The Intermediary Risk LayerBridges, Market Makers, and Service Providers as Structural Exposures

Tokenized markets carry a story about themselves: that they remove intermediaries, replacing trusted parties with protocols and letting value move directly between participants. The story is half true and dangerous in its other half. The base protocol may indeed reduce the need for certain trusted parties. The market built on top of the protocol runs on a thick layer of intermediaries, and that layer concentrates risk in ways an institution can easily miss because the risk does not show up in the price of anything.

Consider what it actually takes to hold and use a tokenized asset across real conditions. Value moves between networks through bridges. Markets quote because market makers choose to provide liquidity. Assets are held and operations are run through custody and service providers. Trades happen on venues. All of it connects through infrastructure providers that supply the data and connectivity the system needs to function. Each of these is an intermediary, and each is a party the institution depends on. The dependency is real even when it is invisible, and it is most invisible precisely when everything is working.

This report treats the intermediary layer as the structural exposure it is. It explains why intermediaries reappear in tokenized markets despite the disintermediation narrative, maps the main categories of intermediary and the exposure each concentrates, and argues that an institution should inventory and stress test this layer the way it would any other concentration of risk. The exposures here are not priced into the assets, do not show up in a yield or a spread, and surface only when an intermediary fails. The work is to find them before that happens, because an unexamined dependency is a loss waiting for the moment its intermediary stops working.

The disintermediation narrative is not simply wrong; it is misapplied. It describes a property of the base protocol and is then stretched to describe the whole market, which is a different thing. Understanding why intermediaries reappear, despite a base layer that genuinely needs fewer of them, is the key to taking the intermediary layer seriously.

At the protocol level, certain trusted parties really are reduced. A transfer that the network validates does not need a chain of correspondents each keeping their own books. To that extent the disintermediation is real. But a market is far more than transfers. It needs liquidity, which needs market makers. It needs assets to move between networks, which needs bridges. It needs assets held safely and operations run reliably, which needs custody and service providers. It needs places to trade, which needs venues. It needs data and connectivity, which needs infrastructure providers. None of these functions is performed by the base protocol, and each is performed by an intermediary. The protocol removed some intermediaries and the market added others, and the net result for a regulated tokenized asset is a dependency on intermediaries that is comparable to, and in some respects greater than, its conventional equivalent.

There is also a subtler reason intermediaries reappear, which is accountability. Regulated activity requires accountable parties: someone responsible for custody, someone responsible for the venue, someone who answers when something goes wrong. A pure protocol has no one to hold accountable, and regulated institutions cannot operate on accountability that points at no one. So accountable intermediaries are reintroduced deliberately, to provide the responsibility that regulation requires and a protocol cannot. This is not a failure of tokenization; it is a feature of operating regulated assets in the real world. The consequence is that the intermediary layer is not a temporary immaturity that will disappear as the technology matures. It is a permanent part of how regulated tokenized markets work, and it deserves to be treated as such rather than waited out.

The grid sets out the main categories of intermediary in a tokenized market, what each does, the exposure it concentrates, and how that exposure surfaces. The surfacing column is the one that matters, because these exposures are quiet until they are not.

The categories share a property: each is a place where many participants depend on a few, and where the failure of one of the few affects all of the many. That is the definition of concentrated risk, and the intermediary layer is full of it, hidden beneath a narrative that says it should not be there at all.

Bridges are the clearest case of intermediary risk because their failures have been among the largest and most direct losses in this market. A bridge connects two networks that do not natively interoperate, allowing value to move from one to the other. To do this, a bridge typically holds or controls the assets in transit: value is locked or held on one side while a representation is made available on the other. The bridge is, in that moment, in control of the assets, and the soundness of the arrangement is the soundness of the bridge.

This makes a bridge a concentrated point of exposure of exactly the kind regulated finance tries to avoid. A great deal of value can depend on a single connector, and a compromise of that connector is a direct loss of the value it held, not a price movement that might recover. The history of this market includes repeated, large bridge failures, in which the connector was exploited and the assets it controlled were taken. These were not market losses; they were the failure of a single intermediary that many participants had depended on, often without fully recognizing the dependency.

The practical lesson is to treat any cross network movement as the assumption of bridge risk and to size and scrutinize it accordingly. An institution that moves value between networks is depending on the bridge it uses, and it should understand how that bridge holds the assets in transit, what would happen if it were compromised, and whether the value it routes through the bridge is an amount it can afford to have at risk in a single connector. Where bridging can be avoided, by keeping assets and their settlement on one network, the exposure is removed entirely, which is part of why the network selection decision and the bridge question are connected. Where bridging is necessary, it should be a deliberate, sized, monitored exposure rather than an operational convenience used without a second thought, because the bridge is one of the few places in this market where a single intermediary's failure is an immediate and often unrecoverable loss.

Market makers are a dependency that wears the costume of a convenience. A market that quotes prices and offers a counterparty on demand feels like a property of the market itself, but it is usually the product of a small number of intermediaries choosing to provide liquidity. The market quotes because they quote, and the dependency on them is invisible as long as they keep doing it.

The exposure surfaces when they stop. Market makers provide liquidity because it is profitable, and they withdraw when it is not, or when conditions become too uncertain to price. The conditions that cause them to withdraw are precisely the stressed conditions in which participants most need to transact. A market that looked liquid in calm times can become illiquid in stress not because the assets changed but because the intermediaries providing the liquidity stepped back, and a participant who treated the quoted market as a reliable feature finds it gone at the moment of need. This is a concentration of dependency: the market's liquidity rested on a few providers, and the few withdrew together when the environment turned.

