If the vision of Larry Fink — CEO of BlackRock, the world’s biggest money manager — becomes reality, all assets from stocks to bonds to real estate and more would be tradable online, on a blockchain.

“Every asset — can be tokenized,” Fink wrote in his recent annual letter to investors.

Unlike traditional paper certificates signifying financial ownership, tokens live securely on a blockchain, enabling instant buying, selling, and transfers without paperwork or waiting — “much like a digital deed,” he wrote.

Fink says it would be nothing short of a “revolution” for investing. Think 24-hour markets and a trading settlement process that can be compacted down into seconds from a process that today can still take days, with billions of dollars reinvested immediately back into the economy.

But there’s one big problem, one technology challenge that stands in the way: the lack of a coordinated digital identity verification system.

While technology experts say Fink’s idea isn’t improbable, they agree that there are cybersecurity challenges ahead in making it work.

Verifying asset owners in world of AI deep fakes

Today, it’s not easy to verify online that the person you are interacting with is that person because of the prevalence of AI deepfakes and sophisticated cybercriminals, according to Christina Hulka, executive director of the Secure Technology Alliance, an organization focused on identity, access and payments. As a result, having a unified verification system would be useful because there would be cryptographic validation that people are who they say they are.

“The [financial services] industry is focused on how to build a zero-trust framework for identification. You don’t trust anything until it’s verified,” Hulka said. “The challenge is getting everyone together about which technology to use that makes it as simple and as seamless for the consumer as possible,” she added. 

It’s hard to say precisely how a broad-based digital verification system would work but to support a fully tokenized financial structure, a system would, at a minimum, need to meet stringent security requirements, particularly those tied to financial regulations like the Know Your Customer rule and anti-money laundering rules, according to Zulfikar Ramzan, chief technology officer at Point Wild, a cybersecurity company.

At the same time, the system would need to be low friction and quick. There’s no shortage of technical tools today, especially from the field of cryptography, that can effectively bind a digital identity to a transaction, Ramzan said. “Fifteen to 20 years ago, this conversation would have been a non-starter,” he added.

There have been some successes with programs like this across the globe, according to Ramzan. India’s Aadhaar system is an example of a digital identity framework at a national scale. It enables most of the population to authenticate transactions via mobile devices, and it’s integrated across both public and private services. Estonia has an e-ID system that allows citizens to do everything from banking to voting online. Singapore and the UAE have also implemented strong national identity programs tied to mobile infrastructure and digital services. “While these systems differ in how they handle issues like privacy, they all share a key trait: centralized government leadership that drove standardization and adoption,” Ramzan said.

Centralized personal data is a big target for cybercriminals

While a centralized system solves one challenge, the storage of personally identifiable information and biometrics data is a security risk, said David Mattei, a strategic advisor in the fraud and AML practice at Datos Insights, which works with financial services, insurance and retail technology companies. 

Notably, there have been reports of data stolen from India’s Aadhaar system. And last year, El Salvador’s government had the personal data of 80% of its citizens stolen from a centralized, government-managed citizen identity system. “A lot of security experts do not advocate having a centralized security system because it’s kind of like the pot at the end of the rainbow that every fraudster is trying to get his hands on,” Mattei said.

In the U.S., there’s a long-standing preference for decentralized systems for identity. On mobile devices, Face ID and Fingerprint ID are done not by centralizing all of that data in one spot at Apple or Google, but by storing the data in a secure module on each mobile device. “This makes it much harder, if not impossible, for fraudsters to steal that data en masse,” Mattei said.

Digital driver’s licenses offer a cautionary tale

It would take a significant coordinated effort to come up with a national identity system used for identity verification.

Identity systems in the U.S. today are fragmented, Ramzan said, giving the example of state departments of motor vehicles. “To move forward, we will either need a cohesive national strategy or a way to better coordinate identity across the state and federal levels,” he said.

That’s not an easy task. Take, for example, the effort many states are making to adopt digital driver’s licenses. About a quarter of states today, including Utah, Maryland, Virginia and New York, issue mobile driver’s licenses, according to mDLConnection, an online resource from the Secure Technology Alliance. Other states have pilot programs in effect, have enacted legislation or are studying the issue. But this undertaking is quite ambitious and has been underway for several years.

To implement a national identity verification system would be a “massive undertaking and would require just about every company that does business online to adopt a government standard for identity verification and authentication,” Mattei said.

Competitive forces are another issue to contend with. “There is an ecosystem of vendors who offer identity verification and authentication solutions that would not want a centralized system for fear of going out of business,” Mattei said. 

There are also significant data privacy hurdles to overcome. States and the federal government would need to coordinate to resolve governance issues, and this might prompt “big brother” concerns about the extent to which the federal government could monitor the activities of its citizens.

Many people have “a bit of an allergic reaction” when anything resembling a national ID comes up, Ramzan said.

