The Good Tech Companies - Albert Dadon Is Building Financial Rails No Single Government Can Switch Off

Episode Date: July 6, 2026

This story was originally published on HackerNoon at: https://hackernoon.com/albert-dadon-is-building-financial-rails-no-single-government-can-switch-off. AEREDIUM found...er Albert Dadon on why the 2022 SWIFT cutoff was an engineering problem, "a key nobody holds" and building settlement rails that can't be coerced. Check more stories related to undefined at: https://hackernoon.com/c/undefined. You can also check exclusive content about #aeredium, #web3, #good-company, #privacy, #swift, #payments, #technology, #blockchain, and more. This story was written by: @ishanpandey. Learn more about this writer by checking @ishanpandey's about page, and for more stories, please visit hackernoon.com. The thesis: AEREDIUM founder Albert Dadon argues the 2022 SWIFT disconnection was misread as a political story when it was an engineering one — credible neutrality can't be voted into existence, it has to be constructed. The mechanism: AEREDIUM is a privacy-preserving Layer 1 ("the Trust Layer") that pushes rule-enforcement into attested hardware and threshold cryptography, so no single party — including the company — can override it unilaterally. "A key nobody holds": its signing system (AERKey, formerly AEGISKey) uses threshold ECDSA (CGGMP24) where the key exists only as distributed shares that never assemble — making unilateral disclosure impossible while keeping legitimate legal process workable. The seams thesis: Dadon points to the ~$290M KelpDAO exploit — where a single verifier, not the smart contract, was the weak link — as proof that the money is lost at the seams between systems. The honest risk: the institutions that most need neutral rails (their procurement runs in years) are the slowest to adopt them — so AEREDIUM is pacing capital to be "ready when they arrive."

Transcript
Discussion (0)
Starting point is 00:00:00 This audio is presented by Hacker Noon, where anyone can learn anything about any technology. Albert Dayton is building financial rails no single government can switch off. By a Sean Pondy, Albert Dayton has built across three worlds that rarely overlap. Three decades in technology, 26 years leading a Melbourne property developer, and an international career as the jazz guitarist Albert. He now runs A EREDIUM, a privacy preserving layer one he calls, the trust layer settlement infrastructure designed so that neutrality is a property of the construction rather than apprimes of the operator. We spoke about why he thinks the industry keeps trying to govern its way to neutrality, what threshold cryptography actually buys an institution,
Starting point is 00:00:43 and where his own argument is weakest. A'Shaun Pondi. Hi, Albert, it's a pleasure to welcome U-T-R, behind T-H-E-S-T-A-R-T-U-P series. You have built across three rarely overlapping worlds, three decades in technology, a career as a real estate developer, and A-N-I-N-T-E-O-N-A-L-I-F-E in music as the jazz guitarist, A-L-B-A-R-E. Please tell U-S about yourself and what inspired you to build A-E-R-E-D-I-UM, Albert Dayton. I've had the good fortune of three careers that look unrelated Anderrant. I've spent three decades in technology, 26 years leading Uber-DIS group, a property development company in Melbourne, and a parallel life on Stagia's the jazz guitarist Albert. The thread connecting them is structure, buildings, compositions, and distributed systems all fail the same way,
Starting point is 00:01:34 at the joints, under stress you didn't design for. A-E-R-E-D-I-U-M came from watching the 22-Swift disconnection with the specific discomfort of someone who builds things. The industry treated it as a political story. I saw an engineering story. A system whose neutrality rested on an assumption its architecture couldn't enforce. Everyone had a vote. One jurisdiction had the switch. I started a E-R-E-D-I-U-M to build settlement infrastructure where neutrality is a property of the construction, not a promise of the operator, a privacy-preserving layer one for institutional settlement, which we call the trust layer. The name is deliberate. The product isn't throughput or tokens. It's the ability to rely on the rails without having to
Starting point is 00:02:16 trust whoever happens to be managing them. Ashan Pondi, you hold the full picture across consensus, cryptography, execution, and corporate strategy, and you still work hands-on with T-H-E-E-N-G-I-N-E-R-I-N-G team. How did a path that runs through enterprise technology, property development, and musical composition shape the way you actually design a system, and what does each of those disciplines contribute that a P-U-R-E-C-R-E-C-R-E-H-Y background might miss? Albert Dayton. Property development teaches you that capital has a clock and physics doesn't negotiate. You learn to sequence. Foundation before facade, no matter what the marketing schedule wants. That observation made Arredium Foundation first. We built the signing infrastructure, the attestation chain,
Starting point is 00:03:04 and the consensus engine before we built anything an investor could screenshot. Music contributes something people underestimate. A jazz ensemble is a Byzantine consensus system. Musicians reach agreement in real time, without a conductor, tolerating each other's failures, because the structure, the form, the changes, is strong enough that improvisation can't break it. That's exactly the design goal of a good protocol. Freedom at the edges, invariance at the core. And enterprise technology teaches the discipline pure cryptography can miss. Cryptography proves what's mathematically true, but institutions buy what's operationally true. A perfect protocol run by an operator who can be suburb.