For an institution, the discipline is to know who provides the liquidity it relies on and to plan for their absence. A market supported by one or two market makers is a fragile market, however smooth it looks in normal conditions, because the withdrawal of one or two parties can remove most of its liquidity. A market with many independent providers is more robust, because the withdrawal of some leaves others. An institution should understand which kind of market it is depending on, should not assume that present liquidity will be present in stress, and should plan its own exit and risk assumptions around the possibility that the market makers are gone exactly when it wants them. The liquidity is real and it is also borrowed from intermediaries who can call it back, and treating borrowed liquidity as owned is how participants get caught.

The least visible intermediaries are the ones that supply the operational infrastructure an institution runs on: custody and service providers that hold assets and run processes, and the data and connectivity providers that supply the information and links the system needs. These are easy to overlook because they work quietly and continuously, and a dependency that never fails is a dependency that is never noticed.

The exposure here is operational rather than, or in addition to, financial. A service provider that fails can halt an institution's activity even when its assets are entirely safe, because the institution cannot operate without the function the provider supplied. A data or connectivity provider that falters can cause operations to fail or, worse, to act on bad information, with consequences that ripple through everything built on top of that data. These are not losses of assets in the way a bridge failure is, but they are disruptions that can be severe, and they stem from the same structural fact: many participants depend on a few providers, and the failure of a provider affects all who relied on it.

Because these dependencies are quiet, the work is to make them visible. An institution should know which service, custody, data, and connectivity providers its operation depends on, what each provides, and what would happen if each became unavailable. Many of these dependencies turn out to be more concentrated than expected, with critical functions resting on a single provider whose failure would stop the institution. Some turn out to be shared across the whole market, so that a single provider's failure would affect not just one institution but many at once, a systemic concentration hiding inside individual operational choices. None of this is visible in normal operation, which is exactly why it must be sought out deliberately. The providers that work silently are carrying real load, and load that no one has examined is load that no one has confirmed will hold.

The constructive response to intermediary risk is an inventory and a stress test, because the exposures are real whether or not they have been written down, and writing them down is the first step to managing them. The exercise is unglamorous and it is the thing that separates an institution that understands its dependencies from one that merely has them.

The inventory is a complete list of the intermediaries the institution depends on, across every category: the bridges it uses, the market makers it relies on for liquidity, the custody and service providers that hold its assets and run its operations, the venues it trades on, and the data and connectivity providers underneath. For each, the inventory records what the intermediary does, how much depends on it, and what the institution's exposure to its failure is. The act of compiling this list is itself valuable, because dependencies that were invisible become explicit, and concentrations that no one chose deliberately become apparent. Institutions frequently discover, in doing this, that more rests on a single intermediary than anyone intended.

The stress test asks, for each intermediary, what happens if it fails, and follows the consequences through. If this bridge is compromised, what is the loss. If these market makers withdraw, what happens to the institution's ability to transact and to value its positions. If this service provider fails, what stops, and for how long. If this data provider supplies bad information, what acts on it. The point is to convert each dependency from an assumption into a known exposure with a known consequence, so that the institution can decide whether the exposure is acceptable, whether it should be reduced through diversification or redundancy, and what its response would be if the failure occurred. An institution that has run this exercise knows where it is exposed and can act before a failure. One that has not is trusting a layer it has never examined to keep working, right up until one part of it stops.

Intermediary layer

The connective tissue of a tokenized market: bridges, market makers, custody and service providers, venues, and data and connectivity providers.

Bridge

A connector that moves value between networks that do not natively interoperate, typically by holding or controlling assets in transit.

Market maker

An intermediary that quotes prices and holds inventory so that a counterparty exists when a participant wants to trade.

Service provider

A party that holds assets or runs operational functions an institution depends on, whose failure can halt activity.

Connectivity provider

A supplier of the data, pricing, and links a system relies on to operate, often unseen until it falters.

Concentration risk

Exposure that arises when many participants depend on a few providers, so that one failure affects all who relied on it.

Systemic dependency

A dependency shared across many institutions, so that a single failure affects the market broadly rather than one participant.

Intermediary inventory

A complete record of the intermediaries an institution depends on, what each does, and the exposure to its failure.

Stress test

An exercise that follows the failure of each dependency through to its consequence, to convert assumptions into known exposures.

Citation slots below mark claims and context that require source verification before this document is treated as externally citable. They are placeholders by design. This library does not assert sourced facts without sources.

1. 01

   Analysis of bridge failures and the value lost through cross network connectors.

   Citation pending[Citation needed: documented bridge exploit and failure analyses]

2. 02

   Research on liquidity provision and withdrawal by market makers under stress.

   Citation pending[Citation needed: market-microstructure literature on liquidity provision in stress]

3. 03

   Operational risk frameworks for third party and service provider dependency.

   Citation pending[Citation needed: recognized third-party and operational-risk frameworks]

4. 04

   Financial stability analysis of concentration and shared dependencies in digital asset markets.

   Citation pending[Citation needed: financial-stability work on concentration in digital asset infrastructure]

For adjacent BlockHedge work, see The Network Selection Decision for the dependency profile a network establishes, The Liquidity Problem in Tokenized Markets for the market maker dependency in depth, and Counterparty and Venue Risk in Digital Asset Markets for the surrounding exposure analysis.