The Good Tech Companies - Albert Dadon Is Building Financial Rails No Single Government Can Switch Off
Episode Date: July 6, 2026This story was originally published on HackerNoon at: https://hackernoon.com/albert-dadon-is-building-financial-rails-no-single-government-can-switch-off. AEREDIUM found...er Albert Dadon on why the 2022 SWIFT cutoff was an engineering problem, "a key nobody holds" and building settlement rails that can't be coerced. Check more stories related to undefined at: https://hackernoon.com/c/undefined. You can also check exclusive content about #aeredium, #web3, #good-company, #privacy, #swift, #payments, #technology, #blockchain, and more. This story was written by: @ishanpandey. Learn more about this writer by checking @ishanpandey's about page, and for more stories, please visit hackernoon.com. The thesis: AEREDIUM founder Albert Dadon argues the 2022 SWIFT disconnection was misread as a political story when it was an engineering one — credible neutrality can't be voted into existence, it has to be constructed. The mechanism: AEREDIUM is a privacy-preserving Layer 1 ("the Trust Layer") that pushes rule-enforcement into attested hardware and threshold cryptography, so no single party — including the company — can override it unilaterally. "A key nobody holds": its signing system (AERKey, formerly AEGISKey) uses threshold ECDSA (CGGMP24) where the key exists only as distributed shares that never assemble — making unilateral disclosure impossible while keeping legitimate legal process workable. The seams thesis: Dadon points to the ~$290M KelpDAO exploit — where a single verifier, not the smart contract, was the weak link — as proof that the money is lost at the seams between systems. The honest risk: the institutions that most need neutral rails (their procurement runs in years) are the slowest to adopt them — so AEREDIUM is pacing capital to be "ready when they arrive."
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
Albert Dayton is building financial rails no single government can switch off.
By a Sean Pondy, Albert Dayton has built across three worlds that rarely overlap.
Three decades in technology, 26 years leading a Melbourne property developer, and an international
career as the jazz guitarist Albert. He now runs A EREDIUM, a privacy preserving layer one he
calls, the trust layer settlement infrastructure designed so that neutrality is a property of the
construction rather than apprimes of the operator. We spoke about why he thinks the industry keeps
trying to govern its way to neutrality, what threshold cryptography actually buys an institution,
and where his own argument is weakest. A'Shaun Pondi. Hi, Albert, it's a pleasure to welcome
U-T-R, behind T-H-E-S-T-A-R-T-U-P series. You have built across three rarely overlapping worlds,
three decades in technology, a career as a real estate developer, and A-N-I-N-T-E-O-N-A-L-I-F-E in music as the jazz guitarist,
A-L-B-A-R-E. Please tell U-S about yourself and what inspired you to build A-E-R-E-D-I-UM,
Albert Dayton. I've had the good fortune of three careers that look unrelated Anderrant.
I've spent three decades in technology, 26 years leading Uber-DIS group, a property development
company in Melbourne, and a parallel life on Stagia's the jazz guitarist Albert. The thread connecting
them is structure, buildings, compositions, and distributed systems all fail the same way,
at the joints, under stress you didn't design for. A-E-R-E-D-I-U-M came from watching the
22-Swift disconnection with the specific discomfort of someone who builds things.
The industry treated it as a political story. I saw an engineering story. A system whose
neutrality rested on an assumption its architecture couldn't enforce. Everyone had a vote.
One jurisdiction had the switch. I started a E-R-E-D-I-U-M to build settlement infrastructure where
neutrality is a property of the construction, not a promise of the operator, a privacy-preserving
layer one for institutional settlement, which we call the trust layer. The name is deliberate.
The product isn't throughput or tokens. It's the ability to rely on the rails without having to
trust whoever happens to be managing them. Ashan Pondi, you hold the full picture across consensus,
cryptography, execution, and corporate strategy, and you still work hands-on with T-H-E-E-N-G-I-N-E-R-I-N-G team.
How did a path that runs through enterprise technology, property development, and musical
composition shape the way you actually design a system, and what does each of those disciplines
contribute that a P-U-R-E-C-R-E-C-R-E-H-Y background might miss?
Albert Dayton. Property development teaches you that capital has a clock and physics doesn't negotiate.
You learn to sequence. Foundation before facade, no matter what the marketing schedule wants.
That observation made Arredium Foundation first. We built the signing infrastructure, the attestation chain,
and the consensus engine before we built anything an investor could screenshot.
Music contributes something people underestimate. A jazz ensemble is a Byzantine consensus system.
