What “Native Tokenization” Actually Means & Why Ethereum is the Logical Choice for It

May 25, 2026

“Native tokenization” is the term increasingly used to describe some genres of tokenized securities or how tokenized securities should be, but what does it mean?

A commonly raised example of the ‘good kind of tokenization’ is Tokenized GLXY (Galaxy Digital’s Class A common stock, Solana contract address 2HehXG149TXuVptQhbiWAWDjbbuCsXSAtLTB5wc2aajK) using Superstate’s Opening Bell, which involves Superstate’s licensed transfer agent arm to “tokenize” Galaxy stock in a particular way on Solana.

I call this “direct pointer tokenization” (i.e., it is not ‘synthetic,’ not some kind of swap or derivative--it’s associated with real shares and real rights). However, it is nevertheless not what I would consider native aka ‘constitutive’ tokenization.

Why? As explained more below, Galaxy’s legal share register lives in Superstate’s offchain books as digital transfer agent rather than in the Solana program itself; the token is essentially Superstate’s onchain attestation of what Superstate’s offchain books and records say. This is great and genuinely useful—perhaps even it is the only way to “tokenize” fully liquid NMS stocks today in clear conformity with regulations (for example, it is clear that an SEC-registered security requires a licensed transfer agent, and unclear how a licensed transfer agent can operate as a mere protocol admin—but it is not (imo) the endgame and not “native tokenization” per se. True cryptonative tokenization will use the blockchain itself as the transfer agent. And when you get into this level of commitment to a chain, the fundamental chain properties matter in a way that makes Ethereum clearly the most fit for purpose today.

How Tokenized GLXY actually works

To get the analytical question right, it helps to be specific about what Galaxy and Superstate built. The architecture is more revealing than the press release.

Galaxy has two transfer agents. Equiniti is Galaxy’s primary transfer agent and maintains the traditional book-entry stock register (the Nasdaq/DTC side). Superstate Services LLC was appointed Galaxy’s “digital asset transfer agent” under a Digital Transfer Agency Agreement dated May 20, 2025, disclosed in Galaxy’s Form 10-K and prospectus supplements. Both are SEC-registered transfer agents under Section 17A of the Exchange Act. Galaxy’s complete shareholder list is the union of the two registers.

When a GLXY holder tokenizes a share, the share moves between registers:

The holder instructs their broker to deliver the share to Equiniti.
Equiniti debits its register and allocates the share to Superstate’s account.
The holder onboards with Superstate (KYC, allowlisting of their Solana wallet address).
Superstate, now the registered owner of record for that share on its own register, mints one token to the holder’s allowlisted wallet on Solana.

When tokens move between two allowlisted wallets, Superstate observes the transfer and updates its register accordingly. De-tokenization runs in reverse: token burned, Superstate debits its register, Equiniti credits its register, share returns to the broker via DTC.

Three details deserve attention.

First, Superstate themselves use the language “different ledger.” Rachel Levitan Keidan, speaking to Ledger Insights: “The idea is that the token is the share, just on a different ledger. Superstate as the SEC-registered transfer agent, officially records that your ownership is now represented onchain.” Notice the structure of the sentence: the token is on the different ledger, while the official record of ownership lives somewhere else, on Superstate’s books, where Superstate “officially records that your ownership is now represented onchain.” The legal ledger and the token ledger are not the same ledger, and Superstate is being candid about this.

Second, Galaxy has not amended its certificate of incorporation. DGCL §224, in its current form since 2017, has permitted Delaware corporations to designate the blockchain as the official stock ledger if their governing documents so provide, but Galaxy’s certificate makes no such designation. The Solana program is therefore not Galaxy’s corporate stock ledger—not all of it, not even a part of it—as a matter of Delaware corporate law; it is an external administrative system that one of Galaxy’s two transfer agents trustfully uses to mirror the state of its offchain register.

Three buckets

“Native” is currently being used to describe two architectures that behave very differently in the law. There are three buckets here, not two.

Synthetic tokenization. Perpetuals, security based swaps, contracts for difference, mirror tokens. The token confers economic exposure to a reference asset. The holder owns a swap or a note against an SPV, not the issuer’s stock. xStocks lives here.