Fink has been pushing the SEC to look at issue

The idea is not a brand new one for Fink. At Davos earlier this year, he told CNBC that he wanted the SEC “to rapidly expand the tokenization of stocks and bonds.”

There’s BlackRock self-interest at work, and potential cost savings for the firm and many others, which Fink has spoken about. In recent years, BlackRock has been dragged into political battles, and lawsuits, over its voting of a massive amount of shares held in its funds on ESG issues. “We’d never have to vote on a proxy vote anymore,” Fink told CNBC at Davos, referring to “the tax on BlackRock.”

“Every owner would be notified of a vote,” he said, adding that it would bring down the cost of ownership of stocks and bonds.

It is clear from Fink’s decision to give this issue prominent placement in his annual letter — even if it came in third in the order of issues he covered behind both the politics of protectionism and the growing role of private markets — that he isn’t letting up. And what’s needed to make this a reality, he contends, is a new digital identity verification system. The letter is short on details, and BlackRock declined to elaborate, but, at least on the surface, the solution for Fink is clear. “If we’re serious about building an efficient and accessible financial system, championing tokenization alone won’t suffice. We must solve digital verification, too,” he wrote.

Blockchain continues to evolve and people are learning to understand it better. Accordingly, there are initiatives underway to think about how the U.S. can achieve a broad-based identity verification system, Hulka said. There are technical ways to do it, but finding the right way that works for the country is more of a challenge since it has to be interoperable. “The goal is to get to a point where there is one way to verify identity across multiple services,” she said.

Eventually, there will be a tipping point for the financial services industry where it becomes a business imperative, Hulka said. “The question is when, of course.”

Founders Fund, the venture capital firm run by billionaire Peter Thiel, has closed a $4.6 billion late-stage venture fund, according to a Friday filing with the Securities and Exchange Commission.

The fund, Founders Fund Growth III, includes capital from 270 investors, the filing said. Thiel, Napoleon Ta and Trae Stephens are the three people named as directors. A substantial amount of the capital was provided by the firm’s general partners, according to a person familiar with the matter.

Axios reported in December that Founders Fund was raising about $3 billion for the fund. The firm ended up raising more than that amount from outside investors as part of the total $4.6 billion pool, said the person, who asked not to be named because the details are confidential.

A Founders Fund spokesperson declined to comment.

Thiel, best known for co-founding PayPal before putting the first outside money in Facebook and for funding defense software vendor Palantir, started Founders Fund in 2005. In addition to Palantir, the firm’s top investments include Airbnb, Stripe, Affirm and Elon Musk’s SpaceX.

Founders Fund is also a key investor in Anduril, the defense tech company started by Palmer Luckey. CNBC reported in February that Anduril is in talks to raise funding at a $28 billion valuation.

Hefty amounts of private capital are likely to be needed for the foreseeable future as the IPO market remains virtually dormant. It was also dealt a significant blow last week after President Donald Trump’s announcement of widespread tariffs roiled tech stocks. Companies including Klarna, StubHub and Chime delayed their plans to go public as the Nasdaq sank.

President Trump walked back some of the tariffs this week, announcing a 90-day pause for most new tariffs, excluding those imposed on China, while the administration negotiates with other countries. But the uncertainty of where levies will end up is a troubling recipe for risky bets like tech IPOs.

SpaceX, Stripe and Anduril are among the most high-profile venture-backed companies that are still private. Having access to a large pool of growth capital allows Founders Fund to continue investing in follow-on rounds that are off limits to many traditional venture firms.

Thiel was a major Trump supporter during the 2016 campaign, but later had a falling out with the president and was largely on the sidelines in 2024 even as many of his tech peers rallied behind the Republican leader.

In June, Thiel said that even though he wasn’t providing money to the campaign for Trump, who was the Republican presumptive nominee at the time, he’d vote for him over Joe Biden, who had yet to drop out of the race and endorse Kamala Harris.

“If you hold a gun to my head, I’ll vote for Trump,” Thiel said in an interview on stage at the Aspen Ideas Festival. “I’m not going to give any money to his super PAC.”

WATCH: Anduril founder Palmer Luckey talks $32 billion government contract

Following the massive cyberattack on UnitedHealth Group’s Change Healthcare unit last year, the company launched a temporary funding assistance program to help medical practices with their short-term cash flow needs, offering no-interest loans with no added fees.

A little over a year later, UnitedHealth is aggressively going after borrowers, demanding they “immediately repay” their outstanding balances, according to documents viewed by CNBC and providers who received funding. Some groups have been asked to repay hundreds of thousands of dollars in a matter of days. 

Optum, UnitedHealth’s financial, pharmacy and care services arm, is telling borrowers that it reserves the right to “begin offsetting claims payable” to the practices, meaning the company will withhold separate funds until it recoups the loan.

