We Spent Years Building Decentralized Apps, But 90% of Them Route Through Three RPC Providers—Did We Miss The Point?

General
1

We Spent Years Building Decentralized Apps, But 90% of Them Route Through Three RPC Providers—Did We Miss The Point?

I’ve been staring at on-chain data for three years now, and there’s one pattern that keeps me up at night. I analyzed where Web3 application traffic actually goes, and the numbers are uncomfortable: over 90% of dApp requests route through just three RPC providers—Alchemy, Infura, and QuickNode.

Here’s what bothers me: We built this incredible decentralized ledger. Thousands of nodes worldwide validating transactions. No single point of control. Censorship-resistant at the protocol layer. And then… we funnel all the access through three companies.

The Wake-Up Call

Last year’s AWS US-East outage was the moment it clicked for me. Major crypto exchanges went down. RPC endpoints failed. dApps stopped working. But you know what kept running? The blockchains themselves. Ethereum kept producing blocks every 12 seconds like nothing happened. Solana kept chugging along. The decentralized part worked perfectly.

The centralized access layer is what broke.

Why We’re Stuck Here

My company relies on Infura. I’m not proud of it, but I understand why. We analyzed what it would cost to run our own nodes:

The Economics Are Brutal:

  • Hardware: $800-3,800 upfront for a decent setup
  • Operational costs: $500-2,000 per month, per chain
  • Hidden costs: 10-20% of our total project budget just for maintenance
  • Human cost: Someone needs to be on-call when nodes die at 3am

The Complexity Is Real:

  • 16-64 CPU cores, 64-256 GB RAM, multi-terabyte NVMe SSDs
  • Chain-specific quirks that require deep expertise
  • Slow responses under load, debug calls that fail mysteriously
  • Every chain has its own configuration nightmare

Want to support Ethereum + Polygon + Arbitrum + Optimism? Multiply everything by four.

For Solana? Forget about it. Even a full node with just a few days of history is heavy. Archive nodes are basically out of reach for anyone but giant infrastructure providers.

The Data Doesn’t Lie

I ran the numbers last month. Our analytics platform makes about 50 million RPC calls across different chains. At current Infura pricing (which is actually pretty reasonable), we’re paying around $800/month.

If we ran our own nodes for the same coverage? Estimated $6,000/month plus at least 20% of one engineer’s time. The math is simple: centralized RPC wins.

So What Are We Building?

This is my real question for the community. If our decentralized applications can’t function without centralized infrastructure providers, what exactly have we decentralized?

Sure, the protocol layer is decentralized. The data is replicated across thousands of nodes. But if 90% of users and developers access that data through three companies, those three companies become de facto gatekeepers.

They can track our activity. They can filter our requests. They can set prices. They can enforce compliance. They can fail and take everyone down with them.

Is This Temporary or Fundamental?

I keep hoping this is just a scaling challenge we’ll solve. That in a few years, light clients will be so good that every app runs its own validation. That protocols will optimize enough that nodes become cheap to run. That the economics will flip.

But I also wonder if we’re fooling ourselves. Maybe infrastructure naturally centralizes because specialization and economies of scale always win. Maybe the goal isn’t everyone running nodes, but having enough provider diversity that no single entity has control.

Looking for Answers

Has anyone figured out how to solve this economically? Is anyone running their own nodes across multiple chains without venture funding?

What’s the actual path to infrastructure decentralization that doesn’t require everyone to be a DevOps expert with a $5K/month infrastructure budget?

Or do we accept that this layer will be centralized and just focus on keeping the protocol layer decentralized?

I built my career on making blockchain data accessible. But the more I analyze how we’re actually accessing blockchains, the more I wonder if we’ve just recreated the old centralized architecture with extra steps.

What am I missing here?

2

This is exactly the existential crisis that keeps me working on light clients at 2am.

You’ve hit the nail on the head, Mike. We built censorship-resistant protocols and then routed all access through censorable gatekeepers. It’s like designing a nuclear bunker and then putting the only entrance in someone else’s building.