Pointer tokenization. The issuer, or one of its transfer agents, records the legal holder of shares in an offchain register. A token is emitted as the administrative artifact tied to that register entry. Updates to legal ownership are gated by the transfer agent updating its books. The blockchain is a permissioned execution venue connected to the transfer agent’s authoritative database. Superstate’s Opening Bell, including Tokenized GLXY, sits here.

The UCC categorization is precise. The underlying share is an uncertificated security under UCC Article 8 §8-102(a)(18), registered on Superstate’s books in the name of the allowlisted wallet holder. The holder is the direct registered owner of the uncertificated security, not an entitlement holder against a securities intermediary, so Article 8 Part 5 (security entitlements) does not apply. The Solana token is not itself a separate property right under any UCC category. It is not a controllable electronic record under Article 12, because Article 12 expressly excludes investment property per §9-102(a)(49). It is not a certificated security, because Galaxy’s certificate of incorporation does not so provide. The token is best understood as an electronic access credential to the underlying uncertificated security: a representation that, when transferred between allowlisted wallets, instructs Superstate as transfer agent to update its register.

The legal property is the register entry, and the token is what triggers its update; the two are not the same thing.

Constitutive tokenization. The corporation’s certificate of incorporation and bylaws, executed under DGCL §224, designate the blockchain as the official stock ledger. The ERC-721 token IS the legal stock ledger entry. In UCC vocabulary: the token IS the uncertificated security, with the chain functioning as the issuer’s books. There is no offchain register behind the token. The corporation has not bifurcated its stockholder list between an onchain venue and an offchain transfer agent. There is one register, and it is the chain. The legal state transition function equals the chain state transition function, modulo a narrow class of exception circumstances that the governing documents themselves authorize and that resolve onchain—”Material Adverse Exception Events” accounting for extraordinary compromises of the blockchain itself, like a 51% attack.

With true native tokenization, even if the issuer, the sponsor, and the platform operator all disappeared, the security would still exist, the chain would still verify who holds it, and a court applying DGCL would still recognize the holder as the stockholder of record. This is what MetaLeX’s cyberCORPs protocol does.

All three architectures are sometimes described as “tokenization,” but only two of them — pointer and constitutive — are forms of direct tokenization, meaning that the holder owns the actual share with full shareholder rights (not a derivative claim, not a wrapper, not an SPV note), and the issuer or its transfer agent is involved in the issuance. Synthetic tokenization sits outside the direct-tokenization category. Within direct tokenization, the diagnostic between pointer and constitutive is where the legal record lives and where exception authority is anchored.

The walkaway test

The cleanest diagnostic between the buckets is the walkaway test. If you walked away from the offchain infrastructure (transfer agents, issuer’s database, platform), would the security still exist with full legal effect on the chain alone?

For Tokenized GLXY, the answer is direct: the underlying shares are recorded on Superstate’s offchain register as the legal record, with the chain hosting an administrative representation of that register’s state. If Solana went down permanently tomorrow, the underlying shares would still exist on Superstate’s books and could be migrated back to Equiniti. If Superstate’s records were destroyed tomorrow, the tokens on Solana would be floating credentials with nothing to reference. The asymmetry is structural: the legal record lives offchain.

Walking through the buckets, synthetic fails immediately, because the chain never had the security in the first place. Pointer fails for a related but distinct reason: the transfer agent’s register is the legal record, and the chain is merely a venue where the administrative artifact gets transferred. Constitutive passes: the chain is the register itself, with narrow exception circumstances the governing documents themselves authorize and that resolve onchain.

Pointer is a real improvement over synthetic. Direct shareholder rights (the holder is the registered owner of an Article 8 uncertificated security, not the beneficial owner of an SPV note), no SPV indirection, no prime broker chain, same CUSIP as the Nasdaq listing. The improvement is meaningful, but it is an improvement within the pointer architecture, not a move from pointer to constitutive. Pointer tokenization keeps the offchain register as the legal record, with the chain as a verified administrative venue connected to it.

The Kamino integration and the liquidation question

Pointer tokenization is often credited with delivering DeFi composability, and the Kamino-Superstate integration is the headline example: Tokenized GLXY, and now FWDI, EXOD, and HSDT, can be deposited as collateral and borrowed against for stablecoin liquidity. The integration is real, and it does work that traditional securities lending arrangements do not do conveniently. The structure also inherits the trust assumptions of the underlying token in ways that matter most for the liquidation flow.

