If you're reading this and still haven't signed up, click the subscribe button below!

Pssst. We also have a podcast… find that here on your favourite podcast player or here on YouTube 🙏

Welcome to the Tokenized newsletter, brought to you by the creators of the Tokenized Podcast. Written by Simon Taylor of Fintech Brainfood and Shwetabh Sameer of Molten Ventures.

We are the newsletter for institutions that need help preparing for a Tokenized future.

We run through the headlines every week, what it means for you and a market readout. Always with an institutional, business-focused perspective. 

Join us every week as we meet your Tokenization needs.

💬Simon's Market Readout – DoorDash goes live with stablecoin payouts in 40+ countries on Tempo — and Coastal Community Bank quietly builds cross-border settlement rails on the same network that might matter more

📰 Stories You Can't Miss: Qivalis picks Fireblocks and adds BBVA and DZ BANK to its consortium; UK pivots toward a unified payments rulebook after BoE cap backlash; Senator Tillis delays CLARITY Act markup to May as bank lobbying escalates; and a $292 million KelpDAO bridge exploit triggers $6.6 billion in Aave outflows and exposes DeFi's hidden trust assumptions

This newsletter is sponsored by M0!

Stablecoins are becoming global financial infrastructure.

Brands partner to issue their own stablecoins with regulated issuers.

Stablecoin issuers want to issue for the most valuable brands.

Both need robust tech.

M0 is the only platform where issuers and brands get together to build stablecoins.

Make your own money. m0.org.

Editor's Note: Simon Taylor, co-creator of Tokenized, works at Tempo. The analysis below represents Simon's perspective on these developments.

DoorDash is bringing stablecoin-powered payments to 40+ countries on Tempo. This is the canonical stablecoin use case.

The DoorDash co-founder Andy Fang said, "there's real promise with stablecoins transforming financial infrastructure, not just in America, but globally," and they want to be a proactive participant in making that happen.

If you're going to operate in 40 markets and pay out to merchants and Dashers, each market has different payment rails, different FX dynamics, different settlement timelines, different regulatory requirements. A payout flow that works in the United States doesn't necessarily apply in Helsinki. The logistics of actually getting a Dasher paid in more than one country looks completely different and incredibly complex.

The ability to get paid and to pay without waiting days is solving a real problem for people right now at scale. DoorDash is building stablecoin payment infrastructure as part of its global marketplace to make payouts faster, reduce cross-border costs, and make transactions more flexible. This is a business that has been around since 2013, is publicly traded, and has now chosen Tempo to move things forward.

This is a real sign of stablecoin maturity coming into the marketplace. If you zoom out, this is a signal: no matter how much it seems like the crypto market can have hacks and scams and issues, the stablecoin market is continuing to deliver large enterprises that see a commercial business case in dealing with stablecoins. I suspect we'll see many more.

The story I think everybody missed: Coastal Community Bank is using Tempo to make cross-border settlement happen in minutes.

Coastal Community Bank, as many of you will know, is the bank that powers lots of fintech companies like Robinhood. Those fintech clients need faster, cheaper ways to move money across borders, and traditional correspondent banking infrastructure isn't built to deliver that—especially when you're dealing with the US to Latin America.

So Coastal and Tempo are building a cross-border corridor that keeps all of the existing compliance infrastructure of a bank in place, just replacing the settlement layer underneath with stablecoins on Tempo. This is a highly regulated bank choosing to move a major product onto the Tempo blockchain, onto digital assets, onto stablecoins.

Far from being a problem for community banks, the stablecoin opportunity is about new revenue. And that's been a learning process in both directions. Features required for institutional cross-border settlement—like privacy zones or compatibility with ISO 20022—have been built into Tempo as part of that feedback. These seemingly small details make a massive difference to being able to deliver.

Put these two stories together: You've got an enterprise operating in multiple markets—I think that story was understood and we'll see more of it. But banks choosing to do cross-border on-chain because it's better for them and their fintech companies? That's the story everybody missed here.

The European banking consortium building a euro stablecoin just moved from press releases to procurement. Qivalis - which we've covered twice since it was announced in October 2025 - has selected Fireblocks as its core infrastructure partner. It has also added BBVA and DZ BANK as its eleventh and twelfth members, and maintained its H2 2026 launch timeline pending DNB authorization. I

In December, we flagged three open questions: blockchain infrastructure, interoperability, and distribution commitments. One of those three is now answered.

Key Points:

The Tokenized Take:

In December, we wrote that "signing up isn't the same as showing up." Selecting Fireblocks is the step between the two. You don't integrate a tokenization engine, build compliance workflows, and connect wallet infrastructure across twelve banks without real engineering budget and institutional commitment. Consortiums that don’t work usually stall before the procurement phase, not after. The fact that Qivalis has a named infrastructure partner, a specific token standard (ERC-20F), and a compliance architecture tells us this is no longer a concept paper.

