Pooled accounts vs. Blend
| Pooled accounts (most apps) | Blend’s SMA model | |
|---|---|---|
| How funds are held | Everyone’s money in one pool | Each user gets their own Safe |
| What a hack means | Entire pool drained. Everyone loses. | Only the affected Safe is at risk. An attacker would need to break into thousands of Safes one by one. |
| Who controls the money | Often the platform or its admins | The user. They are the only signer on their Safe. |
| Can you screen one user? | No. On-chain, the pool is one address. | Yes. Every account is screened individually, before creation and on an ongoing basis. |
| Can you export one user’s history? | No. One ledger for everyone. | Yes. Every account keeps its own audit trail. |
| Whose property is it in a failure? | Contested. Pooled deposits have been ruled company property. | The user’s. Assets sit in their own Safe, verifiable on-chain. |
| What happens if the platform disappears | Users may lose access | Users keep full access through safe.global |
Think of it like having your own vault at the bank. Same bank, but only you have the key.
One address, every chain
Blend derives each user’s Safe address before deployment. The user gets the same address on every supported chain. That means one address to screen, one address to whitelist, and one address to reconcile. Your ops team sees a single identity per user across all supported chains.The custody test
The question that matters: can Blend move user assets outside the user’s mandate? It cannot. The mandate is the permission set granted up front: this user’s account, plus a whitelist of approved venues. Within the mandate, Blend routes capital without per-transaction signatures. That is the product. Outside the mandate, nothing moves. Not to an external address. Not to an unapproved venue. Not by Blend. Ever. This is not a policy choice. It is a structural property of the protocol, and you can verify it on-chain.Why isolation is the compliance foundation
You cannot attach a control to a slice of a pool. You can attach one to an account. Because every user has their own account, every control operates per user. Screening runs per account. The audit trail is per account. Caps and reporting are per account. That is what makes Blend’s compliance controls possible at all.Compliance Controls
See the controls that run on every account today.
Yield on Blend
The flagship product built on this account model.
Security
Five defense layers and the real failures they prevent.
Architecture
The contracts behind the account model.