The Centralization Risks Are Real

From a protocol perspective, this creates multiple attack vectors:

Single Points of Failure:

  • Infura outage in November 2020 took down MetaMask, Uniswap, and most major dApps simultaneously
  • The blockchain kept running perfectly, but if users can’t read state or submit transactions, decentralization becomes theoretical

Censorship & Surveillance:

  • RPC providers can filter and censor transactions before they hit the mempool
  • They can track IP addresses, query patterns, and build comprehensive surveillance profiles
  • They can comply with government requests to block specific addresses (remember the Tornado Cash situation?)
  • They can geo-block entire countries

Service Manipulation:

  • They control what data you see and when you see it
  • They can deprioritize or degrade service for certain users
  • They effectively control access to “public” blockchain data

The irony is brutal: We’re building trustless systems that require trusting infrastructure providers.

Why I Still Run My Own Nodes

Despite the costs you outlined (which are accurate), I run my own nodes for production infrastructure. Not because I’m wealthy or have unlimited funding, but because I refuse to build on someone else’s permission.

Yes, it costs me about $1,200/month across Ethereum, Arbitrum, and Polygon. Yes, I’ve been woken up at 3am to restart stuck nodes. Yes, it’s eaten probably 15% of my development time over the past year.

But here’s what I get:

  • No censorship risk: Nobody can filter my transactions or block my access
  • Privacy: My request patterns aren’t being logged and potentially sold
  • Reliability: When Infura goes down, my stuff keeps working
  • Sovereignty: I control my own infrastructure destiny

The Uncomfortable Truth

You’re right that most projects can’t afford this, especially at early stages. That’s the fundamental problem: If only well-funded companies can afford infrastructure independence, we haven’t decentralized anything.

We’ve just created a new class of gatekeepers with better APIs.

There ARE Solutions (But They’re Not Ready Yet)

The good news: We’re not stuck with this forever. Here’s what’s being built:

Light Clients:

  • Portal Network for Ethereum is making lightweight clients practical
  • Browser-based clients that verify consensus without full state
  • Trustless access without infrastructure dependency

Better Node Software:

  • Erigon and Reth are dramatically more efficient than older clients
  • Lower hardware requirements, faster sync times, better performance
  • Getting close to commodity hardware viability

Protocol Improvements:

  • EIP-4444 (history expiry) will reduce storage requirements
  • Verkle trees enable stateless clients
  • Danksharding reduces bandwidth and computational load

Better Tooling:

  • Eth-Docker, Sedge, DAppNode making setup more accessible
  • One-click deployments coming closer to reality

The Challenge I’ll Pose

Here’s my controversial take: If you can’t run your own node, you’re not building a decentralized application. You’re building a centralized app with a blockchain backend.

That’s harsh, and I know it excludes a lot of builders who are doing good work. But we need to be honest about what we’re building.

Near-term pragmatism: Use Alchemy or Infura, but:

  1. Have backup providers configured
  2. Build with node independence as eventual goal
  3. Support protocol work to reduce node requirements
  4. Don’t pretend your app is decentralized if it depends on centralized infrastructure

Long-term: The industry needs to solve this. Better tooling, lighter clients, protocol optimization. We figured out how to scale blockchains from 7 TPS to thousands. We can figure out how to make node operation accessible.

The question isn’t whether we can solve this. It’s whether we will before the centralized providers become too entrenched to displace.

What’s your timeline for considering running your own nodes? Is there a specific cost point or capability improvement that would make it viable for your analytics platform?

3

Okay, let me give you the startup founder reality check on this.

Brian, I respect the hell out of your commitment to running your own nodes. That’s genuinely admirable. But let’s talk actual business math for a pre-seed startup with 18 months of runway.

The Cold Hard Economics

Running Own Nodes:

  • $2,000/month × 12 months = $24,000 per year
  • That $24K could instead buy us:
    • Three months of a mid-level engineer’s time
    • Entire AWS bill for our product for 6+ months
    • Marketing budget to acquire our first 1,000 users
    • Two extra months of runway when we’re scrambling before Series A

Using Alchemy Free Tier:

  • Cost: $0/month for first 3 million requests
  • Setup time: 10 minutes
  • Maintenance: Zero
  • On-call burden: Zero

When your burn rate is $40K/month and you’re racing to hit milestones before running out of cash, spending $2K/month on infrastructure independence is a luxury you literally cannot afford.

But Here’s My Contrarian Take

I don’t think this is actually a problem.

Stay with me here. Yes, RPC access is centralized. But let me ask: Is email decentralized?

Most people use Gmail, Outlook, or a handful of other providers. The email protocol is open. Anyone can run a mail server. But most people don’t, because it’s a pain in the ass and provides no user-facing benefit.

Yet we don’t consider email to be “broken” or “not really decentralized.” The important part—the protocol layer, the interoperability, the lack of gatekeeping at the protocol level—those are decentralized.