But infrastructure is the easy part. The hard part is the twelve separate adoption decisions that come next.

Each member bank needs to independently allocate IT budget, secure risk committee sign-off, integrate Qivalis into treasury workflows, and route actual settlement flows through the stablecoin. That's twelve different technology roadmaps, twelve compliance interpretations, twelve internal change management processes - at banks that are often competing for the same corporate clients. ING and BNP Paribas don't stop being rivals because they share a stablecoin.

DZ BANK's addition is the most strategically interesting of the new members. Germany's cooperative banking network - ~700 institutions, ~7,500+ branches - gives Qivalis potential reach into the small and mid-sized businesses that actually drive European cross-border trade. But "potential reach" requires DZ BANK to build the integration, train the relationship managers, and convince the cooperative banks to offer something they've never offered before. That's a multi-year programme, not a launch-day feature.

The competitive landscape looks different when you frame it correctly. Checkout.com, Circle's EURC, and SocGen's EURCV aren't targeting the same flows - they serve merchants, DeFi, and retail cross-border payments respectively. Qivalis's actual competitors are JPMorgan's Kinexys, Fnality's wholesale settlement network, and the ECB's own wholesale CBDC experiments. Those are the projects racing to become default infrastructure for institutional euro settlement. And unlike the retail stablecoin market, that race has no clear leader yet - which is exactly why twelve banks think a consortium still has a window.

The catch: Kinexys moves at JPMorgan speed. Qivalis moves at the speed of twelve risk committees reaching consensus. In wholesale infrastructure, execution tempo matters as much as design.

Two of our three December questions remain unanswered. Interoperability with existing euro stablecoins: unaddressed. Distribution commitments beyond wholesale pilots: unspecified. The infrastructure question is closed. The adoption question is not.

H2 2026 is now six months away. We'll find out soon enough whether Qivalis crosses the line from construction site to production - or whether twelve banks discovered, as consortiums often do, that building together is harder than building alone.

The UK is attempting something no other major jurisdiction has tried: a single regulatory framework covering stablecoins, tokenized deposits, and traditional payment services. At UK Fintech Week, HM Treasury unveiled a package that moves toward a unified payments rulebook - a direct pivot from the BoE's proposed holding caps last September, which drew sharp industry backlash and risked making the UK the least competitive major jurisdiction for digital payments.

Key Points:

The Tokenized Take:

This reads like a course correction dressed as a strategy launch. The UK is attempting something no other major jurisdiction has done — unifying stablecoins and tokenized deposits under one rulebook. The US regulates them separately (GENIUS Act for stablecoins, existing FDIC rules for tokenized deposits).The EU has MiCA for stablecoins but treats tokenized deposits under existing e-money and banking frameworks rather than a unified digital payments rulebook. The UK is betting it can avoid that fragmentation before it hardens.

The execution is where it gets tricky. Tokenized deposits carry FSCS protection and sit inside bank prudential rules. Stablecoins backed by T-bills are a fundamentally different risk instrument. A single framework either waters down deposit protections, burdens stablecoin issuers with bank-grade requirements they can't meet, or - the sophisticated version - introduces activity-based tiering where the rulebook is unified but requirements scale with risk profile. We don't yet know which path the Treasury is walking.

There's also the question of what happens to the BoE's existing proposals. In November 2025, we covered their offer of RTGS access to systemic stablecoin issuers with a proposed 60/40 gilt/BoE reserve split. This unified rulebook potentially reorganizes that entire framework. Whether the systemic/non-systemic tiering survives - and crucially, whether the holding caps that drew so much criticism last September are dead or just dormant - is what our readers will want to know. The consultation is silent on both.

Then there's Bybit. Bybit left the UK in 2023 after tighter FCA rules, relocated to Dubai, and only re-entered in late 2025 through a partnership with Archax. Government officials courting the exchange's leadership in London is an implicit admission that the previous regulatory posture cost the UK real business. You don't invite companies back unless you've acknowledged they left because of you.

If the consultation produces rules that genuinely reduce compliance overhead, the UK could leapfrog the EU and compete directly with the US for stablecoin issuer headquarters. But "consultation" is not "legislation”. And until it is, this remains ambition, not policy.

Two weeks ago, we covered the White House CEA report that dismantled the banking lobby's core objection to stablecoin yield - a ~0.02% lending gain at an $800 million consumer welfare cost.

The data should have settled it. The banks decided to escalate instead.

Key Points:

The Tokenized Take:

The banks want two things at once: 1) a yield definition broad enough to shut down the Coinbase/Kraken distribution channel, and 2) enough calendar delay to force CLARITY into a larger package where prudential regulators have more leverage.

But the fallback undermines their own position. If banks stall long enough to kill the bill, they get the status quo - which means no yield restrictions at all. The GENIUS Act bans direct issuer yield, but platform distribution channels remain wide open. Every week of delay is another week Coinbase keeps those channels running - no restrictions, no guardrails.