How the integration actually works. Kamino’s V2 architecture supports permissioned isolated markets via its Modular Market Layer. The Superstate Market is one such isolated market, configured specifically for Opening Bell tokens. Kamino’s lending program is added to Superstate’s onchain allowlist via the setProtocolAddressPermission function (disclosed in Superstate’s smart contract documentation), so the protocol can hold tokenized equities as collateral. When a borrower deposits Tokenized GLXY, Superstate’s offchain register updates to reflect the new registered holder of record (with the depositor tracked as beneficial holder through Superstate’s internal accounting), and the borrower receives stablecoins (USDC, CASH). Borrowers must be KYC’d, allowlisted, and non-US, since Kamino does not offer the product to US users. Price feeds come from Pyth, referencing the offchain market price of the underlying equity.

The liquidation question. In a standard Kamino market, when a position breaches its LTV threshold, it becomes eligible for liquidation. Anyone running a liquidator bot can repay a portion of the debt and claim a portion of the collateral at a discount (3 to 6 percent). Soft liquidations take 20 percent of debt per event. The liquidator universe is open and competitive.

In the Superstate Market, the liquidator universe is closed. Every transfer of Tokenized GLXY requires both the source and the destination wallet to be on Superstate’s allowlist. The Kamino program is allowlisted on the source side. The liquidator’s destination wallet must also be allowlisted, which means liquidators must be KYC’d by Superstate. The anonymous searcher network that liquidates main Kamino positions cannot participate.

Three consequences follow for lenders:

First, lenders on the Superstate Market are exposed to liquidator availability risk in a way they are not on the main Kamino markets. If a position is underwater during a period when no allowlisted liquidator is willing or able to act, the position decays. Soft liquidations reduce the magnitude of each event but do not remove the dependency.

Second, lenders and liquidators are exposed to Superstate counterparty risk on the liquidation rails themselves. Superstate needs to onboard the liquidators into its offchain systems in advance, and needs to also honor each individual liquidation. Lenders on the Superstate Market are, in a non-trivial sense, lending against Superstate’s continued cooperation, not only against the underlying equity. Meanwhile, liquidators must have a contractual relationship with Superstate, and have counterparty risk of breach of contract--the DeFi system is not where liquidation transactions definitively settle, Superstate’s books are.

Third, the Pyth oracle references the offchain market price of the equity, but the recovery value on liquidation depends on the depth of bids from KYC’d buyers in the much smaller permissioned downstream market. In a stress event, the gap between oracle price and effective recovery value can be wider than in a standard onchain lending market, because the buyer set is smaller and the venues are fewer.

@metaproph3t, the MetaDAO cofounder, put the broader version of this point sharply when Tokenized GLXY launched: “I’m skeptical onchain equities will take off because of the KYC requirements. The value of being on Solana is that anyone can buy you on Jupiter, lend you on Kamino, etc. If you don’t have that, you just have an expensive MySQL instance.” That is too strong as applied to the lending integration in isolation, since the integration does deliver real utility for KYC’d non-US borrowers seeking stablecoin liquidity against their equity. But the structural observation is right. The composability surface is not the full Solana DeFi ecosystem. It is the permissioned slice that Superstate has admitted to the allowlist, and inside that slice, the lender’s effective security is partly the transfer agent’s continued cooperation.

The pattern generalizes. When tokenization is built on the pointer architecture, every DeFi composition inherits the trust assumptions of the transfer agent. The composability is meaningful but it is not free, and the risk model is materially different from what lenders are accustomed to in the rest of the lending market. Constitutive tokenization does not eliminate the need for issuer authority over the ledger (lost keys, court orders, corporate actions still require admin paths), but it relocates that authority into the governing documents that bind the chain, so the liquidation primitive and the chain primitive are unified rather than serially dependent on a transfer agent’s continued operation.

