The Chopping Block: Is Canton a Real Blockchain? Ethereum’s Cypherpunk Dilemma, AI Security Chaos

Evgeny

I guess my most contrarian view on this is Ethereum foundation for the first time in its life is being ahead of a curve currently because it basically reads the room and it understands, okay, all those people who were in the cypherpunk values in the past, they have nowhere to turn anymore.

Tom

Not a dividend.

Tarun

It's a tale of two Kwan.

Aseeb

Now your losses are on someone else's balance sheet.

Tom

Generally speaking, airdrops are kind of pointless anyways.

Aseeb

Unnamed trading firms who are very involved. Alec Eth is the ultimate defi protocols are the antidote to this problem. Hello everybody. Welcome to Chopping Block. Every couple weeks the four of us get together and give the industry insider's perspective on the crypto topics of the day. So, quick intro. First we got Tom the defi maven and master of memes.

Tom

Hello everyone.

Aseeb

Next we've got Tarun, the Giga brain and Grand Poobah at Gauntlet.

Tarun

Yo.

Aseeb

And joining us again, we've got Evgeny, High frequency hustler and head honcho at Wintermute.

Evgeny

Hello.

Aseeb

And I am Aseeb, the head hype man at Dragonfly. We're early stage investors in crypto. But I want to caveat that nothing we say here is investment advice, legal advice or even life advice. Please see Chopping Blocks at XYZ for more disclosures. So there's been an increasing debate that's continued on since we had our previous show where we talked about the ef, about this kind of core crypto cypherpunk values versus the new normal of what is increasingly focused on adoption enterprises and the sort of grown up version of crypto. And a lot of this has really fixated on this debate waging between ZK Sync and Canton. So we are first caveat that we're investors in ZK Sync. They wrote a long thread basically targeting some of the claims that the Canton team has been making. Those of you who don't know what Canton is, Canton is there. They've had. They had another name before, I think before they were Canton, but basically they're an enterprise focused blockchain that is not. They're primarily focusing on banks and financial institutions and they allow you to deploy these somewhat private blockchains that they have. I'm going to butcher some of this, but basically they're primarily focused on institutions if you want to become a validator on Canton. So they have this one big Canton chain and to become a validator, you submit a business proposal to existing validators and you get 2/3 vote. They have individual Canton instances, I guess that are kind of permissioned enterprise databases. I don't actually, I might be butchering this. Does anyone correct me know a lot more detail about Canton? No, none of us are Canton.

Tarun

Well, the only thing I will say is the company that sort of later developed Canton has been around probably much longer than Ethereum Digital Asset or whatever. That's like 2013.

Aseeb

That's right, that's right. So they've been in the space for a long time targeting enterprise adoption. And Canton has clearly onboarded a lot of, of enterprises and financial institutions. But there's now a lot of debate about does Canton even count as a permissionless blockchain. So Canton has claimed that they are a permissionless blockchain. I think the understanding is that they're not permissionless in the sense that you would normally think of in that anybody can validate the chain, anybody can become a validator for the chain, and in some cases not even everybody can use the chain. So there. And of course, like the issuers of all the assets, they have complete control. There's no sense in which like, like usdc, anybody can hold usdc. That's not true for a Canton issued asset or you know, assets that are, that are issued on Canton by default. And so there's been a lot of back and forth from a lot of crypto OGs like MERT, like Ellie Ben Sasson from Starknet claiming that these things are not, they're not decentralized, they're not verifiable, they're not publicly verifiable and therefore they don't really qualify as blockchains. You know, Mert kind of making the same rough argument and other people saying like, hey, well, this is really about pragmatism. This is a different mechanism and, or a different modality of blockchains that are really going to fit more for financial institutions that don't want to change the core ways in which they operate and that's how they're going to be brought onto the blockchain revolution as opposed to, you know, maybe some of the more radical changes that you have to make in order to launch a product on Ethereum or on Solana. Now Evgeny, you have been a very vocal critic of where you feel like the industry has gone wrong and maybe Canton is even an embodiment of that counter revolution. And your claim is that no, the core cypherpunk values of crypto and of the original Ethereum white paper are the core value proposition of crypto. And why don't you elaborate and how you view the this whole Canton drama that's been taking place over the last couple weeks.

Evgeny

Yeah, no, it's. It's a lot to unpack. So I think starting with Canton, I think what Canton ultimately disrupts from my perspective is like not Solana, Ethereum, it basically disrupts well bunch of intermediaries in Threadfi. That's what they're aiming to effectively disrupt. And also think like important disclosure that we need to know about Cantonese. It was incubated, built like whatever you call it by drw, one of the largest prop trade firms in Tradfi. And I do think DRW still owns very significant amount of tokens from Canton still to this day. And so yeah, in terms of decentralization, in terms of ownership, it's definitely very concentrated at the moment. Does it work better for Tradfi? Yeah, I think so. Like for existing tradfi people, like it's basically just yeah, it's probably more efficient than existing like whatever settlement, rails T +1 or whatever that people transact stocks via prime brokers. It's more efficient but at the same time basically what the point Don makes and he's been pretty active recently on this like with how MEV is horrible, how everything is horrible like on Solana and Ethereum and been actually amazing to see Siri and Solana finally finding a common enemy for once. Actually never seen this before. I think it's quite interesting from that perspective. But yeah, his point is like MVV is just try to find institutions never going to function with mev. And to me it's a bit strange because okay, like the way like the transactions that are currently happening on Canton, at least from my understanding, and I might be wrong about this, but it's basically almost like peer to peer, like two counterparties agree on things and then basically transacting or transferring something on Canton and settling something on Canton and nobody can basically see it. And those kind of transactions are really possible on Ethereum or Solana. You can just use like RFQ platforms. Like nobody can really front run you. Like if you already pre bid a transaction off chain and then just sign that okay, it's already possible. Like Zaza's saying is, yeah, you can actually make it a lot more private is my understanding on Canton which is a benefit. But it's also like yeah, it's definitely not true that everything should go via MEV route on the blockchains that we know and love. So yeah, that I don't really get.

