── Dappcon 2026 Speaker ── Production-ready blockchain privacy sounds simple. Building it is not. 🎙 @mandrigin · @gateway_eth ↳ "Practical Approaches to Interoperable Blockchain Privacy" Igor will give a talk on the real engineering challenges of making confidentiality and auditability coexist — drawing on Gateway's experience building Ethereum-compatible privacy infrastructure for enterprise workflows and regulated environments, without sacrificing transparency or ecosystem compatibility.

The framing of privacy almost always starts as a cost item - something that has to be paid for to keep regulators on side. By the time the conversation gets to revenue, privacy has already been pushed off the agenda. What this framing misses is that privacy is what makes the highest-margin segments addressable onchain in the first place. Private banking, corporate treasury, cross-jurisdictional settlement, institutional RWA tokenization. In each of these, transparency is contractually incompatible with the service. The absence of confidentiality is the reason the flow stays off-chain entirely. We published a longer piece on this framing. If you are evaluating onchain infrastructure on your 2026 roadmap, it might be worth a read. x.com/gateway_eth/status/206…

I’ve seen a pattern that keeps showing up when I review institutional onchain architectures. The instinct, especially for teams coming from a traditional SaaS background, is to layer privacy and compliance as separate services on top of an otherwise transparent stack. Access control in one service, audit logging in another, sanctions screening through a third-party API, travel rule data handled at the application layer. The failure mode is predictable. When a regulator asks to reconstruct what happened in a specific transaction, the answer requires correlating logs across multiple systems with different data models and different timestamp resolutions. The compliance evidence exists, but assembling it under audit pressure is a manual exercise. The architectural alternative worth thinking about is collapsing access control, disclosure, sanctions screening, travel rule, and audit logging into the same proxy layer that mediates every RPC call. Each request gets processed through all five in sequence. The audit trail is structurally coherent because all five share the same request context. For engineering leads designing this layer in 2026, it's worth deciding early whether the architecture stays unified or fragments.

Banks struggle to launch onchain products because there is no operating system for it. Every traditional banking product runs on a core system that ties accounts, ledgers, compliance and settlement together. For stablecoins, tokenized assets and yield products, no equivalent exists. So each new product becomes a custom integration project across custody, compliance, settlement and partners. Gateway is the financial operating system for the onchain economy. On top of it, an institution can bring assets onchain, move capital across borders and generate yield while keeping the full economics. The integration work is already done. The result is what core systems did for traditional banking: launch multiple products in weeks instead of months, on infrastructure you own, keeping the value you create.

Onchain systems do not fail only at the code layer. They fail at the control layer. @Humanityprot's native H token reportedly fell as much as 90% after a security breach that resulted in more than $36M in losses, per the team's own incident update. But the important detail is not just the size of the loss. It is how the control layer appears to have failed: per the team's disclosure, a single compromised employee laptop yielded enough Gnosis Safe owner keys — 3 of 6 on Ethereum, 3 of 5 on BSC — to seize ProxyAdmin control, upgrade the bridge to a malicious implementation, and mint unlimited tokens. That is not a classic smart contract exploit that we read about every other day. That is an operational control failure involving privileged access, admin authority, and weak signer separation. And that distinction matters. Because these are the kinds of risks that do not always look dangerous in a paper. A 3-of-6 multisig can look fine on paper. An admin role can look necessary. A deployment path can look standard. A trusted person can look like a control. Until one compromised workflow turns into system-level access. This is why SOC 2 and ISO matter for operating discipline. They force teams to define and prove how access is granted, who can approve changes, how privileged actions are reviewed, what separation of duties exists, how incidents are handled, and whether the controls around production systems actually work. This is also why serious security infrastructure has a cost. You can move fast without it for a while. You can ship without it. You can even look secure without it. But eventually, production systems are judged by the controls that survive compromise, pressure, and human error. The early internet went through the same transition. At first, ‘working software’ was enough. Then payments, commerce, enterprise data, and critical infrastructure moved online - and standards like SOC 2 and ISO became the guardrails that separated experimental systems from systems companies could actually trust. Onchain finance is going through that same maturity curve now. Without those guardrails, security becomes too dependent on assumptions. Assumptions that signers are independent. Assumptions that admin paths are safe. Assumptions that humans will not be socially engineered. Assumptions that audited contracts are enough. At Gateway, we went through SOC 2 and ISO 27001 for exactly this reason. Because regulated onchain finance is following the same path the internet did: moving from experimentation to trusted infrastructure. That requires more than clean code, it requires security infrastructure, operational controls, and verifiable processes around the systems people depend on. Audited operations are what make systems resilient, trustworthy, and ready for real-world scale.