It’s a significant change in posture for the company, which suffered a cyberattack in February 2024 that compromised data from around 190 million Americans, the largest reported health-care breach in U.S. history. The ensuing disruption caused severe fallout across the health-care system, leaving many providers temporarily unable to get paid for their services. Some dipped into their personal savings to keep their practices afloat.

During a Senate hearing about the attack in May, UnitedHealth CEO Andrew Witty said providers would only be required to repay the loans when “they, not me, but they confirm that their cash flow is normalized.”

Several doctors who took advantage of the financing told CNBC that they can’t meet the company’s new demands. Dr. Christine Meyer, an internist who started a practice in Exton, Pennsylvania, received a letter from Optum earlier this month telling her to immediately submit her organization’s payment. 

“We are not in any position to start repaying this loan,” Meyer, who started her practice about 20 years ago, told CNBC. She has been a vocal critic of UnitedHealth following the breach.

“I’m just looking at all my legal options at this point,” Meyer said. “But repaying them $750,000 in five days is obviously not going to happen.”

UnitedHealth didn’t comment on specific cases, but a spokesperson for Change Healthcare confirmed that the company has started recouping the loans.

“Now, more than one year post the event and with services restored, we have begun the process of recouping the interest-free funding we provided to providers,” the spokesperson said in a statement.

The company said the U.S. Department of Health and Human Services took the same approach last year “under its own cyber-attack lending program.” HHS launched a separate funding assistance program through the Centers for Medicare & Medicaid Services last March. CMS said it would automatically recoup payments from Medicare claims, and providers could accrue interest, according to a release.

“We continue to work with providers on repayment and other options, and continue to reach out to those providers that have not been responsive to previous calls or email requests for more information,” the Change Healthcare spokesperson said.

Providers were told that UnitedHealth reserved the right to withhold future payments when they signed up for the funding assistance program, the company added. CNBC independently reviewed a copy of a loan agreement for the program and confirmed this statement.

Change Healthcare, which offers payment and revenue cycle management tools, was acquired by Optum in 2022.

After discovering the breach last year, UnitedHealth said it isolated and disconnected the impacted systems. The company paid out more than $9 billion to providers in 2024, and more than $4.5 billion has already been repaid, according to the company’s fourth-quarter earnings report in January. UnitedHealth said providers would receive an invoice once standard payment operations resumed, and that they would be subject to a repayment period of 45 business days. 

“Change Healthcare will notify the recipient that the funding amount is due after claims processing or payment processing services have resumed and payments impacted during the service disruption period are processed,” the website says. 

While the vast majority of Change Healthcare’s services have been restored over the course of the last year, three products are still listed as “partial service available,” according to UnitedHealth’s cyberattack response website.

And doctors are still reeling. 

Meyer said that when the breach took place, she watched her practice’s daily deposits shrivel from the range of $60,000 to $80,000 to about $150 “overnight.” She applied for Optum’s temporary funding assistance program, and after some difficulty and back and forth with the company, she ultimately received a total of $756,900 in financial assistance.

Former Senator Bob Casey Jr., D-Pa., shared Meyer’s story during the congressional hearing in May. He asked Witty about the company’s approach to the repayment process. 

“I’d like to absolutely confirm to you and Dr. Meyer that we have no intention of asking for loan repayment until after she determines that her business is back to normal,” Witty told lawmakers. “Even then, we would not look for repayment until 45 business days – 60 calendar days – after that and there would be no interest and no fee associated with that loan.”

“So it would be a determination she makes?” Casey asked.

“That’s absolutely right,” Witty said. 

Meyer said that’s not what happened. 

She received a notice from Optum on Jan. 24, which was viewed by CNBC, that requested repayment since “the service disruption has ended for most clients.” Meyer said she called and told the company she was “not in any position to pay.” 

Meyer claims that her practice lost more than $1 million in revenue due to the Change Healthcare cyberattack. She told CNBC the figure was based on a forensic financial analysis her practice carried out by comparing its charges against payments over recent years. The $1.2 million figure accounts for losses across all its insurers, not just UnitedHealthcare, Meyer said.

On April 1, Meyer received another notice requesting immediate repayment within five business days. The letter was addressed to Meyer. But the name of the practice on the letter, Insight Counseling, as well as the total amount due, $925,200, were incorrect. 

Meyer said she called Optum again and was told the company made a mistake, but that she had five days to repay her actual total of $750,000. At that point, the company would start withholding her UnitedHealthcare payments, which she described as a “shakedown.”

Meyer said her practice typically receives annual claims payments of about $150,000 to $200,000 from UnitedHealthcare.

“I guess I’ll just let them take those payments back for the next three years until they get their money back,” she told CNBC.

In a post on LinkedIn on Thursday, Meyer wrote that she and her team “made a plan to leave the least amount of money in the account set up to receive payments from UnitedHealthcare. If it isn’t there, they can’t get it.”

WATCH: Health and Human Services Department opens probe into hack at UnitedHealth’s Change Healthcare