Two visions of blockchain finance are running in parallel right now. One is open, borderless, and governed by code. The other is controlled, compliant, and run by the same institutions blockchain was supposed to disrupt. Neither is winning. Both are building.
The debate between permissioned and permissionless blockchains has been framed as an ideological war for years — decentralization purists versus TradFi incumbents retrofitting the same old power structures with a distributed ledger. That framing is now obsolete. What’s happening instead is a genuine bifurcation: two architectures solving two different problems, with real tradeoffs on each side that are worth taking seriously.
Here’s where things actually stand.
What permissionless blockchains actually offer
Public, permissionless blockchains like Ethereum, XRP Ledger, and Solana are open networks where anyone can validate transactions or build applications without approval. That openness is not just a philosophical position. It delivers real structural advantages that permissioned systems cannot replicate.
Borderless liquidity is one. Permissionless chains aggregate participants globally, which means deeper markets, tighter spreads, and composable financial primitives that permissioned systems — by definition limited to vetted participants — cannot match. DeFi’s explosion from essentially zero to over $100 billion in total value locked by end of 2024 happened on permissionless infrastructure, not private ledgers.
Censorship resistance is another. When a permissioned system decides you’re not a vetted participant, you’re out. Permissionless chains don’t have that off switch — which matters enormously for users in jurisdictions with unstable financial systems or overreaching governments. This isn’t an edge case. It’s one of the primary value propositions for billions of people who don’t have reliable access to traditional finance.
Then there’s the innovation argument. Permissionless networks attract a more diverse range of developers because anyone can build. The composability of open DeFi protocols — the ability to stack lending, collateral, and trading infrastructure like financial Lego — would be impossible in a walled garden where the consortium decides what gets built.
And some of the regulatory objections are less ironclad than they appear. The argument that permissionless networks can’t have governance is undermined by networks that have built workable governance structures. XRPL, for instance, is governed by an independent foundation operating under French law, with a transparent decision-making process and known validators who receive no fees — aligning their incentives with network integrity rather than profit extraction.
The real problems with permissionless systems
None of that means permissionless chains are without serious problems. They have several, and the industry’s habit of downplaying them is part of why regulatory pressure keeps mounting.
Security vulnerabilities are the most visible. DeFi lost approximately $730 million to hacks and exploits in 2024 alone — down from $1.15 billion in 2023, but still a number that would end careers at any regulated institution. The attack vectors are varied: stolen private keys accounted for $449 million in losses, price oracle manipulation caused another $52 million, and governance attacks — where malicious actors exploit voting mechanisms to drain funds — remain an open problem.
The 51% attack risk is real on smaller chains. According to the Basel Committee on Banking Supervision, regulatory actions like mining bans can suddenly reduce the computing power securing a chain, temporarily raising the risk of majority-control attacks. On large networks like Bitcoin and Ethereum, this is prohibitively expensive. On smaller chains, it has already happened.
Governance fragmentation is a structural issue, not a solvable bug. The Federal Reserve’s own research on permissionless governance identifies hard forks — where stakeholders can’t agree and the chain splits — as a persistent risk for any financial infrastructure built on these networks. When a hard fork happens and tokenized assets exist on both resulting chains, the legal and accounting consequences are genuinely unresolved.
AML and KYC compliance is where the gap between permissionless ideals and regulated reality becomes hardest to bridge. Pseudonymity is a feature, not a bug, in permissionless design — but it means financial institutions operating under AML and CFT obligations cannot enforce compliance directly on the network layer. They’re pushed to the edges — exchanges, on-ramps, off-ramps — which creates compliance gaps that regulators are not wrong to flag.
Settlement finality is also probabilistic on most permissionless chains. A transaction isn’t final — it’s statistically unlikely to be reversed. Courts and auditors need a definitive moment of settlement. “Probably fine after 12 blocks” doesn’t satisfy that requirement.
What permissioned blockchains actually offer
Permissioned blockchains — closed networks where participants are pre-approved — solve several of the problems above directly. Known identities and restricted access enable KYC and AML enforcement, auditing, and data privacy compliance at the network layer, not bolted on afterward.
Deterministic settlement finality is a genuine advantage. Because the validator set is controlled and known, permissioned systems can guarantee that a transaction is irrevocably complete at a specific moment — not statistically likely, actually final. For institutions processing billions in daily settlement, that distinction is not academic.
The real-world adoption is accelerating fast. SWIFT announced in September 2025 that it is building a blockchain-based shared ledger with more than 30 global financial institutions — including JPMorgan, HSBC, Deutsche Bank, and Bank of America — focused on real-time 24/7 cross-border payments. It is being built as a permissioned system. JPMorgan’s Onyx platform, already processing institutional repo settlements, is a permissioned blockchain. These aren’t pilots anymore — they’re production infrastructure.
Scalability and throughput are also better on permissioned systems, for the obvious reason that you’re not running consensus across an open global network of unknown participants. That efficiency gain matters for applications where transaction volume is high and latency must be low.
The real problems with permissioned systems
Here’s what the TradFi blockchain pitch leaves out: permissioned blockchains have a security problem that is less visible than DeFi exploits but arguably more fundamental.
Academic research has pointed out that in a closed, permissioned network, it is technically possible to recalculate all subsequent blocks, making altered blocks valid again. In a permissionless network, changing history requires outrunning the entire global network of validators. In a permissioned network, it requires compromising the consortium. That’s a much smaller attack surface — and one controlled by exactly the institutions that have the most to gain from manipulating records.
The trust problem is real. Permissioned blockchains ask you to trust that the approved participants aren’t colluding. That’s not a blockchain security model — it’s a consortium security model with a distributed ledger attached. Whether that’s meaningfully different from the existing financial system is a legitimate question.
Liquidity is also thinner in permissioned systems by design. Restricting participants restricts the pool of counterparties, which means less depth, fewer market makers, and worse price discovery than open networks with global participation. For institutions looking to use blockchain for asset tokenization and secondary market trading, that’s a structural disadvantage.
And innovation slows when the consortium controls what gets built. The DeFi primitives — automated market makers, flash loans, composable yield strategies — did not emerge from JPMorgan’s internal blockchain team. They emerged from an open system where anyone could experiment. Permissioned chains get stability and compliance. They give up the creative chaos that produced the most interesting financial instruments of the last decade.
Where this is actually heading
The binary framing — permissioned good, permissionless risky, or vice versa — is the wrong lens. The emerging pattern is enterprises building on permissionless chains for public-facing applications while running permissioned infrastructure for regulated back-office settlement. Coinbase’s Base chain. Figure Technology’s lending infrastructure on Provenance Blockchain. SWIFT’s interoperability layer explicitly designed to bridge private and public networks.
The more honest framing is: permissionless chains excel at open, global, composable financial infrastructure. Permissioned chains excel at regulated, high-volume, finality-guaranteed settlement between known counterparties. Neither does the other’s job well. The institutions that figure out how to use both — with clean interfaces between them — are the ones building the actual financial infrastructure of the next decade.
The choice isn’t ideology. It’s architecture. And the answer, increasingly, is both.