Starting point is 00:03:43 opinion it is not a neutral system. So I work hands-on with the engineering team, reviewing the actual pull requests, because in this business the architecture lives in the details, the seams and the seams are where I've watched everything fail, in buildings and in code. Ashan Pondi. Your central argument is that the 2022 SWIFT-D-A-N-Aritectural Problem the industry keeps trying to fix with governance, and you draw a sharp line between W-H-O has a vote and WHO can change the rules. C-A-N-Y-O-U unpack why Swift's Democratic Board counted for so little once a B-E-L-G-G-I-N-C-O-O-P-E-R-A-T-I-T-I-E-E-U sanctions law,
Starting point is 00:04:24 and why you concluded that credible N-E-U-T-R-A-L-T-Y-I-S in engineering property rather than a governance one? Albert Dayton. Swift's board counted for so little because votes govern in tent-hand architecture governs capability. The cooperatives members could vote on anything they liked. The system's rules were. were changeable by whoever held legal authority over the machines and the people operating them,
Starting point is 00:04:46 and those sat in one jurisdiction. When EU sanctions law spoke, the democratic structure wasn't overruled. It was simply irrelevant because it never had custody of the enforcement mechanism. That's the sharp line I draw, who has a vote versus who John changed the rules. In every governance-based system those are different people, and the second group is small and geographically concentrated. The conclusion is that credible neutrality can't be voted into existence. it has to be constructed, so that no party, including us, the builders, retains the capability to override it. AEREDIUM does this by pushing enforcement into measured hardware and threshold cryptography. The rules run inside trusted execution environments whose exact code IS cryptographically
Starting point is 00:05:30 attested. The signing authority that acts on those rules exists only as distributed key shares that never assemble anywhere. And changing operational rules requires thresholds signed authorization that the hardware independently verifies. There is no boardroom, no operator terminal, no jurisdiction where a rule change can be imposed unilaterally because the system was built without that room in it. Neutrality stops being a policy and becomes a physical property of the deployment. Greater than the reporting behind this, Swift is incorporated in Belgium and must comply greater than with EU regulation. In 2022, it disconnected seven designated Russian entities greater than on the 12th of March under EU Council Regulation 2,022 345th, adding more,
Starting point is 00:06:15 including greater than Esperbank. That June, a network serving 11,000 plus institutions across 200 plus greater than countries, reconfigured in days by one jurisdiction's law. Daitan's vote versus greater than switch line is, in the literal record, what happened? The false binary, total privacy versus full surveillance. Ashon Pondi. What is the biggest misconception institutions and the W-I-D-E-R-C-R-Y-P-T-O community hold about privacy and neutrality on public infrastructure and how does Aridiam's design challenge that assumption rather than restated, Albert Dayton. The deepest misconception, held by institutions and crypto-natives alike from opposite directions, is that privacy and accountability are a trade-off you tune with a slider.
Starting point is 00:07:00 Institutions hear privacy and think regulatory exposure, crypto hears, compliance, and thinks backdoor. Both assume the same. broken model, that visibility is a single dial and someone has their hand on it. The related misconception is that neutrality comes from decentralization theater, that enough validators make a system neutral. Validator count is a liveness property. It says nothing about who can compel the system's behavior. A-E-R-E-D-I-U-M challenges the frame rather than restating it. Confidentiality and accountability aren't opposites. There are different questions, who can see, versus who can verify and architecture can answer them separately. On our rails, transaction contents are confidential
Starting point is 00:07:42 by default, while the correctness of every operation is verifiable by anyone through at station in signed evidence. Disclosure, when it happens, is structured, specific information, to specific authorized parties, under authorization the hardware itself verifies, never a master key, never an operator's discretion. The design goal is that an institution's competitor can verify the system IS honest without reading the institution's book, and an authority with genuine legal process can obtain what that process entitles it to, and not one bite more. Ashan Pondy, you call the choice between total privacy and full surveillance A-F-A-L-S-E binary. The mixer model failed because to law enforcement it looked like A-L-A-U-N-D-E-R-I-N-G tool, while full transparency is unworkable
Starting point is 00:08:28 for any institution W-H-O-S-E-C-O-M-P-E-T-I-T-O-R could read its book. Aridium's answer is structured S-E-L-E-C-I-C-I-E-D-I-C-L-O-S-U-R-E, with A-E-R-K-E-R-K-E-E-R-E-C-L-E-L-E-R-E-C-L-E-E-R-E-E-L-E-E-R-E-E-L-E-E-R-E-E-L-E-E-E-R-E-E-E-L-E-E-E-E-R-E-E-E-E-L-E-E-E-E-L-E-E-R-E-E-E-E-E-R-E-E-E-E-E-E-E-R-E-E-E-E-L-E-E-R-E-E-E-L Share key implements threshold ECDSA using the CGGMP-24 protocol inside hardware enclaves. The signing key exists only as separate shares inside separate attested machines, distributed across jurisdictions, and it is never assembled, not during generation, not during signing, not ever. Signatures are produced by a cryptographic conversation among the shares. So to your question about leverage, the disclosure mechanism can't become a seizure point, because there is no point. Compel one operator and you get nothing, their share is useless alone and sealed in hardware that only acts on validly authorized requests.