Musicians reach agreement in real time, without a conductor, tolerating each other's failures,
because the structure, the form, the changes, is strong enough that improvisation can't break it.
That's exactly the design goal of a good protocol. Freedom at the edges, invariance at the core.
And enterprise technology teaches the discipline pure cryptography can miss.
Cryptography proves what's mathematically true, but institutions buy what's operationally true.
A perfect protocol run by an operator who can be suburb.
opinion it is not a neutral system. So I work hands-on with the engineering team, reviewing the
actual pull requests, because in this business the architecture lives in the details,
the seams and the seams are where I've watched everything fail, in buildings and in code.
Ashan Pondi. Your central argument is that the 2022 SWIFT-D-A-N-Aritectural Problem
the industry keeps trying to fix with governance, and you draw a sharp line between W-H-O has a vote
and WHO can change the rules.
C-A-N-Y-O-U unpack why Swift's Democratic Board
counted for so little once a B-E-L-G-G-I-N-C-O-O-P-E-R-A-T-I-T-I-E-E-U sanctions law,
and why you concluded that credible N-E-U-T-R-A-L-T-Y-I-S in engineering property
rather than a governance one?
Albert Dayton.
Swift's board counted for so little because votes govern in tent-hand architecture
governs capability.
The cooperatives members could vote on anything they liked.
The system's rules were.
were changeable by whoever held legal authority over the machines and the people operating them,
and those sat in one jurisdiction. When EU sanctions law spoke, the democratic structure wasn't
overruled. It was simply irrelevant because it never had custody of the enforcement mechanism.
That's the sharp line I draw, who has a vote versus who John changed the rules. In every
governance-based system those are different people, and the second group is small and geographically
concentrated. The conclusion is that credible neutrality can't be voted into existence.
it has to be constructed, so that no party, including us, the builders, retains the capability to
override it. AEREDIUM does this by pushing enforcement into measured hardware and threshold
cryptography. The rules run inside trusted execution environments whose exact code IS cryptographically
attested. The signing authority that acts on those rules exists only as distributed key
shares that never assemble anywhere. And changing operational rules requires thresholds signed
authorization that the hardware independently verifies. There is no boardroom, no operator terminal,
no jurisdiction where a rule change can be imposed unilaterally because the system was built
without that room in it. Neutrality stops being a policy and becomes a physical property of the
deployment. Greater than the reporting behind this, Swift is incorporated in Belgium and must
comply greater than with EU regulation. In 2022, it disconnected seven designated Russian entities
greater than on the 12th of March under EU Council Regulation 2,022 345th, adding more,
including greater than Esperbank. That June, a network serving 11,000 plus institutions across 200
plus greater than countries, reconfigured in days by one jurisdiction's law. Daitan's vote versus
greater than switch line is, in the literal record, what happened? The false binary, total privacy
versus full surveillance. Ashon Pondi. What is the biggest misconception
institutions and the W-I-D-E-R-C-R-Y-P-T-O community hold about privacy and neutrality on public
infrastructure and how does Aridiam's design challenge that assumption rather than restated,
Albert Dayton. The deepest misconception, held by institutions and crypto-natives alike from
opposite directions, is that privacy and accountability are a trade-off you tune with a slider.
Institutions hear privacy and think regulatory exposure, crypto hears, compliance, and thinks
backdoor. Both assume the same.
broken model, that visibility is a single dial and someone has their hand on it. The related
misconception is that neutrality comes from decentralization theater, that enough validators
make a system neutral. Validator count is a liveness property. It says nothing about who can
compel the system's behavior. A-E-R-E-D-I-U-M challenges the frame rather than restating it. Confidentiality
and accountability aren't opposites. There are different questions, who can see, versus who can verify
and architecture can answer them separately. On our rails, transaction contents are confidential
by default, while the correctness of every operation is verifiable by anyone through at station
in signed evidence. Disclosure, when it happens, is structured, specific information, to specific
authorized parties, under authorization the hardware itself verifies, never a master key, never an
operator's discretion. The design goal is that an institution's competitor can verify the system
IS honest without reading the institution's book, and an authority with genuine legal process can
obtain what that process entitles it to, and not one bite more. Ashan Pondy, you call the choice
between total privacy and full surveillance A-F-A-L-S-E binary. The mixer model failed because to law
enforcement it looked like A-L-A-U-N-D-E-R-I-N-G tool, while full transparency is unworkable
for any institution W-H-O-S-E-C-O-M-P-E-T-I-T-O-R could read its book.