Aseeb

My understanding of Canton is that the state is not publicly visible. Right. So basically the validators know the state, but you cannot query an RPC node. And see, here's the, here's the total supply of this asset, or here's the holders of this asset, or this person moved this much from here to there. You can't see any of that on Canton. The validators can see it, but nobody else can see it. This is. And Canton has gone into this weird campaign of trying to malign ZK proofs or ZK generally as being buggy and, or just not reliable and something that institutions are not going to want to trust as a way of getting this kind of effective privacy. And so their claim is that, well, no, you really need a Canton like architecture for this. Which they're.

Evgeny

Honestly, I think they got like a memo that nobody knows Canton. And to be honest, I knew about Canton for like probably two and a half years now. At least two years. But yeah, nobody in crypto knew about Canton up until maybe six months ago. So maybe they got the memo and decided we just need to be more visible on Twitter so people know about us as well.

Tarun

They did launch a token, so I feel like that before that they didn't really have a token. So I feel like that's sort of the.

Aseeb

That helps people learn about you. That's definitely true. And it's like a top 50 token now. But it's, it's surprisingly thinly traded for how like it's. The token has done very, very well, but it also has very little circulating supply. It doesn't have great price discovery. So it's, it's kind of a weird asset. And it's, it's the, it's owned a lot by GRW and also by a lot of the private investors who are financial institutions because you have to buy a bunch of Canton to stake it to become a validator. And so it's, it's all quite, it's all quite odd. Tom, what's your take on Canton story?

Evgeny

Also mentioning about validators, like, is that you need other validators to approve it before it become validator or something like this.

Aseeb

Yes. But you also need stake. Correct? You also need stake. You also need stake. You also need stake.

Tom

It's funny, I feel like it's almost like, inspired by like, like the cme, which is probably what Don is familiar with. Right? Right. You can buy a C. You can borrow somebod. He's like, okay, I'm going to apply those same principles to a blockchain. Instead of a blockchain being like, no, there are no intermediaries. You don't have to buy a seat. It's not limited. And so he's trying to reverse apply these principles that he's familiar with to the design of the system. Look, I do think people are kind of talking past each other a little bit. Yes, Ethereum at its core is permissionless, but a lot of things that touch the real world are obviously not permissionless. If you're trading tokenized securities on chain, those are obviously not permissionless. USDC has a blacklist and they use it or Tether uses it more aggressively, but it is. Is used in that way. And so the question is, where does sort of the gating come in? Is it on the chain layer? Is it on the asset layer? Is it a whitelist or is it a blacklist or is it something else? Those feel kind of like what people are slicing up. And so I have a hard time saying that a, I don't know, tokenized piece of stock on Ethereum that is limited to a KYC whitelist is more permissionless than something on Canton. You sort of inverted the principles, but the sort of end result is still the same. I mean, I didn't know that about the.

Aseeb

No, no, no, no, no. I don't buy this. I don't buy this. I don't buy this. So, like, the difference is a very big difference, which is Default yes vs Default no. Right. Canton is default.

Tom

No, I'm talking about.

Aseeb

I'm talking about Canton is.

Tom

Yeah, this asset that I'm describing is a default. No, it's a whitelist. And that's exactly what we're talking about.

Aseeb

But the delta is that like, I can't even see it. I don't have access to it. I can't even get access to it.

Tom

That's what I was about to say. That's what I was about to say. Was that the thing that I don't. Yeah, maybe. And so I think that's the point

Tarun

I'm trying to get at, which, wow, getting shushed.

Tom

I think the comp would be like,

Aseeb

all right, Tom, you're moderating the rest of the show.

Tom

Yeah. Right. You can take a break. Go get some water.

Aseeb

Okay. All right.

Tom

I comp a little bit to like, you know, business source license really pisses off a lot of open source people, but it still accomplishes one of the goals of open source, which is like auditability, even if it doesn't accomplish some of the other goals. And Kando doesn't even feel like it does that. Like, I can forgive something like provenance, which is figures blockchain that they do for HELOC issuance. Because, hey, at least you can go see what's happening on chain. And it's sort of this looking at it through a piece of glass, but you can't actually touch it. This to your point. And it's not even like clever privacy. It's sort of like privacy through obscurity, which I think we've seen as almost always going to get broken or degrade at some point.

Aseeb

It also just feels to me like I don't totally understand the mechanics here. Evgeny, maybe you understand them better than I do of what roles Canton is playing in this story. From my perspective, it's really just a ledger, right? If you're issuing some bonds or some repo or whatever it is that you're doing on Canton, you have to have some internal accounting of what's going on on Canton. And your internal accounting, you could say, okay, well, we're going to match whatever Canton says. Or more likely, Canton is going to match whatever we say about what's the state of play between us and our counterparty or whatever it is. And the ability to affect a transaction on a weekend or past market close or whatever is really just your willingness to do that. There's nothing stopping you from saying, well, our Canton instance doesn't allow transfers after 6pm on Fridays. And so if you're deciding, yeah, we're also going to allow settlement on weekends, that's a decision you made. And you could have had your own internal ledger that was doing that before. And so like that. That said, I don't totally understand what is the restriction from a financial institution marking its own books or its own internal ledger on a weekend. But these kinds of things feel to me always a little bit magical where it's like, okay, there's some internal willingness from these organizations or financial institutions to start settling at hours or at times or with counterparties with whom they would not otherwise be settling. But it's kind of like, well, you have to build your back end to connect up to whatever Canton is representing. Because obviously, Canton, there's no bearer assets on Canton, right? It's not like, okay, well, Canton says this, therefore I now own this. So I don't know, can you help disentangle this for me, or am I just confused here?

