This week, we look at the boring bit crypto has historically skipped: making the thing actually work, and work at scale.

Crypto has no shortage of products people can technically use. The gap moving forward is whether those products can be routed, priced, secured, explained, and distributed at a level that competes with centralised exchanges and, more importantly, traditional finance.

The signals this week say so:

• Ethena partnered with Coinbase, integrating into its custody, wallet and perps stack, then added Janus Henderson as an RWA distribution partner

• Bridge infrastructure is being broadly audited across the industry post-exploits

• Tether is expanding the utility of XAUt, its tokenised gold asset, into a crypto card, redefining the expectations of an onchain neobank

• L2BEAT expanded its suite of tooling to privacy, just as Ethereum researchers have set out to make privacy a default property of the protocol

• We also sit down with Privacy Pools on what compliant and legally sound privacy actually needs to look like after Tornado Cash

This new era will often be less romantic, but much more important.

Ethena secures Coinbase and Janus Henderson distribution

Coinbase is becoming Ethena’s custodian, wallet provider and perpetuals venue, supporting Ethena’s security and operations across more than $5bn in assets, while USDe expands to Base and the wider Coinbase ecosystem.

What this actually means is that:

• Ethena will start using Coinbase Custody

• USDe can get access to institutional lending through Coinbase Asset Management

• Coinbase will likely be added as a basis trading venue for USDe

• USDe can grow on Base

• sUSDe can be offered as a savings product to Coinbase users

To further firm up the alignment, Coinbase Ventures backed Ethena by purchasing ENA in the open market.

Ethena is getting the distribution it could not achieve on its own, and Coinbase is able to diversify its own stablecoin partnerships, relieving reliance on Circle, which has been focusing its efforts on Arc, a USDC-native L1 for stablecoin finance, with USDC gas, predictable dollar fees, built-in FX, opt-in privacy and Circle platform integration.

That distribution push went one step further today, as Ethena partnered with Janus Henderson, a $480bn asset manager, to allocate and support the distribution of its liquid, high-quality CLO tokenised funds. Janus Henderson has also made a strategic investment in ENA, will allocate into USDe as part of treasury cash management, and is exploring ways to distribute USDe to clients through exchange-traded instruments.

For Ethena, new initiatives and partnerships have been commonplace over the past year. They want USDe and its use cases to grow and expand, serving as a yield-bearing dollar product distributed through exchanges, wallets and institutional rails. So they are pushing in every direction they can, with Coinbase and Janus Henderson the latest surfaces.

However, not all of their endeavours have achieved strong starts.

Ethena’s Hyperliquid push has not really worked yet and, given TradeXYZ’s dominance, may never succeed. HyENA was meant to be a strong player in the Hyperliquid ecosystem, giving traders access to yield on their collateral, but Blockworks’ HIP-3 data shows HYENA producing just 0.4% deployer APR, barely above Felix Perps at 0.3%, with Felix announcing their HIP-3 deployment shutdown just yesterday.

Converge, Ethena and Securitize’s chain, purpose-built for onchain finance, also remains a roadmap mystery, with no word from the X account or blog for nearly a year.

MegaUSD (USDm) has had some success, using Ethena’s USDtb rails to direct reserve yield toward sequencer costs. This was an example of Ethena experimenting with whitelabel stablecoin infrastructure that other ecosystems can package. MegaUSD now sits at around $200m in circulation, down from highs of more than $560m one month ago.

Ethena’s first few distribution experiments outside of Binance and Bybit, while credible, have been patchy in outcomes, so partnering up with Coinbase, the centralised market leader in the US and controller of one of Ethereum’s largest ecosystems in Base, then adding Janus Henderson’s institutional RWA channel, gives it a cleaner shot at making this one a firmer success.

L2BEAT weighs in on Chainlink’s CCIP vs. LayerZero

The fallout from the KelpDAO hack has led several large protocols to switch their bridging partner to Chainlink CCIP, but what does this actually do for bridging risk and the trust assumptions involved? Your friendly neighbourhood watchdog L2BEAT took a look.

As a quick recap, the exploit was not as simple as LayerZero being a bad bridge. It came down to the RPC infrastructure behind the distributed validator network (DVN). This RPC was compromised, and because Kelp had only a 1/1 DVN, there was no secondary verification of the compromised node’s broadcast. LayerZero put the loss at 116,500 rsETH, roughly $292m.