Aridium's answer is structured S-E-L-E-C-I-C-I-E-D-I-C-L-O-S-U-R-E, with A-E-R-K-E-R-K-E-E-R-E-C-L-E-L-E-R-E-C-L-E-E-R-E-E-L-E-E-R-E-E-L-E-E-R-E-E-L-E-E-E-R-E-E-E-L-E-E-E-E-R-E-E-E-E-L-E-E-E-E-L-E-E-R-E-E-E-E-E-R-E-E-E-E-E-E-E-R-E-E-E-E-L-E-E-R-E-E-E-L
Share key implements threshold ECDSA using the CGGMP-24 protocol inside hardware enclaves.
The signing key exists only as separate shares inside separate attested machines, distributed across
jurisdictions, and it is never assembled, not during generation, not during signing,
not ever. Signatures are produced by a cryptographic conversation among the shares. So to your
question about leverage, the disclosure mechanism can't become a seizure point, because there is no point.
Compel one operator and you get nothing, their share is useless alone and sealed in hardware that only acts on validly authorized requests.
Seize one machine, same result. Coercis, the company, same result.
We built ourselves out of the ability to comply unilaterally, which is precisely the credential institutions should demand.
Disclosure happens only when a request satisfies a policy the enclaves independently verify, valid authorization, correct scope, threshold agreement across parties who do
not share a jurisdiction and what is disclosed is scoped to that request. Legitimate legal
process, properly presented to the threshold, works. A single sovereign leaning on a single
company or data center does not. We didn't make disclosure impossible. We made unilateral
disclosure impossible, and that distinction is the entire architecture. Greater than CGGMP-24 is a peer-reviewed,
state-of-the-art threshold ECDSA protocol greater than,
Canetti-Genero Goldfetter McCrellano spelled,
in which a signing key is split greater than into shares held by separate parties
and never reconstructed, even at signing greater than time.
Daitens, a key nobody holds, is an accurate description of what greater than
threshold signing does, whether AEREDIUM's specific enclave deployment greater than performs is
described as a claim readers should treat as the company's greater than pending independent
audit.
Every seam is a trust A-S-S-U-M-P-T-I-O-N-I-H-A-N-E-H-A-N-E. Your threat model is that attackers have moved off in chain L-O-G-I-C-A-N-D-E-I-T-A-N-E-E-S-E-E-E-E-S-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E-E------------------------------
U-M-A-N-S-W-E-R-N-K calling bank rails in band with no separate Oracle layer, and the
trans layer for bridgeless cross-chain.
Walk U-S. through how an in-band call removes the seam rather than relocating it, and why that
is STRU-C-T-U-R-A-L-L-Y-S-A-F-E-R than a conventional Oracle network.
Albert Daden.
A bridge or Oracle is a second system whose job is to make claims about a first system,
and its honesty is a fresh assumption stacked on top of everything.
else. That's the seam. The Kelp DAO exploit is the canonical case. The contracts were fine,
a single trusted verifier. One set of keys in the claims making layer was the entire security of
nine figures. Note what the attacker did. They didn't break the chain. They broke the thing
vouching to the chain. Conventional answers add more vouchers, bigger verifier sets, more
multisigs which relocates the seam and dilutes it, but a diluted seam is still a seam. A separate key set,
operated, separately corruptible. Anan Band Call removes the category. With AERL-L-I-N-K,
the interaction with external rails executes inside the same attested environment that runs settlement
itself. The verification is part of consensus, not testimony delivered to consensus.
There's no independent attester whose compromise forges a message, because there is no independent
a tester. Forging the claim requires breaking the measured enclave code and the threshold signature
simultaneously, which is the same security bar as forging the chain itself. Our cross-chain settlement
follows the same principle. The receiving side verifies a tested evidence of the source event directly,
rather than trusting a committee that watched it. The structural rule is simple. Every seam is a trust
assumption, and trust assumptions are where the money is lost. We spent our engineering
budget deleting them rather than decorating them, greater than the reporting behind this. On the 18th
April 2026, attackers drained Tilda $290M-116,500 greater than R-SETH, from Kelpdeo's layer
zero-powered bridge by exploiting a single one of one greater than verifier configuration,
the smart contracts executed exactly as written. Greater than security firms attributed it to
North Korea's Lazarus Group, it followed the greater than Tilda $285 million drift protocol attack
on the 1st of April, and an estimated $13 billion was pulled from greater than Defi within 48 hours.
