Transparency
Who secures Tempo
Tempo runs an initially permissioned validator set under Simplex BFT consensus: validators are whitelisted, there is no public staking, and the chain halts rather than finalise conflicting blocks if more than one third are unavailable. A roadmap to permissionless validation is acknowledged but unscheduled. Until then, who runs the validators is the trust model.
| Validator | Kind | Operator | Region | Added | Decentralisation | Liveness | Operator trust |
|---|---|---|---|---|---|---|---|
| remittance | MoneyGram | — | 20 May 2026 | dec: low | live: high | op: high | |
| institutional | Zodia Custody | — | 18 Mar 2026 | dec: low | live: high | op: high | |
| operator | Figment | — | — | dec: low | live: high | op: high | |
| operator | Luganodes | — | — | dec: low | live: high | op: high | |
| operator | Blockdaemon | — | — | dec: low | live: high | op: high | |
| anchor | Stripe | — | 18 Mar 2026 | dec: low | live: high | op: high | |
| anchor | Visa | Global | 14 Apr 2026 | dec: low | live: high | op: high |
7 known validators · permissioned setstatus.tempo.xyz ↗
Risk signals are an editorial reading of public information, not an audit. A permissioned set scores low on decentralisation by construction; the institutions running it (Stripe, Visa, MoneyGram, Zodia) score high on operator trust and liveness. This is the honest tradeoff Tempo is making today.