The most recent move was by Virtuals, which migrated bridging infrastructure for more than $700m of VIRTUAL from LayerZero to CCIP.

So what did L2BEAT actually find?

Moving to CCIP is not the same as moving to a trustless bridge. It is a move from LayerZero’s highly configurable security model to Chainlink’s more standardised, operator-managed one, where validation is handled by Chainlink’s Offchain Reporting (OCR) signer set, which verifies incoming messages from other chains. L2BEAT notes that the set is equivalent to a 6/16 multisig.

Despite this seemingly more secure validator set, CCIP’s complexity is extremely high, spanning 70 chains, different contract versions, various time locks controlled by deeply nested multi-sigs and individual logic, and governance tied to each token on each chain. All of this, combined, will no doubt affect a project’s ability to conduct proper due diligence when integrating with CCIP.

Chainlink CCIP definitely feels like the option for teams wanting to outsource more of the bridge-security surface to a provider. LayerZero, by contrast, still operates as a more customisable solution, allowing projects to own their own security by spinning up their own DVNs and bringing in third-party DVNs to strengthen the security of their bridging token infrastructure.

CCIP may provide projects with better defaults and mitigate some of the vulnerabilities exposed by Kelp’s 1/1 DVN setup, but it does not eliminate bridge trust. It moves that trust into Chainlink’s signer set, upgrade paths, admin roles, token pools and per-chain deployments.

Tether wants gold to behave like a bank account

After diving into neobanks and crypto cards last week, you may have assumed that they would all run on USD stablecoins, or maybe EUR once adoption picks up.

But gold?

Tether and Fasset are now looking to normalise storing tokenised gold inside your bank balance, earning, borrowing and spending against it.

Their gold-backed Visa card converts XAUt into USDT and then fiat at the point of sale, pays up to 6% cashback in XAUt, and lets users round up change on everyday spend into tokenised gold.

Paolo Ardoino is looking to change the script on gold entirely: “Historically, gold has been a store of value, not a medium of exchange. This initiative changes that narrative.”

It’s becoming apparent that the next wave of crypto neobanks will not all simply be stores for USDC. They will package different assets for different users: dollars for stability, yield-bearing assets for savings, gold for inflation and currency fear, tokenised equities for global retail, and definitely some higher-risk products too.

So who wants gold in a bank account?

Think about users in a market where the local currency is unstable, the US dollar is distrusted, expensive to access, or politically loaded, and gold already has cultural trust. Fasset itself has a strong distribution network across Asia and Africa, where this asset is likely to be welcomed.

It’s an interesting move by Tether, testing whether tokenised gold can move from “store of value asset” to a “daily balance users can spend, save and accumulate around”. This is the exact kind of product that crypto enables, and would have been impossible in the previous world.

We expect this kind of experimentation to grow rapidly: different assets, different rails, different users, different wrappers, all targeting increasingly niche use cases across the globe.

Privacy as default infrastructure

Privacy is no longer just a mixer for funds. The more interesting work is happening within the stack itself: private execution, shielded assets, wallet-level privacy, compliance-aware disclosure, encrypted state, and better ways to measure the tradeoffs between them.

To emphasise the steps the industry is making, we just published our latest flagship report, covering the privacy ecosystem in crypto and the core enablers of confidential execution today: https://docsend.com/v/sjv2g/thefullstackprivacyecosystem

L2BEAT’s new privacy dashboard is another useful sign that this shift is happening.

Rather than treating privacy as a loose category based on vibes, it compares protocols against the CROPS principles: censorship resistance, openness, privacy, and security. The dashboard currently tracks Tornado Cash, Railgun, and Privacy Pools, highlighting the differences among immutable, fixed-amount pools; upgradeable DeFi privacy with opt-in compliance; and enforced-compliance designs.

The numbers are still small compared with the rest of DeFi, but not irrelevant. L2BEAT has Tornado Cash with roughly $385m in TVL and $120m in 30-day volume, Railgun with roughly $77m in TVL and $50m in 30-day volume, and Privacy Pools with roughly $8m in TVL and $5m in 30-day volume.