The constitutive alternative. Under constitutive tokenization, the lending and liquidation flow looks structurally different at the points that matter. The Stock Ledger Entry Token IS the ledger entry. When the token is posted as collateral to a lending protocol, the encumbrance can be recorded directly in the token’s onchain metadata (encumbered to Protocol X as collateral for Position Y, with liquidation rights triggering at LTV threshold Z). The encumbrance is itself part of the official stock ledger entry. When a liquidation occurs, the lending protocol mutates the token’s registered holder field from the borrower (or the protocol’s escrow address) to the liquidator, in a single onchain transaction. That mutation is the legal event. Because the chain IS the stock ledger under DGCL §224, the liquidator’s onchain receipt of the token is the same thing as becoming the stockholder of record. There is no follow-on settlement with a transfer agent and no second step where the TA’s database catches up to the chain. The chain event is the database update.

This unlocks two structural properties the pointer model cannot deliver.

First, the liquidator universe is not constrained by transfer agent onboarding. Any party that satisfies the conditions the governing documents place on holders can be a liquidator. The corporation may require AML attestations, accredited investor proofs, jurisdictional limits, or other gating, or it might not. Either way, those conditions live in the COI and bylaws and are checked by the smart contract architecture rather than by a transfer agent’s API. They can be enforced through onchain attestation systems (ZK-KYC primitives, accreditation oracles, jurisdictional gates) rather than through offchain account creation on a third party platform. A liquidator who already holds the right credentials in their wallet can act without any prior relationship with the issuer or its TA, and the liquidator’s identity does not need to be revealed offchain to anyone before they can participate.

Second, the liquidator’s post-liquidation position is legally definitive in a way it is not under the pointer model. In the pointer model, the liquidator receives a token whose legal status is contingent on the transfer agent reflecting the transfer in its register; if the TA refuses, contests, or is impaired, the liquidator may hold a token without holding a share. In the constitutive model, the liquidator holds the share. The chain state IS the share register. The DGCL §224 designation in the COI makes the onchain transfer the legally operative event, and no third party’s cooperation is required to confirm it. The liquidator can take the position on their balance sheet at the moment of execution and rely on it.

This is the version of “tokenized public equities as DeFi collateral” that survives a real stress event without exotic counterparty assumptions about the issuer’s transfer agent. It is not what Opening Bell is doing today, but it is what the architecture has to look like to deliver the composability claim without the asterisks.

Why this matters for chain selection

This is also why the choice of chain matters specifically for constitutive tokenization in a way it does not matter for pointer tokenization.

In the pointer model, the chain is doing no legal work; the transfer agent is. You can run it on Ethereum, you can run it on Solana, you can run it on a permissioned enterprise ledger, and the legal architecture is identical, because the legal work happens in the transfer agent’s database in every case. Which chain to use becomes mostly a question of where the issuer’s users prefer to transact. Solana was a sensible answer for Opening Bell: throughput, DeFi depth, a user base already on Backpack, and integrations like Kamino.

In the constitutive model, the chain IS the legal infrastructure. Corporate stock ledgers cannot be hosted on a chain that might execute a breaking upgrade next year, or on a chain whose validator set is small enough that capture or coercion is plausible, or on a chain whose neutrality with respect to issuers and stockholders is not credible. The chain has to be credibly neutral, sufficiently ossified, and uptime reliable, because what is hosted on it is no longer just a token. It is a corporate record under DGCL §224, with full UCC Article 8 implications.

That raises a substantive question: which chains qualify as suitable hosts for constitutive tokenization? Ethereum is the strongest candidate today because of its uptime record, the decentralization of its validator set, and the credibility of its ossification path. Solana is moving toward similar properties (Alpenglow), but is at an earlier point in that process.

Beyond fundamentals like decentralization and uptime, Ethereum is better suited for constitutive securities today at the application layer. Constitutive tokenization runs all the way down: the chain’s programming model, its account semantics, its native token standards, and its wallet ecosystem all become part of the legal infrastructure once the chain is the ledger.