What Actually Matters for Decentralization

Here’s my framework for thinking about this:

Protocol Layer (Must Be Decentralized):

  • Transaction validation :white_check_mark:
  • Data availability :white_check_mark:
  • Consensus mechanisms :white_check_mark:
  • No single point of control :white_check_mark:

Infrastructure Layer (Centralization is Acceptable If):

  • Multiple providers compete :white_check_mark:
  • Switching costs are low :white_check_mark:
  • No vendor lock-in :white_check_mark:
  • Providers can’t change protocol rules :white_check_mark:

RPC providers are competing on price, features, and reliability. I can switch from Alchemy to Infura to QuickNode with maybe 30 minutes of work. They can’t change what transactions get validated or how the blockchain operates.

That seems… fine?

The Real Risk I Worry About

My actual concern isn’t that we use centralized RPC providers. It’s consolidation and vendor lock-in.

If Alchemy acquires Infura and QuickNode merges with Ankr, and we’re down to two providers with 95% market share? That’s scary. They’d have massive pricing power and could effectively control access.

If providers start offering proprietary APIs that make switching costly? That’s bad for competition and creates lock-in.

If regulations force RPC providers to do KYC and block certain users? That undermines permissionless access.

But none of those things have happened yet. Right now we have a healthy competitive market for RPC services.

My Pragmatic Approach

For our startup:

  1. Use Alchemy for now (free tier, then paid as we scale)
  2. Build with abstraction layer so we can swap providers easily
  3. Monitor the market for consolidation or vendor lock-in signs
  4. Reconsider at Series A when we have budget and clear use case

After this thread, I will add a backup RPC provider (probably QuickNode) so we have failover. That’s good operational hygiene regardless.

The Question I’ll Pose Back

Is decentralization an all-or-nothing proposition? Or can we have decentralized protocols with centralized tooling?

Web3 is full of centralized services: Etherscan for block explorers, OpenSea for NFT marketplaces, GitHub for code repos, Discord for community. We don’t consider those to be failures of decentralization—we consider them to be useful services built on top of decentralized infrastructure.

Why is RPC different?

(Genuinely asking—I might be wrong here, but I want to understand the counterargument.)

One final point: If users actually cared about RPC decentralization, there’d be a market for it and startups would build solutions. The fact that there isn’t a huge market demand suggests most people find the current setup acceptable.

Maybe we’re solving a problem that only idealistic builders care about, not a problem that end users actually experience?

4

As someone who spends their career finding vulnerabilities in smart contracts, I need to point out: This centralization creates systemic security risks that cannot be ignored.

Steve, your email analogy is flawed. Let me explain why.

The Security Attack Surface

When you use a centralized RPC provider, here’s what you’re trusting them with:

Data Access:

  • They control what blockchain state you can read
  • They can serve you stale or incorrect data
  • They can selectively withhold information
  • They decide transaction ordering for mempool queries

Transaction Submission:

  • They’re the intermediary between your users and the blockchain
  • They can drop transactions silently
  • They can delay critical transactions
  • They can front-run user transactions with their own

User Privacy:

  • They see every wallet address you query
  • They know your IP address and can geolocate your users
  • They observe your transaction patterns and can profile behavior
  • They can correlate dApp usage across your entire user base

This isn’t theoretical. Let me give you real examples.

Historical Security Incidents

Infura November 2020 Outage:

  • MetaMask, Uniswap, MakerDAO, Compound all went offline simultaneously
  • Users couldn’t access their funds despite owning their private keys
  • The blockchain was working perfectly, but the access layer failed
  • Single point of failure demonstrated in production

Tornado Cash Censorship (2022):

  • Infura and Alchemy initially blocked access to Tornado Cash contract addresses
  • If you used these providers, you literally couldn’t interact with smart contracts
  • They later reversed course, but it demonstrated: centralized providers can censor at will

Regional Geo-Blocking:

  • Multiple RPC providers block certain countries due to sanctions
  • Users in those regions can’t access “permissionless” blockchain applications
  • Again: protocol is permissionless, but access layer has gatekeepers

The Trust Model Is Broken

You’re building trustless smart contracts that enforce rules cryptographically. Then you’re accessing them through trusted intermediaries who can:

  • Lie about contract state
  • Filter your transactions
  • Monitor your activity
  • Comply with government censorship requests

Steve, you asked if this is different from email. Yes. Here’s why:

Email analogy fails because:

  • If Gmail blocks your email, you switch providers in minutes
  • Email content is encrypted (or should be)
  • Email providers can’t rewrite the content of emails in transit
  • Email isn’t financial infrastructure where correctness is critical

Blockchain requires:

  • Correct state reads (wrong data = wrong financial decisions)
  • Guaranteed transaction delivery (dropped TX = lost money/opportunities)
  • Censorship resistance (the whole point of decentralized finance)
  • Privacy from surveillance (financial activity is sensitive)

The Risk Calculation

From a security researcher perspective, every dApp using centralized RPC has:

Single Point of Failure: If provider goes down, entire dApp is offline
Censorship Risk: Provider can block access to specific contracts or addresses
Data Integrity Risk: Provider can serve incorrect state, users make wrong decisions
Privacy Risk: Complete surveillance of all user activity and transaction patterns
Regulatory Risk: Government can subpoena or force compliance on providers
Economic Risk: Provider can change pricing or terms, creating business continuity issues

These aren’t edge cases. These are fundamental vulnerabilities in your application architecture.

What You Should Do (Minimum Viable Security)

I’m realistic about cost constraints. But here’s the absolute minimum for production dApps:

1. Multiple RPC Providers

Configure at least two providers (Alchemy + Infura, or add QuickNode). Automatic failover if one fails.

const providers = [
  new ethers.providers.JsonRpcProvider(ALCHEMY_URL),
  new ethers.providers.JsonRpcProvider(INFURA_URL),
  new ethers.providers.JsonRpcProvider(QUICKNODE_URL)
];
// Implement fallback logic

2. Validate Critical Reads

For important state reads (token balances, prices, governance votes), query multiple providers and compare results. If they disagree, that’s a red flag.

3. Transparent Disclosure

Your privacy policy should state: “We use third-party RPC providers who may collect your IP address and transaction queries.”

Users deserve to know what privacy they’re giving up.

4. Monitor Provider Health

Alert when your RPC provider has issues. Have runbook for switching providers quickly.

5. Plan for Self-Hosting

Build your infrastructure with eventual node independence in mind. When you hit Series A and have budget, upgrade.

Long-Term: Light Clients Are The Answer

Brian is right about light clients. They’re the only real solution because they eliminate trust assumptions:

  • Client validates blockchain consensus directly
  • No need to trust RPC provider about state correctness
  • Privacy preserved (provider can’t see what you’re querying)
  • Censorship resistant (you’re reading from blockchain, not from middleman)

Portal Network, Helios, and browser-based light clients are in development. Timeline: 2-3 years for production-ready.

The Uncomfortable Conclusion

Steve, you asked if users care about this. They don’t—until they do.

Users didn’t care about Mt. Gox security until they lost their Bitcoin.
Users didn’t care about smart contract audits until The DAO hack.
Users didn’t care about bridge security until $2 billion was stolen in 2022.

Security threats are invisible until they materialize. Then it’s too late.

RPC centralization is a systemic risk waiting for the right exploit or the wrong government pressure. The fact that it hasn’t blown up yet doesn’t mean it won’t.

My job is to point out vulnerabilities before they’re exploited. This is one of them.

You don’t need to run your own nodes tomorrow. But you need to:

  1. Acknowledge the risk exists
  2. Implement basic redundancy
  3. Have a plan for when this becomes a problem
  4. Support protocol work that reduces node requirements

Because when the systemic risk materializes—and history suggests it will—the projects that planned ahead will survive. The ones that assumed “it’s fine because it hasn’t failed yet” will be the cautionary tales.

Mike’s original question was: “Did we miss the point?”

From a security perspective: Yes, if we’re building supposedly decentralized and trustless systems that depend on centralized and trusted infrastructure, we’ve missed something fundamental.

The question is whether we’re going to fix it proactively, or wait for the inevitable failure to force our hand.

5

Okay, I need to admit something that’s a little embarrassing: I’ve been building on Ethereum for three years and I’ve never successfully run my own node.

Not because I don’t want to. I tried. Multiple times. And I failed every single time.

My Node Journey (A Comedy of Errors)

Attempt 1 (2023): Downloaded Geth, started sync, went to bed. Woke up to my laptop burning hot, sync at 2%, estimated time remaining: 4 days. Gave up.

Attempt 2 (2024): Tried running a node on a DigitalOcean droplet. Got stuck on configuration. Googled error messages, found five different StackOverflow answers, all contradicting each other. Spent entire weekend, never got it working.