Starting point is 00:09:39 Seize one machine, same result. Coercis, the company, same result. We built ourselves out of the ability to comply unilaterally, which is precisely the credential institutions should demand. Disclosure happens only when a request satisfies a policy the enclaves independently verify, valid authorization, correct scope, threshold agreement across parties who do not share a jurisdiction and what is disclosed is scoped to that request. Legitimate legal process, properly presented to the threshold, works. A single sovereign leaning on a single company or data center does not. We didn't make disclosure impossible. We made unilateral disclosure impossible, and that distinction is the entire architecture. Greater than CGGMP-24 is a peer-reviewed, state-of-the-art threshold ECDSA protocol greater than,
Starting point is 00:10:28 Canetti-Genero Goldfetter McCrellano spelled, in which a signing key is split greater than into shares held by separate parties and never reconstructed, even at signing greater than time. Daitens, a key nobody holds, is an accurate description of what greater than threshold signing does, whether AEREDIUM's specific enclave deployment greater than performs is described as a claim readers should treat as the company's greater than pending independent audit. Every seam is a trust A-S-S-U-M-P-T-I-O-N-I-H-A-N-E-H-A-N-E. Your threat model is that attackers have moved off in chain L-O-G-I-C-A-N-D-E-I-T-A-N-E-E-S-E-E-E-E-S-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E------------------------------
Starting point is 00:11:22 U-M-A-N-S-W-E-R-N-K calling bank rails in band with no separate Oracle layer, and the trans layer for bridgeless cross-chain. Walk U-S. through how an in-band call removes the seam rather than relocating it, and why that is STRU-C-T-U-R-A-L-L-Y-S-A-F-E-R than a conventional Oracle network. Albert Daden. A bridge or Oracle is a second system whose job is to make claims about a first system, and its honesty is a fresh assumption stacked on top of everything. else. That's the seam. The Kelp DAO exploit is the canonical case. The contracts were fine,
Starting point is 00:11:59 a single trusted verifier. One set of keys in the claims making layer was the entire security of nine figures. Note what the attacker did. They didn't break the chain. They broke the thing vouching to the chain. Conventional answers add more vouchers, bigger verifier sets, more multisigs which relocates the seam and dilutes it, but a diluted seam is still a seam. A separate key set, operated, separately corruptible. Anan Band Call removes the category. With AERL-L-I-N-K, the interaction with external rails executes inside the same attested environment that runs settlement itself. The verification is part of consensus, not testimony delivered to consensus. There's no independent attester whose compromise forges a message, because there is no independent
Starting point is 00:12:45 a tester. Forging the claim requires breaking the measured enclave code and the threshold signature simultaneously, which is the same security bar as forging the chain itself. Our cross-chain settlement follows the same principle. The receiving side verifies a tested evidence of the source event directly, rather than trusting a committee that watched it. The structural rule is simple. Every seam is a trust assumption, and trust assumptions are where the money is lost. We spent our engineering budget deleting them rather than decorating them, greater than the reporting behind this. On the 18th April 2026, attackers drained Tilda $290M-116,500 greater than R-SETH, from Kelpdeo's layer zero-powered bridge by exploiting a single one of one greater than verifier configuration,
Starting point is 00:13:33 the smart contracts executed exactly as written. Greater than security firms attributed it to North Korea's Lazarus Group, it followed the greater than Tilda $285 million drift protocol attack on the 1st of April, and an estimated $13 billion was pulled from greater than Defi within 48 hours. It is the cleanest recent illustration of Dayton's point. Greater than the failure was at the seam, not in the code. The post-Swift settlement R-A-C-E-I-S-H-A-N-Pondy. The vacuum swift left is being chased from many directions A-T-O-N-C-E. China's SIPs, cross-border stable-coin corridors, CBDC settlement, and institutional networks such as Canton and FN-A-L-L-I-T. As A-N-E-V-M-compatible layer 1 quoting 250,000 transactions per second, what is the real wedge