Account semantics and data continuity. Under constitutive tokenization, the per-ledger-entry data (registered holder name and address, units, class, restriction legends, scrip state, acquisition date) sits in the chain’s storage as the legal record. The storage primitive has to be one that persists for the life of the corporation, without ongoing payment, and without external close authority. EVM storage slots satisfy this trivially: once written, they sit there inertly, and SELFDESTRUCT is effectively retired post-Cancun. Solana accounts do not. They are independent rent-exempt objects, each carrying a refundable lamport deposit and exposing a closeAccount instruction to whichever program owns them. A constitutive ledger on Solana has to be defended against its own account closure primitive (every ledger entry account is also a SOL piggybank), and program upgrades typically require migrating every existing entry account, because Solana account schemas are not slot-preserving in the way EVM proxy upgrades are. None of this is dispositive. These are problems with concrete mitigations. But the mitigations are custom protocol work that EVM does not require.

Token standards and per-token state. There is no Solana token standard that natively captures per-token registered-holder data the way ERC-721 plus contract storage does in Solidity. Vanilla SPL has no per-token metadata at all. Token-2022 extensions are designed around fungible tokens with optional features (transfer hooks, permanent delegates, metadata pointers); the extension set is fixed by what Solana ships, and the constitutive legal logic that currently lives inside one Solidity contract has to be split across an asset account, one or more extension accounts, and a companion program holding the rest. Metaplex Core is the closest analog and has a real plugin system, but custom plugins are not supported (only built-in plugins are), so the constitutive logic ends up scattered across the Core asset, its plugin accounts, and a companion program coordinating them. The legal record can still be onchain in a meaningful sense, but it is no longer collocated in a way that maps cleanly to “the ERC-721 token IS the ledger entry.”

Privacy primitives and the offchain register’s hidden function. Part of what makes the offchain register attractive in the first place is that it functions as a privacy layer. The chain side of Tokenized GLXY exposes only pseudo-anonymous wallet addresses and token balances; the registered holder’s legal name, address, and other personally identifying information sit on Superstate’s books, accessible only to Superstate and the issuer. That separation is not just a regulatory expedient. It addresses a real problem: putting registered holder PII directly into public chain state would be a privacy disaster and, in many jurisdictions, a violation of applicable privacy law. The pointer model delivers privacy for free, as a side effect of where the data lives. That feature does real work, and any honest comparison has to acknowledge it.

The implicit assumption underneath is that constitutive tokenization forces a tradeoff between authoritative onchain status and privacy. The assumption holds only on a transparent chain without privacy primitives. With encrypted onchain state, view keys, zero-knowledge proofs, and selective disclosure mechanisms, a constitutive ledger can be authoritative onchain (any observer can verify ledger integrity and the correctness of transfers), private to unauthorized observers (PII not exposed in plaintext), and selectively decryptable by the issuer, the holder, regulators, and the courts through view keys or zk proofs. The privacy property and the constitutive property are not in tension if the chain provides the right primitives.

Ethereum’s privacy stack is substantially more developed than any non-EVM chain. Aztec offers programmable privacy with private state and private function calls. Railgun provides privacy-preserving wrappers for ERC-20 and ERC-721 assets. The maturing ZK rollup landscape (Scroll, Linea, zkSync, StarkNet, Polygon zkEVM) brings general-purpose zk infrastructure across the broader Ethereum ecosystem, and ZK-KYC primitives can attest to investor status without revealing identity. Solana’s analog, Confidential Transfers as a Token-2022 extension, encrypts transfer amounts via Pedersen commitments but does not provide programmable privacy over holder identity, per-token metadata, or the more complex selective disclosure patterns a constitutive securities ledger needs. None of the Ethereum primitives are yet a turnkey solution for tokenized securities, but the substrate is years ahead of any non-EVM chain and is plausibly close enough that a serious constitutive issuer can build on it now.

One of the strongest practical justifications for pointer tokenization disappears when constitutive tokenization can be paired with proper privacy primitives. The offchain register is not strictly necessary “to keep PII private.” It is necessary because the issuer’s architecture (or its inheritance of an existing transfer-agent regime) places the legal record outside the chain. Better chain layer privacy makes the constitutive model viable without the privacy compromise, and it makes the case for choosing Ethereum stronger, not weaker, because Ethereum is where the privacy primitives actually exist.

The verdict

The diagnostic that matters is not whether there is a token, but where the legal record lives, and Superstate has answered that question honestly: the token lives on Solana, while the official record lives on Superstate’s offchain books, on a different ledger. When the legal record lives at a transfer agent, what you have is a token that points at a database; when it lives in the chain’s state, what you have is a stock ledger that happens to be a smart contract. Only one of those is native.