Evgeny

I mean, starting with bearer assets, that part I actually don't know. I don't know how legally it works with Canton. Is everything just being broadcasted there and actually could settle somewhere else, or is it actually legally settled there? And that actually, if Somebody goes to court, they can say, okay, I had this on Canton. So it's true. I don't know how it actually works on the legal side of things, which is probably the more interesting aspect of it, which nobody really talks about. As for weekends, et cetera, you can basically say that Canton is a glorified database if you're a hater. But ultimately blockchains are better than databases because of that, because they can run, like, without anyone supporting them, without anyone, I don't know, sitting there on the weekends and, like, moving one thing into another, clicking buttons to approve. So from that perspective, it's better, I guess, than whatever CME is operating on. But that's pretty much it. Like, it doesn't have any. I guess it doesn't have, like, any other important aspects of blockchains that we appreciate, especially from our build too.

Aseeb

Yeah. So I suppose at the end of the day, if you already know the set of counterparties with whom you want to interact, then Canton is a sufficient solution. Because if you're Goldman and you already know who all your clients are and you can get them all on your Canton instance or on Canton mainnet or whatever it's called, great. You're kind of in a closed loop anyway. You didn't really need the openness that a public blockchain would demand. The story for public blockchains has always been that actually there's more counterparties than you know of, that the world is a big place, the market is bigger than you can imagine, and actually that the blockchain itself expands the market in some important and meaningful way. Right. Like the people who are using stablecoins are all people that we didn't know they would be using stablecoins. They were as kind of surprise. Who are the people who are using stablecoins? There's no business that would have been able to source all these customers, even at institutional scale. Right. Even there's these very, very large organizations that are holding stablecoins. Circle would never have been able to find these customers if it had not been for the fact that the blockchain itself is open and permissionless and available for anybody to just spin up a thing and say, great, I'm going to go buy some usdc. And I think this is in large part also true for even closed assets or KYC'd assets. Even if you have a tokenized security, anybody can go in kyc. They just use some whatever, identity provider. And obviously there are some countries that are disallowed. But if you are anybody that can pass Any of the allowed KYCs, you can get access to it. Right. And obviously most people have an identity and have a. You know, most people are not criminal masterminds that would not be allowed to own a security. So I think the story here is one of blockchains are not just about, like, public blockchains. The story is not really that, oh, it's like a great database and a way for us to like, agree on state. It's actually really easy for people who want to work together to agree on state. The thing about it is the fact that it's open and makes you available to users and counterparties that you would never have otherwise been able to meet. And that's kind of what the Internet story is as well, right? Is that, like, anybody can come to your website, even if they would never have come to your storefront. I don't know. I feel like that's a story that we don't tell very often. But to me, that feels like the essence of what makes blockchains different.

Evgeny

Yeah, it's two aspects, right? One is this, like, yeah, you just open it for everyone. And I don't think that's what Canton is about. And the second was about efficiency. Like, okay, you can sell way more books over the Internet than people working at your store. So I think Canton is much more about this efficiency bit that basically, okay, we're just going to disintermediate CME and custodians and whatever, everyone.

Aseeb

Right? Right.

Tom

Yeah, I think a little bit like, I don't know if you watch that show the Rehearsal with Nathan Fielder, but in the second season, does this thing with pilots where he gets the pilots to. They have some point of view, but they don't feel comfortable sharing. But then he gets them to role play and be like, well, you're actually the type of pilot that enjoys sharing their feelings. And then they open up and they talk about their feelings and they do things that they could have always done, obviously, but just wouldn't otherwise do. And I feel like this is a very similar thing where it's like, you really want to offer 247 trading, but

Tarun

I don't know how.

Tom

I don't even transfer agent. It's like, no, now you are a blockchain. Oh, great. Okay, now I can just go do it. And it's like this mind trick kind of thing.

Aseeb

Wow. I've never thought of it that way, but that might be it. It's like you're role playing as a blockchain and all of a sudden you just feel this renewed openness and energy.

Evgeny

Yeah, you could have done it the

Tom

whole time, but you could have done

Aseeb

it the whole time.

Tarun

Arguably. That was the Libra pitch also. Right?

Aseeb

That's true. That's true. We should ask Canton customers if they feel empowered and open all of a sudden now that they're using Canton.

Tarun

Well, I do think the one thing that is a little confusing to me about Canton is all these TVL numbers. You can't ve, but you're just kind of accepting. I don't know. I'm kind of a little confused when I go to rwa XYZ now because I'm like, okay, well how do I check that this number is true? And then it's like, I can't really. That's sort of the stuff where I'm

Aseeb

like, you've been spoiled by this idea that you can check things.

Evgeny

Yeah, but that's my point, right? It's like, what is the legality of it? Is it like if it's settled on Canton, is it like, has the same power as being settled on, like, traditional custodian? Yeah. Like, does it work the same way?

Aseeb

And it's probably different from asset to asset. Right. Like, you'd have to go and look at the actual underlying contract. Like, nobody, nobody who's transacting on Canton doesn't have a contract with their counterparty, I would bet. So it is just.

Evgeny

Yeah, but then, like, is it like what is primary? Right? Like is primary what happens on Canton and then they just like, maybe update the database somewhere else? Or is it like. I mean, I'm definitely not saying this is what it is, but like, okay, we do like, I don't know, this terra chai thing, for example, is it like this. Yeah.

Aseeb

Wait, fraud. What do you say? Like what?

Evgeny

No, they just copy paste the transactions on the blockchain. But it doesn't mean anything.

Aseeb

Right, Right.

Evgeny

Yeah.

Tarun

I mean, another question to me is like, how do you do. I know there are a lot of Canton Dexes that people are supposedly building, but like, are there? How do you. Yeah, okay. I'm only saying this. And so I'm no Canton expert. I would say I'm a Canton dunce mainly. But I've just seen all these people shilling these market maps of like, here's the Dexes on Canton, here's the whatever. And like, okay, I'm just going to assume someone is. How does that work? Like, I don't really understand how any of these. Like, like there's just so many things.

