton is permissioned. Permissioned systems exist, they serve real purposes, and there's a legitimate argument that regulated financial markets require some degree of access control. The frustrating part is that Canton's own team keeps claiming otherwise. This week, Canton's Emmett posted that Canton, Solana, and Ethereum share "the same permissionless properties."

That's just not true, and as kaereste.eth on X said: if you're dishonest about such an obvious, straightforward fact, why should anyone trust you on the more nuanced stuff?

Own what you built. It's more defensible than the alternative.

On privacy: the ZKP argument doesn't hold

Canton's other main differentiator is its privacy model. The argument, made by Digital Asset co-founder Shaul Kfir, is that zero-knowledge proofs are too risky for institutional finance because ZKP implementations can have bugs, those bugs could go undetected because the underlying data is private, and undetected bugs in critical financial infrastructure create systemic risk.

I don't buy it. In ZK, you can cryptographically prove information. In Canton’s “need-to-know” model, you’re trusting the issuer.

ZKsync's Alex Gluchowski, who wrote a careful response. He said Kfir's argument contains a hidden assumption that the technology is your only line of defense. The logic reads: "Technology X can fail, therefore Technology X cannot be used in mission-critical systems." By that standard, we wouldn't have aviation, nuclear power, or robotic surgery. All of these run on software that can fail catastrophically. They survive through redundancy and containment, with multiple independent verification layers, so that when one fails, others catch it.

ZKPs actually provide exactly that: a cryptographic verification layer independent of the trust assumptions baked into operator behavior. Canton's model, by contrast, relies on trusted operators segregating data between participants. If that trust is misplaced, there's no fallback.

More broadly: if "there could be bugs" disqualifies a technology, no technology qualifies. We don't set that bar for anything else.

Tons of activity, but unverifiable

Canton's defenders point to Broadridge DLR as proof of traction: thet said one of Canton's apps processes roughly 5-10% of global repo turnover on a given day. That's genuinely a feat and proof there are use cases for Canton’s model.

But it’s also worth noting that when critic Omid Malekan asked for verifiable evidence of economic activity ("if Canton halts tomorrow, what breaks?") the Canton team's response was revealing: that's just one app that has chosen to disclose its data, with others "opting to remain private."

L2Beat’s Bartek Kiepuszewski nailed the implication: a system where economic activity is self-reported and unverifiable is a system where the numbers cannot be independently audited. More like a private database than a blockchain.

The bottom line

None of this means Canton is worthless. Real money is moving through Broadridge's repo infrastructure. JPMorgan has committed real resources. DTCC is tokenizing stocks there. These are not trivial facts.

But there's a version of Canton that owns what it is: a permissioned, privacy-preserving settlement layer designed specifically for regulated financial institutions, with real trade-offs that are worth making for that use case. And there’s the version that claims to be something it isn't while allegedly issuing veiled threats against critics.

The institutions Canton is courting are sophisticated enough to understand what they're buying. Canton should be confident enough to be more direct about what it’s selling.

With love,

Cami, The Defiant founder