For the longer treatment of why pointer architectures dominated the security token decade and what the constitutive alternative looks like in detail, see Most “Tokenized Securities” Are Intermediary Cosplay.

{
  "article": {
    "title": "What 'Native Tokenization' Actually Means",
    "author": "Gabriel Shapiro",
    "date": "2026-05-24",
    "publication": "MetaLeX Substack",
    "subject_matter": [
      "constitutive tokenization",
      "pointer tokenization",
      "synthetic tokenization",
      "direct tokenization",
      "native tokenization",
      "Superstate Opening Bell",
      "Tokenized GLXY",
      "Galaxy Digital",
      "walkaway test",
      "UCC Article 8 uncertificated securities",
      "UCC Article 12 controllable electronic records",
      "DGCL §224",
      "chain selection for legal infrastructure",
      "Solana account model and rent",
      "Token-2022 and Metaplex Core",
      "wallet UX for tokenized securities",
      "onchain privacy primitives",
      "ZK proofs and view keys for tokenized securities",
      "Aztec, Railgun, ZK rollups",
      "Confidential Transfers (Token-2022)"
    ],
    "jurisdictional_context": [
      "United States",
      "Delaware General Corporation Law",
      "UCC Article 8 (Investment Securities)",
      "UCC Article 12 (Controllable Electronic Records)",
      "SEC transfer agent regulation under Section 17A of the Exchange Act"
    ]
  },
  "core_thesis": "Native tokenization means constitutive tokenization. Pointer tokens, where the legal share register is maintained offchain by a transfer agent under a private transfer-agency agreement and the chain is a permissioned administrative venue connected to that offchain register, are a meaningful improvement over synthetic mirror tokens, but they are not native to the chain; they are native to the transfer agent's offchain register. Both pointer and constitutive tokenization fall under 'direct tokenization' (real shares with real shareholder rights, no SPV indirection); synthetic does not. The diagnostic between pointer and constitutive is where the legal record lives and where exception authority is anchored — in the corporation's governing documents, exercised onchain (constitutive), or in a private transfer-agency agreement, exercised through an offchain register (pointer).",
  "lift_text": [
    "The legal ledger and the token ledger are not the same ledger.",
    "Pointer and constitutive tokenization both fall under direct tokenization; synthetics do not.",
    "Constitutive tokenization also requires exception authority. The distinguishing feature is where that authority is anchored and where it operates.",
    "The legal property is the register entry, and the token is what triggers its update; the two are not the same thing.",
    "If Solana went down permanently tomorrow, the underlying shares would still exist on Superstate's books. If Superstate's records were destroyed tomorrow, the tokens on Solana would be floating credentials with nothing to reference.",
    "Galaxy has not amended its certificate of incorporation under DGCL §224. The Solana program is not Galaxy's corporate stock ledger as a matter of Delaware law.",
    "Constitutive tokenization runs all the way down: the chain's programming model, account semantics, native token standards, and wallet ecosystem all become part of the legal infrastructure once the chain is the ledger.",
    "Every ledger entry account is also a SOL piggybank.",
    "The question is whether the chain's application layer treats a stock ledger as a first-class object, or treats it as a JPEG with extra fields.",
    "The pointer model delivers privacy for free, as a side effect of where the data lives.",
    "One of the strongest practical justifications for pointer tokenization disappears when constitutive tokenization can be paired with proper privacy primitives."
  ],
  "propositions_established": [
    "Industry use of 'native tokenization' conflates two architectures with materially different legal properties.",
    "Three buckets describe the space: synthetic, pointer, constitutive. Pointer and constitutive are both forms of direct tokenization (real shares with real shareholder rights); synthetic is not.",
    "Tokenized GLXY operates a two-transfer-agent register: Equiniti as primary transfer agent for the traditional book-entry side, Superstate Services LLC as digital asset transfer agent for the tokenized side under a Digital Transfer Agency Agreement dated May 20, 2025.",