Aseeb

Yeah. Our Canton IQ now is so low. I feel like we should stop talking about it. Maybe get somebody from Canton on the show to clarify.

Tarun

I think I might.

Tom

You might get a legal notice, you know?

Aseeb

Yeah, yeah.

Tarun

I think the main thing is more like it's impressive to convince people to put their assets in a new vehicle, right? Like that. To Evgeny's point, on the legal side, like, I don't know how they got the 200 billion or more, but it's sort of just like a little hard for me to understand what the point of it is. It's really hard for me to be like, okay, yes, I can borrow against all these assets I tokenized. Can you do that? It's not clear at all to me what the set of functionality is. Yes, there are these smart contracts, but no, you can't verify them between zones and stuff. It just feels like it reminds me of enterprise blockchain circa 2014 more than it reminds me of L2s or all kind of.

Aseeb

To be clear, it is enterprise blockchain. It is self consciously enterprise blockchain. They don't pretend to not be, but like it's.

Tarun

It's like the enterprise blockchain pitch hasn't changed, even though the market has changed. And so then they're like using terminology that was like Dexes, that has a particular meaning to people used to public blockchains that like, is not. I don't understand how that works here. At least that again, this is just my, you know, I'm. I'm like, I haven't really spent a ton of time on Canton, so I can't tell you.

Aseeb

I mean, I've heard a lot of stories about, oh, you know, this financial institution is now doing a ton of reverse repo on Canton. This one is doing, you know, they're moving assets from one entity to another entity much faster than they would if they were using, you know, Swift. So I've heard a lot of these stories, right? And my assumption is that they're not lying to me. They are actually doing this. Right. The lived experience, the people on those teams, is that this stuff is really happening since we integrated Canton. But at the same time, I made this analogy earlier. It's a little bit like when I hear somebody say that, oh, I use Devin and allowed me to ship my AI code way faster. So it's real. Devin really does solve all these problems. And it's like, yes, Devin does, but so does everything. There are many other ways that you could get AI code. What you're describing is AI coding. There's a lot of other ways to do AI coding. And so I kind of feel like it's a little bit. What I hear with Canton is that, like, wow, when you decide to use a system that allows 24. 7 settlement, you get 24. 7 settlement. It's amazing. Blockchain is so incredible. And Canton is the secret to all my problems. And it's kind of like, yeah, I'm sure there are other systems that are not blockchain based that also give you that. Anyway, okay, before we embarrass ourselves any further, Evgeny, I want to come back to the conversation that we've been having on the show. So we went through a lot of back and forth about the ways in which crypto has maybe lost its way, and especially about the Ethereum Foundation. There was a big debate that has continued to rage about the EF mandate, which is this document where it was kind of reinforcing the EF vibes and crops and all the values that Ethereum holds dear. There's now been this weird thing about maladies as well. So the whole thing is kind of getting a little bit out of hand. But I wanted to specifically bring you on to talk about. So far, I think you're probably the number one person that we've had on the show who can mount a really full throated defense of this idea that Ethereum should stay the course, that crypto is losing its way, and that in fact, it is really important for us to turn away from this institutional diaspora and instead focus on the core cypherpunk values. Especially given that you're a market maker and you make your money trading every day. I want you to give me your best defense of this position.

Evgeny

Right? Yeah. I mean, I do admit I'm like the least likely candidate to be defending Ethereum foundation, especially given that I made a lot of fun of them in the previous years as like soy boys and such. I mean, last couple of years especially, like we went through this, I don't know, the whole financial nihilism stage, and now it's like we got, I don't know, the most friendly sec, CFTC regime we got. Like blockchains are working, institutions are adopting, like everything is supposed to be great. But I've been in this space for pretty much nine years now and it's probably the worst vibe I've ever felt. Like even 2018, I'm not sure if it was worse than now because I think people just don't have anything to believe in anymore. Ultimately, people came here for various reasons and like, some people don't believe in it because the prices don't go up. Yeah. So that sucks I guess. But if you're a builder in the space, what are you building for exactly? Because okay, like everything is just really, really moving full steam ahead to tradfi institutions basically just taking crypto and adjusting it. I don't know Canton style or whatever Tempo style. Like just like taking all those blockchains enterprise and all and basically just improving their own process and ignoring pretty much all cypherpunky. That was about that. And where effectively Ethereum. I guess my most contrarian view on this is Ethereum foundation for the first time in its life is being ahead of the curve currently because it basically reads the room and it understands okay, all those people who weren't the cypherpunk values in the past, they have nowhere to turn anymore. There is nobody else to like there is no blockchain to go like okay, you can go to Solana and Solana what they achieved like post FTX labs it's amazing they stop stopping like they, they working like they throughput wise. It's amazing like what, what they did with meme coins but you basically okay, like it's a competition between I don't know Solana and Canton I guess like who is going to be the next Nasdaq. And I would say Canton might win this one simply because it's just more tradfi focused and oriented. But there is nothing cipher punky per se about Solana or about like most other blockchain. Even bitcoin. If you look at bitcoin like it's just being co opted by tradfi in such a big way with sailor with I don't know strategic Bitcoin reserve is pretty much everything, right? Is it really a cypherpunk asset? Not. Not really. Like people are just like okay bitcoin needs to go up and solve forever quantum bullshit. But nobody cares about like bitcoin fulfilling its original satoshi whatever vision, whatever it was. And Ethereum foundation is just saying okay, if you build on us, if you build within Ethereum you actually staying true to what we are here, what we are, what we came here to do in initially which is basically not become a part of existing ThreadFi system but actually become something parallel to existing threadfi system becomes this sanctuary basically like sanctuary tech. And yeah, nobody else is remotely close to saying that. It's basically their vision and direction and that's from pure diversification standpoint. I think it's very important that we have at least one blockchain that is just like, yeah, this is our way and we'll just do something contrary to everyone else.