Starting point is 00:14:21 that moves a C-O-N-S-E-R-V-A-T-I-E institution from a pilot to live settlement value? and what is the defensible core that a well-funded competitor cannot simply copy from Y-O-U-R-D-O-C-U-M-T-A-T-I-O-N-T-I-O-N-T-I-O-N-T-I-N-T-I-O-N-T-E-V-E-V-E-V-E-V-E-V-E-L-E-V-E-L-E-L-E-L-E-L-E-R-E-E-R-E-E-R-E-N-E-R-E-E-N-E-ROWS-E-E-E-E-ROW-E-E-E-E-R-E-E-E-R-E-E-E-L-E-E-E-E-L-E-E-E-L-E-E-E-L-E independently verify what the infrastructure did. Our wedge is evidence. Every operation on Aridium produces a tested, offline verifiable proof, signed acknowledgments from measured hardware. At a station chains of bank's own auditors can check without trusting us and operational rule changes are themselves as threshold authorized and attested. That maps directly onto how institutions already think. Audit trails, segregation of duties, no single point of override. We're converting, trust the vendor into, verify the mathematics, which is the only conversion
Starting point is 00:15:29 that survives committee. On defensibility, a well-funded competitor can read our documentation, and I hold four patents covering the core mechanisms, but neither is the real moat. The mode is that this class of system is proven at the seams and seams only hardened through operational scar tissue, years of key generation ceremonies, failure drills, and edge cases across live clusters that no document captures. You can copy an architecture diagram in an afternoon. You cannot copy having already made the mistakes. Greater than the reporting behind this, the many directions, are real and already sizable. Greater than the Canton Network,
Starting point is 00:16:06 a privacy preserving institutional L1 with selective greater than disclosure at the transaction level, reports $6 trillion plus in tokenized real world greater than assets and 600 plus participating institutions, including DTCC, J.P. Morgan, Goldman, Saks and Visa. As of early 2026, China's SIPs counted well over a thousand greater than direct and indirect participants. Fanality runs a bank consortium settlement greater than system. AEREDIUM's own figures, 250,000 TPS, 4 patents, test net status, are greater than the companies. We present them as stated, not verified. Pacing capital when you can't fake R-E-A-D-I-N-E-S-I-H-A-N-P-E-S-H-A-N-P-E. Finally, deep institutional infrastructure is unusual in that IT-C-A-N-N-O-T fake readiness. The cryptography either holds O-R-A-D does not. What H-A-S-T-H-H-T-H-A-T
Starting point is 00:17:02 taught you about pacing capital and resisting the temptation T-O-O-O-V-E claim that so much of the market indulges, and what is the honest risk T-H-A-T-H-E institutions W-H-O most need neutral rails are the slowest to adopt them? Albert Dayton. Infrastructure like this is refreshingly tyrannical. The key generation completes or it doesn't, the attestation verifies or it doesn't, The benchmark is a number your hardware produced or its fiction. That constraint is enforced a discipline I'd frankly recommend to the whole market. We publish what we've measured, we say, test net. When we mean test net and we are on test net today and we sequence capital against milestones
Starting point is 00:17:40 the technology can actually certify, not milestones a deck can assert. Property development trained me for this. You cannot market a building into structural integrity and the certifier doesn't read your brochure. The honest risk is exactly the one you name. and I want dress it up. The institutions that most need neutral rails are constitutionally the slowest to adopt them. Their procurement cycles are measured in years, their risk committees are paid to say no, and the very conservatism that makes them need credible neutrality makes them last to buy it. Our answer is to pace for that reality rather than pretend it away, patient capital
Starting point is 00:18:14 structure, revenue that doesn't depend on the slowest adopter moving first, and infrastructure that is simply ready when they arrive. Because they will arrive, the uncomfortable truth about the This market is that adoption of neutral infrastructure tends to follow the crisis that provisits necessity and 2022 taught us those crises are no longer hypothetical. I'd rather be early and measured than punctual and improvised. Don't forget to like and share the story, vested interest disclosure. Hacker Noon has reviewed the report for quality, but the claims herein belong to the author. Hashtag D-Y-O-R.
Starting point is 00:18:48 Thank you for listening to this Hackernoon story, read by artificial intelligence. Visit hackernoon.com to read, write, learn and publish.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.