According to Chainalytic, almost half of the organizations that joined the cryptocurrency industry in 2026 operate to alarming standards that would have made them industry leaders just a few years ago.
In the report preview published on Wednesday, Chainalytic said the crypto industry’s baseline compliance standards for alert severity, trigger sensitivity, and minimum dollar detection levels are tightening, with about 47% of organizations moving to alert standards this year that would put them in the top 10% for stringency in 2020.
She added that while companies have standardized on direct monitoring, where funds arrive immediately from a known illicit source, there is still a gap with indirect monitoring, where funds go through intermediary addresses.
Over the last few years, compliance alert standards have improved significantly across the industry. Source: Chain analysis
In response to tighter regulations and growing threats from hackers, the industry is improving its security and compliance. North Korea-linked hackers alone were responsible for an estimated $2 billion in crypto losses in 2025.
Chainalytic found that the industry was still setting standards in 2020, with only 10% meeting the highest requirements. However, in 2023, this percentage began to escalate, and now “new entrants are entering operations with more aggressive monitoring.”
“This is a sign that the ecosystem is rapidly maturing. Today’s standard compliance configurations would have been considered industry-leading just five years ago. The industry financial institutions they join have already built significant compliance infrastructure, and the bar continues to rise.”
Crypto has an indirect monitoring loophole
Legacy financial institutions have lower trigger thresholds for indirect exposure to illicit and illicit fund flows and are warned for smaller amounts. According to Chainalytic, cryptocurrency exchanges set much higher warning thresholds on average, which vary by category.
Related: Coinbase executives face fresh lawsuit seeking damages and recovery of profits from confidential information
Categories such as ransomware, scam shops, scams, and obscure web marketplaces often have indirect thresholds 10 to 20 times higher than their direct counterparts.
“The industry’s gap between direct and indirect monitoring creates an opening for illicit actors to exploit. Organizations that bridge this gap improve their regulatory defenses and stand out as trustworthy contractors,” the Chainalytic team said.
“The data in this chapter points to an industry in transition that has professionalized its approach to direct exposures, but may not yet treat indirect risks with the same rigorous approach.”
Warehouse: Polymarket courts Japanese entry, Harvard abandons entire ETH position: Hodler’s Digest, May 17–23