Tom

I think that's kind of true in the sense of like there's not a home for these kinds of people right now. I think my concern is like that home is probably just like much more niche and smaller than what I think people have built Ethereum up to be. And so that's kind of where this disconnect comes from. I think that's okay. You can be really into a homebrew scene and amateur ham radio and all that, but that's a very different kind of goal than we're going to take all the world's financial activities and put them on chain. And I think that's what people kind of really, at least let's say the past, I don't know, six, seven years have really gotten into Ethereum for versus when it first started, maybe it was kind of a different, different ethos and a different group of people. So I think, I feel like that is ultimately, I mean, as we were discussing with Canton, that feels like kind of like the fight right now.

Evgeny

But I think it's also like for the longest time, ever since I was in the space actually, I never believed that you can put the whole world on blockchain. It sounds silly, but I still to this day do not believe that Solana can become nasdaq. Like, I don't think block is just physics. Like, I don't think blockchains can ever be through, can never have enough throughput compared to, well, private databases basically. That can just like function a lot more efficiently and also function a lot more privately. Like even, like, even Canton probably like cannot achieve the like speed sense throughput required from that. So I don't think Ethereum or any blockchain for that matter was ever in a race for everything to be on it. Okay, maybe things can settle in it. Sure. Like, okay, you can put a lot of assets and tokenize a lot of assets. Yes. But I do think Ethereum is still in the race for it. And actually they're still definitely TVL wise with RWAs. They're still way ahead of everyone else. Well, except for Kento maybe. I don't know.

Aseeb

Yeah. So I think the question is not is it important for Ethereum to remain decentralized or is it important for Ethereum to maintain its values? I think everybody would agree with that statement in and of itself. The question is what does Ethereum need more of? The question is always at the margin, does Ethereum need more of the sort of the priests and the monks chanting in the corner kind of keeping the flame alive of, oh, decentralization is our one true God. Or is what Ethereum needs more of is Canton? I'm kind of like, yeah, Ethereum kind of needs a little more Canton in it, and Canton needs a little more Ethereum in it. You know what I mean? That sort of feels like the right answer as opposed to the other way around, which is like, Canton should be more Canton and Ethereum should be more Ethereum. I think Ethereum today, the reality is that, look, if Ethereum is going to appeal more to the cypherpunks, first of all, I don't know, the problem with Ethereum is that it doesn't appeal enough to cypherpunks, right? The cypherpunks already love Ethereum. Where else is there to go? There's no other game in town if you're a cypherpunk. Second, the cypherpunks, as crypto grows, the cypherpunks become a smaller and smaller part of the population and or of the, the real true user base of these crypto products. Now, I think what Vitalik's goal is when he says that he wants Ethereum to be a sanctuary technology is not the same thing as saying that Ethereum is for cypherpunks. What he's saying specifically is that Ethereum is meant to be for the people who have nothing else. Like literally, they have no other option. We want Ethereum to be the thing that people with no other option can always use. And I think, look, that's an admirable goal. But I think the place where I disagree with it is that Ethereum already has that property. There are not people who are you safeguarding Ethereum against that? You think, oh, Ethereum is at real risk of losing its ability to be used by political dissidents or something like this. This is not a problem.

Evgeny

I have an answer to this. I remember we had this discussion during the merge, basically, like, okay, what's going to be the canonical, like new canonical Ethereum, like the old one, the proof of Stake 1 or the new one or, sorry, the proof of work one or proof of stake one. And like, the answer that a lot of people gave at the time, which I think was true at the time as well, is it's going to be the chain that circle and tether choose to be the canonical chain because that's where most of the stablecoins are. And it's still to a degree, pretty, pretty true today. So like the more you, the more stratify institutions you have sapling stuff on your chain, the more you basically pretty much hostage to them and the less you become this sanctuary chain in a way.

Aseeb

So hold on, hold on. So I wrote the article originally that described this. The ability for Circle tether to fork and kind of control the fork choice in effect, or the ability to do governance by fork. But I don't think that's the same thing as what you are arguing here. The claim that I made in that article is that it is impossible for people to do governance by forking and basically say, look, I'm going to create a minority fork of Ethereum, go in a different direction, and if more people agree with me, then my fork is going to beat the original fork, right? That is no longer possible in a world where you have Circle and tether and all these other people, because on one fork the RWAS just won't exist and everything will fall apart. Like all the state will get destroyed basically on this other fork, both ways,

Evgeny

it can be like, okay, Ethereum foundation wants to do another, whatever, random name upgrade and circle it as a no, we don't like it.

Aseeb

Right? In principle, that's true. Right? In principle, that's true. Of course, and that's also true for users and it's true for anybody with an influential application, is that they could say, well, we're going to brick this app on think lighter, right? LIDR also has one canonical representation of its state and they could say, okay, well we're going to brick lighter on the fork and we're not going to maintain its state and therefore all the lighter deposits are going to be. Every single issuer has this choice in a fork, right? The claim that I'm making now is that while that is true, forking is no longer a viable way to enforce governance. But that doesn't mean that Circle is unilaterally making these decisions. Unilaterally is. It'd be very surprising if that were true and Circle just happened to choose whatever the EF and the user consensus is choosing, right? Like, wow, what an incredible coincidence. No, the interests are aligned, right? Is that Circle in normal times does want to follow what the EF wants to do, and when we did the merge, Circle followed the merge, right? When there's upgrades, Circle follows all the upgrades. So we shouldn't be confused about what that means. It doesn't literally mean that Circle is deciding the roadmap of Ethereum. It does mean that if Circle does decide that their interests diverge from Ethereums in a subtle way that it's going to be a catastrophe and also that forking is not going to be a good answer to that problem. It's that everybody has to come into a room and negotiate. That's what has to happen in a world where, yes, circle and tether do have enormous influence on what ends up becoming the future of Ethereum. But they're not the only people in the room.

