Chainalysis Report: Cryptocurrency Sector Shows Compliance Progress Despite Persistent Vulnerabilities
Nearly half of cryptocurrency firms that joined the industry in 2026 maintain alert monitoring protocols that would have been considered among the most rigorous in the sector just five years earlier.
Approximately 47% of cryptocurrency companies that entered the market in 2026 have implemented alerting protocols that would have positioned them as compliance leaders in the industry merely several years prior, based on findings from Chainalysis.
According to a preview of research released on Wednesday, Chainalysis reported that the cryptocurrency sector's baseline standards for compliance concerning alert severity levels, sensitivity of triggers, and minimum thresholds for dollar amount detection are becoming increasingly stringent. Roughly 47% of firms that joined the industry during the current year employ alerting protocols that would have ranked them within the most strict 10% of companies back in 2020.
The research further noted that cryptocurrency businesses have achieved greater consistency in direct monitoring practices, which involve funds arriving straight from identified illicit sources, though a significant disparity persists in indirect monitoring capabilities, where assets move through intermediate wallet addresses.
The cryptocurrency sector has been elevating its compliance and security measures as a response to increasingly stringent regulatory requirements and escalating dangers posed by cybercriminals. Hacking groups linked to North Korea alone accounted for approximately $2 billion in cryptocurrency theft during 2025.
According to Chainalysis, during 2020, the cryptocurrency industry was in the early stages of setting compliance benchmarks, with merely 10% of organizations achieving the highest standards. Nevertheless, this proportion began climbing in 2023, and presently "newer entrants are launching with more aggressive monitoring."
This is a sign of rapid ecosystem maturation. Standard compliance configurations today would have been considered industry-leading just five years ago. The industry financial institutions are joining has already built substantial compliance infrastructure, and the bar continues to rise.
Crypto has a gap in indirect monitoring
Traditional financial institutions maintain lower alert triggering thresholds when it comes to indirect exposure to fund flows from both illicit and legitimate sources, and they receive notifications for smaller transaction amounts. By comparison, cryptocurrency exchanges establish significantly higher thresholds for triggering alerts, and these thresholds demonstrate variation across different risk categories, Chainalysis findings indicate.
Risk categories including ransomware attacks, fraud marketplaces, scam operations, and darknet market activities frequently feature indirect monitoring thresholds that are 10 to 20 times greater than the thresholds set for direct exposure monitoring.
"The industry's gap between direct and indirect monitoring creates an opening for illicit actors to exploit. Organizations that close this gap improve their regulatory defensibility and differentiate themselves as trustworthy counterparties," the Chainalysis team said.
The data in this chapter point to an industry in transition, one that has professionalized its approach to direct exposure but which may not yet be treating indirect risk with equivalent rigor.