Attempt 3 (2025): Read about “easier” clients like Erigon. Followed tutorial step-by-step. Hit an error not mentioned in docs. Asked in Discord, was told “just debug it.” I’m a frontend dev, not a DevOps wizard. Gave up again.

After that, I stopped trying and just used Alchemy. And honestly? It’s been wonderful for actually building things.

The Developer Experience Gap

Here’s what gets me: I can deploy a Next.js app to Vercel with git push. I can spin up a Postgres database with one click. I can set up CI/CD pipelines without thinking.

But running a blockchain node? It feels like I’m back in 2005 manually configuring Apache with cryptic config files and mysterious errors.

Why is this so hard?

  • Documentation is scattered across GitHub repos, Medium posts, and Discord messages
  • Every client (Geth, Erigon, Nethermind, Besu) has different setup process
  • Error messages are unhelpful: “sync failed” - okay, WHY?
  • Hardware requirements are unclear: “fast SSD” - how fast? “plenty of RAM” - how much?
  • Chain-specific quirks aren’t documented anywhere central
  • No standard CLI interface across clients

Compare this to modern developer tools:

  • Stripe: Sign up, get API key, integrate in 30 minutes
  • Vercel: Connect GitHub repo, deploy with zero config
  • Supabase: One-click Postgres with automatic backups

Blockchain nodes: Download mysterious binary, edit config file you don’t understand, pray it works, debug for 48 hours.

This is an Accessibility Problem

Brian said “if you can’t run your own node, you’re not building a decentralized application.” That stung a little, because I think he’s technically right.

But here’s my counterpoint: If only expert DevOps engineers can run nodes, we haven’t democratized anything.

Web3 is supposed to be about democratizing access to financial systems. Removing gatekeepers. Letting anyone participate.

But if you need deep technical expertise and $2K/month budget to run infrastructure, we’ve just created new gatekeepers. They’re just different gatekeepers than traditional finance.

What This Means For Users

From my perspective as someone building interfaces that regular people use, this centralization has real consequences:

  1. Privacy: My users have no idea their queries are going through Alchemy servers. I should probably tell them. Should I add that to our privacy policy?

  2. Trust: I’m asking users to trust my dApp with their money, but my dApp trusts Alchemy for data. That’s a trust chain, not trustlessness.

  3. Resilience: If Alchemy goes down, my dApp is down. Users with self-custody wallets can’t access their funds because the interface doesn’t work.

  4. Censorship: If Alchemy decides to block certain contracts or addresses, my users can’t access them through my interface.

I honestly don’t know what to do about this. The pragmatic part of me says “Alchemy works great, focus on building features users want.” The idealistic part says “this isn’t really Web3 if it depends on centralized infrastructure.”

My Hope for the Future

What I really want is for running a node to be as easy as deploying a website. Something like:

npx blockchain-node start --chain ethereum

And it just… works. Handles sync, optimization, updates, monitoring. Maybe runs in a Docker container or as a managed service I actually control.

Steve mentioned “Vercel for nodes” and honestly that sounds amazing. I would 100% pay for that if it existed and was affordable.

Or better: light clients that run in the browser. No infrastructure, no setup, just works. I’ve heard about Helios and Portal Network but haven’t tried them yet—are they production-ready?

The Uncomfortable Questions

Mike’s original question hits hard: Did we miss the point?

I think we’re in an awkward middle phase. We built incredible technology at the protocol layer. But we haven’t yet built the tooling to make that technology accessible.

So we end up with this weird hybrid: decentralized protocols, centralized access.

It’s like if the web had been invented but only computer science PhDs could run web servers, so everyone just used three hosting companies. That’s not the future we want, right?

My questions for the community:

  1. Are light clients actually going to solve this, or are they always 2-3 years away?
  2. Is there something like “managed nodes” where I control the node but don’t have to operate it?
  3. What’s the minimum viable node setup for a solo developer without a DevOps background?
  4. Why is node operation so much harder than every other part of modern infrastructure?

I want to believe we can fix this. We figured out how to make smart contracts easier to write (Solidity from raw opcodes). We figured out how to make wallets easier to use (MetaMask from command-line clients).

Can we figure out how to make nodes easier to run?

Because right now, the choice is: Be a DevOps expert with money, or depend on centralized providers.

And for 99% of developers (including me), that’s not really a choice at all.