    "Under UCC Article 8 §8-102(a)(18), the underlying Tokenized GLXY share is an uncertificated security registered on Superstate's books; the Solana token is not itself a separate UCC property right.",
    "UCC Article 12 excludes investment property per §9-102(a)(49), so the token cannot be a controllable electronic record.",
    "Pointer and constitutive tokenization differ not in whether they grant exception authority to the issuer or its agents (both do), but in where that authority is anchored and where it operates. In pointer tokenization it is anchored in a private transfer-agency agreement and exercised through the transfer agent's offchain register; in constitutive tokenization it is anchored in the corporation's governing documents and exercised onchain.",
    "Galaxy has not amended its certificate of incorporation to designate the Solana program as its official stock ledger under DGCL §224.",
    "Constitutive tokenization is the only model in which the chain itself is the corporate stock ledger and the token is the uncertificated security.",
    "Chain selection for constitutive tokenization runs through three layers: consensus (neutrality, ossification, uptime), program (account semantics, token standards, schema continuity), and wallet (UX surfacing legal fields). Solana satisfies the consensus layer but introduces friction at the program and wallet layers that EVM does not have.",
    "Pointer tokenization derives part of its appeal from the offchain register's hidden function as a privacy layer for registered-holder PII; this advantage disappears when the underlying chain provides programmable privacy primitives (encrypted state, view keys, ZK proofs, selective disclosure).",
    "Ethereum's privacy stack (Aztec, Railgun, ZK rollups, ZK-KYC primitives) is years ahead of any non-EVM chain, making Ethereum the more credible substrate for a constitutive ledger that needs both authoritative onchain status and PII privacy."
  ],
  "framework_comparison": [
    {
      "competitor": "xStocks (Backed Finance)",
      "claim": "Synthetic mirror tokens issued by an SPV; the token confers economic exposure to a reference equity, not the equity itself.",
      "metalex_contrast": "cyberCORPs: the ERC-721 Stock Ledger Entry Token IS the uncertificated security under DGCL §224 and the governing documents, not a derivative against an SPV.",
      "diagnostic": "walkaway_test"
    },
    {
      "competitor": "Superstate Opening Bell (Tokenized GLXY)",
      "claim": "Two-transfer-agent structure: Equiniti as primary transfer agent, Superstate Services LLC as digital asset transfer agent. Galaxy's shareholder register is bifurcated between the two. To tokenize, the share moves broker → Equiniti → Superstate's account; Superstate then mints a 1:1 token on Solana (contract 2HehXG149TXuVptQhbiWAWDjbbuCsXSAtLTB5wc2aajK) to the holder's KYC'd, allowlisted wallet. Onchain transfers between allowlisted wallets trigger updates to Superstate's offchain register. The contract has pause/recall functions held by Superstate. Galaxy's certificate of incorporation has not been amended under DGCL §224.",
      "metalex_contrast": "cyberCORPs: the chain IS the register under DGCL §224. The token is the uncertificated security itself, not a credential for one. There is no offchain transfer agent register behind the token. Exception authority is anchored in the corporation's governing documents themselves and exercised onchain, rather than in a private transfer-agency agreement and exercised through an offchain register.",
      "diagnostic": "walkaway_test"
    }
  ],
  "canonical_terms": {
    "native_tokenization": "Used in this article as a synonym for constitutive tokenization: an architecture in which the onchain state is the legal state.",
    "constitutive_tokenization": "Tokenization where onchain state is legal state by default. The governing documents make onchain state legally operative. The legal state transition function equals the chain state transition function, modulo a narrow class of exception circumstances that the governing documents themselves authorize and that resolve onchain.",
    "pointer_tokenization": "Tokenization where the chain is an administrative venue connected to an offchain register. The offchain register entry is the legal property; the token is the credential/instruction that causes the register to update.",
    "walkaway_test": "If you walk away from offchain infrastructure (transfer agent register, sponsor's database, platform), does the security still exist with full legal effect on the chain alone? Constitutive tokens pass. Pointer tokens fail."