Evgeny

Yeah, but I mean, that's saying the more you move towards this ThreatFi expansion route, the more of those people you have who are ultimately ultimate stakeholders and decision makers, the more you move towards this.

Aseeb

Yeah, yeah.

Evgeny

Like, I mean, is it good? Because it's like you just replicate the traffic model in the end, okay? Like you have corporations deciding everything. That's it.

Aseeb

I think the vision of Ethereum is to be the world computer. The world has a lot of people in it and all those people become stakeholders when they have a stake in the world computer, you know. So I don't think the goal of Ethereum is that Ethereum will always be governed by a bunch of crazy people in, you know, an IRC server. Right? That is not the goal of Ethereum. The goal of Ethereum is to be the world computer and to have this, this new, different way of owning, governing, showing, accounting for the assets in the world and creating permissionless smart contracts around them. If the rest of the world is signing up for that, then great, they all get a seat at the table. I think that is the correct way to parse the vision of Ethereum. It is not that cypherpunks rule the world. That is not the vision of Ethereum. If the, if the vision of Ethereum is that cypherpunks rule the world, it's almost like, okay, well the vision of Linux is that Linus Torvalds rules the world and no, that's not the vision for Linux. The vision of Linux is that we all have Linux. It's that we all have free software that you can use and edit and modify however you want.

Evgeny

That's exactly what they're going for as well. They're not saying, okay, we are not going to permit BlackRock to put Biddle on Ethereum. They can do it if they want to, same as Linux. They are. Literally. Linux is such a great example. I know Carl Solani would hate it, but it's. Linux is a perfect analog for me

Aseeb

for this because he's out of the industry now. We can use all the analogies we want.

Evgeny

No, but like literally it's even Price action wise, like okay, it's yeah, it's like to me that's the biggest actually like Viet saying about like I do support the current direction for Ethereum foundation but I think like short and midterm price wise is going to be very bad because it's a very long shot for it if they are really successful and if they become this Linux, I do think Ethereum will be like very valued asset. But yeah, if they're not successful and if everyone gives rise, a Canton and other blockchains just take over most of the economic activity, yeah, they'll just fail and that'll be it. But yeah, Linux is a great analog to this.

Aseeb

Tarun, let's bring you in here. What's your take on this back and forth here?

Tarun

Yeah, I mean look, I think you know, stablecoins to your point are the best example of something where there was a new market for users who would have not interacted with this market whatsoever. And in that sense Ethereum is like kind of trying to help attract new users. However, in the Sanctuary case, right, if like anyone who gets rejected from everywhere else can still come here, right, like the Groucho and Marx type of chain, that's sort of what I view Sanctuary as. The I never want to be a member of a club that would admit me type of thing. Take the contrapositive that on the other hand, I think if you just start having a lot of assets that are not really on chain, they're kind of like half on chain, half off chain. Reconciliation is hard. You have to think about multiple things. Then it's like it is a different, just completely different security model. Stablecoins are sort of lucky in that you do have to think about that reconciliation, but not at high enough liquidity. You don't really. Unless you're going to get blacklisted, right? But when we start moving on the exotic part of the spectrum on tokenized assets, then you just have so many more control issues than you do with stablecoins. Each layer of governance or shareholder, right. Type of behavior adds all this extra structure that the blockchain can't really enforce. And so there's kind of this slippery slope argument of like if all the assets are just that, then like why don't we just like move the control and legal stuff off chain, right? Maybe that's what. I don't know if that's what Canton does, but that's sort of what I, in my head that's kind of how I view it. Again, I could be very wrong. Don't you know, Canton people can come yell at me, but that at least that's my interpretation of it. But in a real blockchain you should have a lot more. Sorry. Now see then that probably will trigger them too. But in like a public open blockchain there's sort of some notion of guarantees that you really have enforceable on chain. And I just think like it's not clear to me that with a non public chain you could ever have the growth of stablecoins again. Like if, if we, if we rewound history because you kind of needed people to feel a lot of these guarantees without needing to know a lot of the hidden structure. And basically I sort of think there's sort of this implied contract that the smart contract is telling you everything right? Or like that's how Defi started. Right? It was like smart contract. And like obviously we're just moving down the spectrum of like the smart contract tells you less and less and less and less. And like at what point is it still a blockchain? Like that's I guess the question that we're deciding and I don't know where that threshold is. It seems like many people have many different opinions on that.

Aseeb

I mean there is a parallel to this in the open Internet which is like the Internet is getting less and less open over time. If you're not logged into X, you can't see the posts anymore. Like web scraping and the cloud flare sitting in the middle of things and captchas and all this stuff have made the Internet less and less of what we initially contemplated it was going to be. And maybe there's some inevitability to these things is that actually the world doesn't want to be open or that the economic models or the financial models just kind of push in this direction. There's a plausibility to that. But then I do still think that the core value proposition of the Internet is the fact that it's open and permissionless is that anybody can go to newyorktimes.com and even if they can't read the articles, they can go and buy a subscription and start reading the articles. And I think the same thing is true for blockchains. Now we've yet to see it. Maybe we need to get someone from Canton on the show to help explain what they're seeing in a little more detail. But look, there's a story today that I think also cuts in favor of the Canton story. So just to transition here, right now it's kind of hot off the press. So we don't have a lot of detail yet, still fog of war. But it looks like Drift has been hacked for upwards of $270 million. This will be one of the largest hacks in Defi history. Drift is a perp Dex on Solana and it looks like a bunch of JLP. Over 150 million of JLP which is Jupiter LP positions in the Jupyter vault. About 50 million of USDC and then a smattering of other assets were sitting in Jupiter or sorry not Jupyter in Drift that got exploited. So we don't have any details yet. We don't know exactly what the mechanism was but it's been a very bad week for cybersecurity generally. Just yesterday there was a story about this NPM package called Axios which is a very commonly used HTTP library in J that got compromised through some kind of seemingly North Korea planted Remote Access Trojan. I think that's what it's called, Remote Access Trojan. So something basically a supply chain attack in the NPM maintainers somewhere down the pipeline and that got pushed out to like huge portion of the Internet was potentially compromised by this thing. This package has 100 million weekly downloads and 175,000 dependent. 175,000 dependent packages that pull up Axios as a dependency. So there's a. At the same time we saw just yesterday there was Mercur got hacked, there was a Claude code leak. Just a lot of stuff happening all around the same time and people are starting to think that like hey this, this may accelerate over the next couple of years. Right now that we've seen there was a story about Anthropic that took their newest model and has some kind of cybersecurity tool that they're basically not releasing publicly. They're only allowing selective access to effectively white hats or open source maintainers to get access to this tool because they believe it might be too powerful to have it just openly available in people's hands. It seems like the capabilities of AI is making these kinds of attacks more frequent, easier to do and just more concentrated. So curious what you guys are thinking about this moment and how you are positioning yourselves for it. If ganny maybe you can start.