It is the cleanest recent illustration of Dayton's point. Greater than the failure was at the
seam, not in the code. The post-Swift settlement R-A-C-E-I-S-H-A-N-Pondy. The vacuum swift left
is being chased from many directions A-T-O-N-C-E. China's SIPs, cross-border stable-coin
corridors, CBDC settlement, and institutional networks such as Canton and FN-A-L-L-I-T.
As A-N-E-V-M-compatible layer 1 quoting 250,000 transactions per second, what is the real wedge
that moves a C-O-N-S-E-R-V-A-T-I-E institution from a pilot to live settlement value?
and what is the defensible core that a well-funded competitor cannot simply copy from Y-O-U-R-D-O-C-U-M-T-A-T-I-O-N-T-I-O-N-T-I-O-N-T-I-N-T-I-O-N-T-E-V-E-V-E-V-E-V-E-V-E-L-E-V-E-L-E-L-E-L-E-L-E-R-E-E-R-E-E-R-E-N-E-R-E-E-N-E-ROWS-E-E-E-E-ROW-E-E-E-E-R-E-E-E-R-E-E-E-L-E-E-E-E-L-E-E-E-L-E-E-E-L-E
independently verify what the infrastructure did. Our wedge is evidence. Every operation on
Aridium produces a tested, offline verifiable proof, signed acknowledgments from measured hardware.
At a station chains of bank's own auditors can check without trusting us and operational
rule changes are themselves as threshold authorized and attested. That maps directly onto how
institutions already think. Audit trails, segregation of duties, no single point of override.
We're converting, trust the vendor into, verify the mathematics, which is the only conversion
that survives committee.
On defensibility, a well-funded competitor can read our documentation, and I hold four patents
covering the core mechanisms, but neither is the real moat.
The mode is that this class of system is proven at the seams and seams only hardened through
operational scar tissue, years of key generation ceremonies, failure drills, and edge cases
across live clusters that no document captures. You can copy an architecture diagram in an afternoon.
You cannot copy having already made the mistakes. Greater than the reporting behind this,
the many directions, are real and already sizable. Greater than the Canton Network,
a privacy preserving institutional L1 with selective greater than disclosure at the transaction level,
reports $6 trillion plus in tokenized real world greater than assets and 600 plus participating
institutions, including DTCC, J.P. Morgan, Goldman, Saks and Visa. As of early 2026, China's SIPs counted
well over a thousand greater than direct and indirect participants. Fanality runs a bank consortium
settlement greater than system. AEREDIUM's own figures, 250,000 TPS, 4 patents, test net status,
are greater than the companies. We present them as stated, not verified. Pacing capital when you can't
fake R-E-A-D-I-N-E-S-I-H-A-N-P-E-S-H-A-N-P-E. Finally, deep institutional infrastructure is unusual in that
IT-C-A-N-N-O-T fake readiness. The cryptography either holds O-R-A-D does not. What H-A-S-T-H-H-T-H-A-T
taught you about pacing capital and resisting the temptation T-O-O-O-V-E claim that so much of the market indulges,
and what is the honest risk T-H-A-T-H-E institutions W-H-O most need neutral rails are the
slowest to adopt them? Albert Dayton. Infrastructure like this is refreshingly tyrannical.
The key generation completes or it doesn't, the attestation verifies or it doesn't,
The benchmark is a number your hardware produced or its fiction.
That constraint is enforced a discipline I'd frankly recommend to the whole market.
We publish what we've measured, we say, test net.
When we mean test net and we are on test net today and we sequence capital against milestones
the technology can actually certify, not milestones a deck can assert.
Property development trained me for this.
You cannot market a building into structural integrity and the certifier doesn't read your brochure.
The honest risk is exactly the one you name.
and I want dress it up. The institutions that most need neutral rails are constitutionally the
slowest to adopt them. Their procurement cycles are measured in years, their risk committees are
paid to say no, and the very conservatism that makes them need credible neutrality makes them last
to buy it. Our answer is to pace for that reality rather than pretend it away, patient capital
structure, revenue that doesn't depend on the slowest adopter moving first, and infrastructure that
is simply ready when they arrive. Because they will arrive, the uncomfortable truth about the
This market is that adoption of neutral infrastructure tends to follow the crisis that provisits
necessity and 2022 taught us those crises are no longer hypothetical.
I'd rather be early and measured than punctual and improvised.
Don't forget to like and share the story, vested interest disclosure.
Hacker Noon has reviewed the report for quality, but the claims herein belong to the author.
Hashtag D-Y-O-R.
Thank you for listening to this Hackernoon story, read by artificial intelligence.
Visit hackernoon.com to read, write, learn and publish.