May looks tight but not dead. Senate recesses May 4-8 and May 25-29, then Juneteenth. That leaves roughly three working weeks before summer break - and the bill still needs House reconciliation after committee

Early May markup with strong bipartisan support? Survivable. Late May? Probably not.

The insider quote from Crypto in America captures the equilibrium: banks can accept the Tillis-Alsobrooks compromise and limit deposit flight exposure, or they can hold out and be left with no protections at all.

The question is whether they're rational enough to take the win.

Three weeks ago, we covered Aave V4's launch and called its Spoke architecture "the upgrade that could turn it into institutional infrastructure." On Friday, a single misconfigured bridge validator proved exactly why that architecture was needed - and exposed how much of DeFi still hasn't caught up.

On April 18, an attacker forged a single cross-chain message on KelpDAO's bridge - a message that only needed one validator to approve - and drained 116,500 rsETH worth ~$292 million. The stolen tokens were immediately deposited as collateral on Aave V3, where the attacker borrowed ~$193 million in real WETH against them.

Then the bank run started: Aave's WETH pool hit 100% utilisation, legitimate depositors couldn't withdraw, and $6.6 billion in net outflows dropped Aave's TVL by ~25% in 48 hours. AAVE dropped ~16%.

The contagion didn't stop at protocols with direct exposure. Lido paused deposits into its earnETH product, which held rsETH exposure. Even Ethena - which confirmed zero exposure to the exploit - saw its token reprice as the market sold first and asked questions later. This is correlation contagion: one protocol's failure repricing an entire asset class.

Key Points:

The Tokenized Take:

The institutional story here isn't the hack itself - bridge exploits happen. It's what happened next. A $292 million exploit in one protocol created a $6.6 billion liquidity event across a supposedly isolated lending market. Tokens with zero direct exposure got repriced anyway. Trapped depositors borrowed $300 million against their own locked collateral just to exit their positions. That is systemic risk - the exact contagion mechanism that institutional risk committees model when they evaluate DeFi exposure.

Which brings us back to Aave V4. Three weeks ago we wrote that V4's Spoke architecture lets institutions participate in dedicated risk pools without exposure to leveraged positions in adjacent markets. Under that design, rsETH would sit in its own Spoke with dedicated collateral caps - and a depeg event wouldn't drain the main WETH pool that every other borrower depends on. The early evidence is encouraging: the LlamaRisk incident report scoped its bad debt analysis entirely to V3, suggesting the Spoke architecture may have contained the contagion as designed. But both versions still had to be frozen. Architectural containment and operational resilience are different things - and right now, DeFi governance moves slower than DeFi exploits.

Morpho proved that under live fire. Paul Frambot (Co-Founder and CEO of Morpho Labs) confirmed ~$1million in exposure across two isolated markets - every other vault was untouched. Same exploit, same asset class, radically different outcome. Morpho's architecture isolates each lending pair, so bad debt in one market cannot propagate to another. That's what V4's Spokes are supposed to do. The institutional question isn't whether DeFi lending can be made safe. It's whether protocols will adopt the architectures that already exist.

The governance gap is what should worry institutions most. In January, Aave's DAO passed Proposal 434, raising rsETH's maximum loan-to-value ratio to 93% in E-Mode - for a liquid restaking token backed by a bridge running single-validator verification. No traditional risk committee would have approved that parameter set. And LayerZero's defaults made the same mistake at the infrastructure layer: if 47% of applications on your messaging protocol are running minimum-security configurations because that's what ships out of the box, you bear responsibility for the default - regardless of what the documentation recommends. Ship insecure defaults, blame your users when things break, and see how far that gets you in an institutional due diligence process.

The Arbitrum freeze deserves honest framing. A 12-member council unilaterally freezing $71 million in user funds is, for institutions, arguably a feature - it looks like a circuit breaker, and it saved real money. But it also means the trust assumptions on L2s are fundamentally different from what the marketing suggests. If a chain can freeze assets by committee decision, that's a governance risk that needs to be priced, disclosed, and stress-tested - not treated as an emergency exception that proves the system works.

LayerZero's official post-mortem attributes the exploit to North Korea's Lazarus Group (TraderTraitor unit). If that attribution holds, DeFi is now facing sustained state-sponsored infrastructure attacks - $577M stolen across Drift and Kelp in 18 days - not occasional freelance exploits. That changes insurance underwriting, custody risk models, and the regulatory case for mandatory bridge security standards.

It also raises a question no protocol has answered yet: what are your OFAC compliance obligations when a state-sanctioned entity is using your bridge as an attack vector?

Thanks so much for reading the Tokenized Newsletter!

Please share this edition or share it with your colleagues if you enjoyed it!

Disclaimers