Evgeny

Positioning is really hard. Like it's. Yeah, positioning I'm not going to comment on but like it's. I mean it's not only like this whole thing, it's not even in a favor of private blockchains, it's almost like in the favor of like intra, private intranets. Almost like I don't know, maybe they're moving towards a world where Internet will be just like this wild space where like stuff happens, but like most of the stuff will actually be happening inside corporations and where stuff cannot be hacked, for example. Like maybe that's where we are heading towards because the supply chain attacks is just like the worst possible it just because you, I mean these packages, you download them, you implicitly trust them. Like you, like you trust that. Okay, like if you get the new version of Rev Windows, like it's not going to be infected with some trimming virus. So it's pretty scary and we'll definitely see more of it. And one way to protect against it is just to make everything very, very locked. I guess

Aseeb

it does feel like so many of the assumptions behind security are being violated now. Like the ability for half of the Internet's JavaScript libraries to get compromised by one dude getting popped in his NPM account, that feels not sustainable. This is just not a good architecture for a security system. So much of open source has depended on. So if you remember a while back there was this discovery of this guy, or guy, whatever account that had been contributing to open source for many years and then at one point it tried to push something, it was like the Linux kernel or something or some other library to try to push some kind of backdoor vulnerability.

Tom

I think it was like an open SSH thing, right? Because someone noticed that SSH was taking longer.

Aseeb

Yeah, yeah. So much of open source depends on the assumption that developers who are going to do nice things are scarce and because of that they can mostly be trusted to do the right thing. And therefore this model that anybody can contribute to anything and we all are kind of kumbayan working together now that you can basically do like underhanded C or underhanded solidity contributions. Like I don't know if you guys know this thing called the underhanded C contest. So it's this, it's this very, very long running competition that happens every year where basically people try to create the most innocuous looking C program that actually does something totally dastardly and malicious to screw you up. And these are extremely difficult to detect. Which like if you are really trying to put a subtle backdoor into some code, if you're ingenious enough, you can do it. Now every LLM can do underhanded C competition stuff, right? It used to be like only crazy humans were doing that. It was extremely esoteric. But there's so many years of training data of underhanded C competitions that are just out there on GitHub that every model can do it now. And if you just have one open source person who's either one fabricated, it's just an LLM doing this for many years or two, you basically have you pop one guy who's been contributing to open source for many years, and then you contribute something that's some underhanded C type construct that allows you to take over some, some repo, or take over everybody who uses a repo. Then open source just stops working. Like the trust model of open source stops working.

Tarun

So one thing I will say is there was like kind of this time in the 1990s, and then like in the 2000, like early 20, late 2000s or early 2000s, where I feel like there was a sort of baby version of this. Like, obviously this is like an exponentially worse version of the thing. But like in the late 90s, I feel like the constant thing that would happen is you'd constantly hear about worms and like self replicating attacks, right? Like, I guess the most famous one was like the Windows 98 decom attack in 1998, which was like basically a kind of very egregious memory overflow where you could just read everything in memory like instantly. And the interesting thing was those things were spreading like crazy. Like every Fortune 500 company had a compromise machine or there was like statistics like that, that era. And then from that point onwards, right, like people started creating all these like encapsulated environments, like restrictions on what you can run, you know, tagged memory. And then, so it started getting better. And then like early mid 2000s, you know, Docker starts becoming popular and people start using containers, but then they start running like 5 million containers and they can't manage like, which one is using which access control. And then like people would kind of exploit these microservices things to try to be like, oh, these particular ones are more vulnerable, these ones aren't. I'll take advantage of the weakest link. I think we're just kind of in a much more speedrun version of that, right? Those things took years before they got worse. And then people started hardening. Whereas this is like, I think you have like minus time, negative time. It's like that's kind of the weird, I think more about the time aspect of it than I think about the. Obviously the surface area is huge. I'm just trying to say, like, it feels like in these other versions, like something bad had happened, but then we had a little time to react. Whereas, like here you really don't which I think that's the more the bigger difference to me, from just like emergency response perspective.

Tom

Yeah, I think the point on open source is right where we're kind of shifting from a world where you assume contributors are sort of default benevolent to maybe default malevolent. And that just changes the dynamic of how code gets reviewed. I think there's even a story that Cron stopped accepting new PRs because they just got flooded with bots. And so I feel like these are different sides of kind of the same coin. And I agree that, hey, the current model of there's a small number of people who have auth permissions and yeah, obviously that's wrong and maybe there's obviously been attempts at doing decentralized source control in the past and maybe we'll kind of see a reversion to that. I think the bigger thing I worry about more is I know there was another talk by an anthropic engineer talking about using, I don't know if it was this latest model or like a harness they had for OPUS to basically discover a bunch of zero days in old pieces of code. So you found like a bunch of zero days that have been like the Linux kernel since for like literally like 20 years. And that's the kind of stuff that I'm more worried about because I think we can change how we manage open source to really mitigate a lot of these supply chain attacks. The issue is like, what about all the vulnerabilities that are already out there and old code that doesn't get updated? And that's kind of the weird asymmetry that now feels very exploitable.