Privacy is finally being built (and judged) with hard, concrete design choices.

• Is the system immutable?

• Can it support arbitrary amounts?

• Does it have a trusted setup?

• Can users prove they are not part of a bad set without revealing everything?

• Can it plug into DeFi?

• Can it survive compliance pressure without becoming meaningless?

This week, a similar design-first approach reached the token standard layer, with pERC-20 now filed as draft ERC-8287.

The proposal is not simply “ERC-20 but private”. It deliberately breaks normal ERC-20 assumptions. There are no public balanceOf, approve, allowance, or transferFrom. Assets exist as encrypted ZK-UTXO notes from issuance, using an Orchard-style model adapted from Zcash. Transfers consume old notes and create new encrypted notes, while nullifiers prevent double-spends without linking the user to a public balance.

There is a long way to go before this standard is implemented, and the surrounding work needed to integrate a whole new token standard within DeFi would not be light. But it is a signal that privacy will migrate to the infrastructure level. Whether the key change occurs at the protocol, asset, or wallet layer remains to be determined.

Our report argues that the next adoption wave will come from the full stack: private execution, compliant disclosure, usable wallets, institutional confidentiality, and seamless retail privacy.

Privacy is no longer only about hiding transactions; it’s increasingly a requirement for usable financial infrastructure.

Individuals need protection from surveillance, profiling, harassment, and political exposure, whilst institutions need confidentiality around balances, counterparties, order flow, payroll, treasury movements, client data, and strategy.

AI agents will need private computation, prediction markets will need private order flow, and data markets will need selective disclosure.

Onchain finance cannot mature if every meaningful action remains fully public by default.

Privacy is normal

It is no longer just a cypherpunk ideology. It’s becoming necessary onchain infrastructure for both user protection and institutional adoption.

Crypto has always had a financial privacy problem.

Public blockchains made finance auditable, but they also made financial behaviour permanently observable. Wallet balances, counterparties, payroll, treasury movements, order flow, strategy, liquidations, swaps, transfers. All of it is part of a public data trail.

As chain analytics and AI make that data cheaper to process, an open, transparent ledger starts to look like surveillance infrastructure.

Usable privacy in crypto cannot just mean hiding everything from everyone; that much is clear.

The more realistic path is selective disclosure: systems that can hide sensitive information from the public while allowing users, institutions, auditors, and regulators to prove specific facts when required.

We had the chance to sit down with Mike from Privacy Pools, one of the Ethereum-aligned protocols building in the post-Tornado Cash era, to discuss how they are approaching the landscape.

Mike framed the protocol’s V1 as “an MVP to test whether there was demand for compliant privacy.” The early numbers are modest: roughly $20m in volume and around 5,000 individual deposits, but the team is keen to get V2 out and begin a new wave of growth.

Privacy Pools aims to preserve user privacy while preventing addresses linked to exploits, scams, or hacks from using the pool to privately break the onchain link. The protocol also allows each user to share their transaction record with others for reporting and compliance purposes.

On legal liability for privacy protocols, Mike said the team “looked at the Roman and Alexey lawsuits and took every point they were indicted on, then modified our protocol to mitigate that indictment point.”

For a protocol like Privacy Pools to grow, it needs distribution, and more importantly, distribution that feels seamless.

Privacy does not scale if users have to leave their wallet, open a separate app, pay extra, and think like a privacy power user. Privacy Pools V2 is being built with the opposite in mind: embedded privacy through wallets, bridges and transaction surfaces.

Mike’s north star is simple: deprecate Privacy Pools’ own front end, and let regular, everyday interfaces route the traffic.

This aligns with our report’s broader conclusion: privacy is no longer only about hiding transactions. It is becoming a requirement for usable financial infrastructure.

The first wave of crypto privacy was ideological.

The next one is practical.

Don’t forget to join our Telegram channel for the latest updates from Castle and all our research: Link here

In our newsletter, we may discuss projects or tokens in which we hold positions. While we aim to provide informative content, our views are not financial advice. Please conduct your research and consult professionals before making investment decisions. Crypto markets are volatile, and past performance doesn’t guarantee future results. Invest responsibly, and be aware of the risks. Your capital is at risk, and we do not accept liability for any losses.