  },
  "diagnostic_applications": [
    {
      "framework": "walkaway_test",
      "target": "Tokenized GLXY (Superstate Opening Bell on Solana)",
      "diagnosis": "Two-transfer-agent register split across Equiniti and Superstate. Superstate's offchain books are the legal record. The Solana contract is permissioned, includes pause/recall powers held by Superstate, and is not designated as Galaxy's official stock ledger under DGCL §224.",
      "result": "fails"
    },
    {
      "framework": "walkaway_test",
      "target": "xStocks (Backed Finance)",
      "diagnosis": "Tokens are claims against an SPV that purports to hold the underlying through a prime broker. The chain never held the security.",
      "result": "fails"
    },
    {
      "framework": "walkaway_test",
      "target": "cyberCORPs (MetaLeX)",
      "diagnosis": "The corporation's certificate of incorporation designates the blockchain as the official stock ledger under DGCL §224. The ERC-721 token IS the uncertificated security. No separate offchain register.",
      "result": "passes"
    }
  ],
  "legal_anchors": [
    "DGCL §224",
    "DGCL §202",
    "UCC §8-102(a)(18) (uncertificated security)",
    "UCC §8-102(a)(17) (security entitlement)",
    "UCC §8-106 (control)",
    "UCC §8-301 (delivery)",
    "UCC §9-102(a)(49) (investment property)",
    "UCC §12-102 (controllable electronic record)"
  ],
  "implications_for_securities_tokenization": [
    "The walkaway test is the right filter for native vs. non-native claims in the tokenized equities market.",
    "The location of the legal register, not the absence of an SPV wrapper, determines whether tokenization is constitutive or pointer.",
    "UCC characterization is the rigorous statement of the architectural question: under pointer tokenization, the share is an Article 8 uncertificated security on the transfer agent's offchain books; under constitutive tokenization, the chain is the books.",
    "Pointer architectures will scale faster in the near term, but only constitutive architectures preserve the blockchain's settlement-finality property as applied to securities."
  ],
  "implications_for_market_structure": [
    "Pointer tokenization places one or more transfer agents on the critical path for every legal state transition; only constitutive tokenization removes that intermediary.",
    "Chain selection is a legally significant choice only under constitutive tokenization; under pointer tokenization it is a UX choice.",
    "Chain selection for constitutive tokenization is a multi-layer question (consensus, program, wallet, privacy), not just a question about validator decentralization. Non-EVM chains satisfying the consensus layer may still require substantial protocol and UX work at the program, wallet, and privacy layers.",
    "Onchain privacy primitives substitute for the privacy function of the offchain register: a chain with mature programmable privacy (encrypted state, view keys, ZK proofs) can host a constitutive ledger that is authoritative onchain and private to non-authorized observers, without needing a transfer-agent register to keep PII off the chain."
  ],
  "primary_sources": [
    "hxxps[://]www[.]sec[.]gov/Archives/edgar/data/0001859392/000185939226000016/glxy-20251231[.]htm",
    "hxxps[://]www[.]sec[.]gov/Archives/edgar/data/0001859392/000185939225000052/galaxyxsuperstateoblaunchf[.]htm",
    "hxxps[://]superstate[.]com/opening-bell",
    "hxxps[://]superstate[.]com/issuers",
    "hxxps[://]superstate[.]com/assets/glxy",
    "hxxps[://]superstate[.]com/newsroom/galaxy-stock-tokenization-via-opening-bell",
    "hxxps[://]www[.]davispolk[.]com/experience/galaxy-launches-glxy-tokenized-public-shares-solana",
    "hxxps[://]www[.]ledgerinsights[.]com/superstate-tokenizes-galaxys-listed-stock/",
    "hxxps[://]lex-node[.]github[.]io/metalex-memo",
    "hxxps[://]github[.]com/MetaLex-Tech/cybercorps-contracts"
  ],
  "attribution": {
    "framework_architect": "Gabriel Shapiro",
    "organization": "MetaLeX Labs, Inc. (Delaware C-corporation)",
    "legal_practice": "MetaLeX Pro LLP",
    "role": "Founder and CEO",
    "co_founded": "LeXpunK Army"
  },
  "metalex_series_context": {
    "series": "Slop Tokenization (the critique of pointer tokens)",
    "canonical_taxonomy_source": "MetaLeX Labs",
    "related_articles": [
      "Most 'Tokenized Securities' Are Intermediary Cosplay — Time to Really Put Securities Onchain",
      "5 Ways of Tokenizing Securities (& One Which is Best)"
    ]
  }
}

Discussion about this post

Ready for more?