Tarun

By the way, the person who found that is not just a random anthropic engineer. Carlini is like kind of a very famous security researcher from the last 20 years. Like, I think, like for someone like that who, you know, I obviously wouldn't be a skeptic if he was an anthropic, but he's sort of someone who's like classical security researcher, has been a security researcher for a long time and I think is not someone who exaggerates. So that's, that's like, you know, you should take it as a very real assessment, not like a hype. You know, there's a lot of AI stuff where it's like obviously a little aggrandized. This one I would not view as that.

Aseeb

So the question then is like, okay, where is this going? It strikes me that the Pollyannaish kind of Kumbaya version of open source that we've had over the last 20 years is going away. And crypto is kind of a weird middle ground position because crypto is not really. These applications are open source, but it's not like anybody else uses the drift contracts, right? Like only Drift uses the drift contracts. So they're open source, but they're maintained by a single company. And I think that's actually really different than the open source that we're talking about. Axios or the Linux kernel are really, really very different from the open source nature of an individual startup that open sources their own contracts. I think that we may see that open sourcing just decreases over time in crypto just because of the fact that there's such an asymmetry between attackers and defenders that North Korea is willing to spend upwards of $100 million for a $300 million prize to just like throw compute at you, but you don't have $100 million to spend on grinding on your own compute. So there is a way in which this may end up pushing against open source as the default for crypto where, you know, look, you can still use your model to like look at the state and figure out what's going on there. But you know, maybe they can issue some zero knowledge proof that shows there's no admin key, but they're not going to decompile the code for you and show you the decompiled code. Maybe it doesn't matter because actually the AI can decompile the code.

Tom

Yeah, I was going to say the

Tarun

zero knowledge proof of proof of code is like now a real thing. Even though we don't have time to talk about the quantum stuff, I feel like the fact that they didn't release the code and they only released the zkp.

Aseeb

Yeah, I think, I think there's something there. I suspect what happens over time. So like, so for on the crypto side, where it's basically your corporate smart contracts are open source, I think we just may see more movement away from open source. That seems to me like a pretty likely outcome at this point, given I expect over the next six months that these attacks will accelerate. Right. We had the Balancer hack not that long ago. I mean this was like four or five months ago that, that was the largest defi hack that we saw last year, I believe. And that was almost certainly LLM assisted, if not fully LLM driven. And then on the opposite side, if you think about open source in the sense of, okay, we're using Axios or we're using the Linux kernel or whatever, I think probably what happens that this is a collective action problem is that you will no longer trust packages that are maintained by randos. That basically these packages will move into Google, Facebook, or in some of these foundations that are basically protecting them. And they may be still run by nonprofits, the code may still be open, but they are no longer accepting contributions from random people. And the way in which these packages are updated or locked down, it's not just like some dude who's maintaining this out of the goodwill of his heart and oh, he didn't have his two FA enabled or oh, he had this thing that got popped. It's going to be that basically if you are running super secure software, it may still be open source, but it's being managed by an organization that you underwrite and you underwrite the organization that's managing the software package. I suspect that's where we're going. Either that or the large companies like Google basically take it into their own responsibility to start basically red teaming, white hatting. All of these other software packages that are widely used is that basically they take it on themselves as being stewards of the Internet and stewards of Internet security. Because otherwise North Korea will just keep finding holes. The open source landscape is too big that they'll just find targets one at a time. And the JavaScript supply chain in particular is so enormous and there's so many Achilles heels all over the place that we'll keep seeing stuff like this. It would be my. My guess if we don't see a big structural change in the way that open source is architected. Sounds like we all agree.

Tarun

Yeah, there's not really.

Tom

I don't.

Tarun

I wish I had. I wish there was something to disagree about with that, but.

Aseeb

Fine, fine. Okay.

Tom

I feel like I'm surprised there was not more mentioning of the fact that like everything released yesterday. Like in my mind I'm like, 3:31 could kind of be for open source, what like 10:10 was for crypto, where it's just like big memorable date. And I was like, oh my God, why is everything coming out today? And I feel like it was not acknowledgement of the fact that there was this deluge of these vulnerabilities.

Aseeb

Yeah. So we'll see. I think this is a long term story. It's not going to happen overnight. But it does feel to me like AI the defensive capabilities are nowhere near as fast developing or bringing up to parity as the offensive capabilities. And I just tweeted this today, is that the offensive capabilities are concentrated, but the defensive capabilities are diffuse. You need a lot of people to get on the latest models and to start figuring out how to defend, and that's just hard. It's going to be way easier for North Korea to pick off people one at a time who, who aren't catching up as fast as. As the attackers are. So, anyway, we're up on time. Evgeny, where are prices going? Where, where, where's, where's winter Mu gonna move the. The prices. Let us know. Give us some alpha.

Evgeny

I'm gonna drift around.

Aseeb

They're gonna be drifting. Oh, geez. Drifting. Too soon, too soon, too soon. You can't, you can't be. You can't be doing that this early, man. Come on. People are hurting. All right, Evgeny, once again, not any help at all, but appreciate you coming on and giving us your perspective.

Evgeny

Yeah, always happy.

Aseeb

Thanks, everybody. We'll be back next week. Hopefully, we'll either, we'll either be talking Canton or Quantum.

Tarun

Quantum. Quantum. A little more entertaining. I'm sorry, I just, like, I feel like I'm not as educated at Canton, and I, I also feel like we'll bring them. I'm not sure I want to be. I'm not sure I want to be yet.

Aseeb

You know, you're going to get the Canton balls in your comments.

Tarun

I, I, I'm not saying I have anything against it. I, I, I just. Yeah, there's enough other things in the

Aseeb

world and Canton army listening. Let's. Let's get them on. Turn. Cool. All right, that's it for this week. Thanks, everybody. Be back soon.

Tarun

It.