ECB: one-third of cross-border retail payments still take more than a business day. G20 target: 75% credited within an hour by end-2027. A different rail is already past that target. B2B stablecoin volume hit $226B in 2025, up 733% YoY. Days collapse into seconds.

Gateway has completed its SOC 2 Type 2 report for Security, covering the design and operating effectiveness of its security controls from January 31, 2026 to April 30, 2026. This report is another step Gateway has taken to support secure, reliable infrastructure for institutions building onchain financial products. Together with ISO 27001, SOC 2 Type 2 adds another layer of assurance to Gateway’s security and compliance foundation. We expect regulated onchain finance to become an increasingly important part of the global financial infrastructure, making security, operational resilience, and compliance readiness critical to scaling it responsibly.

HTTP status 402 sat reserved in the spec for 30 years. Payment Required, unused. By Feb 2026: 161M transactions, 417k buyers, 83k sellers on x402. AWS launched native support in May. Visa and Stripe joined the open standard. 402 is the new 200

I’ll be in Amsterdam this week for Money20/20, mostly looking forward to getting out of the usual workday and having some good conversations with people building around payments, stablecoins, and yield. If you’re around too, let me know. I’d be happy to grab a coffee or just catch up between sessions.

In February 2026, stablecoin monthly volume hit $7.2T. ACH settled $6.8T in the same window. For the first time, a 12-year-old asset class moved more money in a month than the rail US banking was built on. Same money. New shape.

It’s been a busy few months behind the scenes, but I'm finally packing my bags again, starting with Brussels and The Banking Scene this Thursday. If you're in town, feel free to reach out to me. I'd love to discuss payments, compliance, and bringing regulated onchain finance to production safely.

1B AI agents by end of 2026 (IBM Salesforce). EU AI Act: live. MiCA: live. FCA stablecoin agenda: live. The next layer translates them for autonomous agents: KYC for software, AML at machine speed, consumer protection without a human in the loop. The standard is being set now.

2024: <1% of enterprise apps were agentic. 2026: 40%. Fintech was built for: human initiates, system processes, human confirms. Agents initiate, process, and confirm in the same second. Who is this agent? What can it spend? Who authorized it? The governance layer isn't ready.

Blockchain privacy isn't an on/off switch. If you hide the entire state, regulators will block you. If you expose it, competitors will front-run you. The Open Privacy Suite handles this tension with three levels of selective disclosure: Full (Real addresses for regulators), Pseudonymous (Consistent aliases for counterparties) and Hidden (no visible data for competitors and unrelated parties). Grants are time-limited, auto-expire, and enforce multi-jurisdiction policies from a single deployment. Same chain, different views depending on who is looking.

50B product listings on Google AI Shopping. Agents buying from agents. Underneath: treasury agents negotiating FX. Lending agents pulling credit data. Compliance agents verifying counterparties. $3–5T agentic economy by 2030. A new layer of finance speaks in agents.

Agent task duration doubles every 7 months. Horizon: 59 mins. An hour of autonomous financial workflows is the new tempo. Compliance must adapt: agent identity, spending governance, real-time audit, automated enforcement. Same intent. New tempo.

KYC for humans. KYB for businesses. KYA (Know Your Agent) is next. Agents access APIs, move funds, transact across borders. The identity layer is being built around them now. Same pattern. Just the next layer.

72-79% of enterprises are deploying agents. 16% of US consumers trust AI with payments. That gap isn't a problem. It's a product brief. Consumers don't need agents to be more impressive. They need them to be more transparent. In fintech, trust isn't a feature. It's the product.

Google (AP2), Mastercard (Agent Pay), Visa. All built agent payment infra in 2025. In 2026 it's shipping. Stablecoin volumes: $450B/month in 2024 → $710B by early 2025. Growing share is programmatic. Payment infra was built for humans pressing a button. The next won't have one.

If your compliance team is relying on manual reconciliation for on-chain transactions, you have a massive exposure gap. Compliance cannot be a post-execution process. It must be enforced at the proxy layer, before anything hits the network. The Open Privacy Suite enforces this natively. See how: gateway.fm/open-privacy-suit…