In late May 2026, Chainalysis, a leading company in the field of blockchain data analysis and compliance solutions, released a new report that directly focuses on the compliance and transaction monitoring standards of the cryptocurrency industry: the report shows that among organizations newly entering the cryptocurrency industry in 2026, approximately 47% have adopted alert strictness that, if applied back to 2020, would rank them among the top 10% of the strictest organizations of that year. This indicates that under the continuous advancement of the regulatory framework and pressures like the implementation of regulations such as Europe’s MiCA, the superficial compliance threshold is significantly rising. More specifically, Chainalysis points out that regarding "direct monitoring" of funds that come directly from known illegal sources such as ransomware, fraudulent stores, and sanctioned jurisdictions, the industry has formed a relatively unified and stricter consensus on alert standards; however, once the funds are processed through intermediary addresses, multi-hop paths, or even cross-chain and privacy-based tools before flowing into institutional accounts, the alert settings for this kind of "indirect risk exposure" become noticeably more lenient, creating a significant gap in the current system. When regulatory documents, risk control reports, and compliance declarations collectively construct a "safety narrative," this report essentially raises the question: in a reality where direct monitoring is tightening significantly while indirect monitoring remains loose, the industry's confidence in its own security level has likely been systematically overestimated.

47% of New Institutions Raise the Threshold: The Compliance Arms Race Begins

Among the institutions newly entering in 2026, about 47% of the alert strictness, if applied back to 2020, would fit into the "top 10% most stringent" category of that year. This means that the high-pressure risk control that was previously only present in a few leading institutions is now quietly becoming the starting line for new players—the "minimum passing score" for industry compliance has already been raised to the level of past top performers.

Why are "new entrants" raising the threshold? On one hand, in recent years, regulatory frameworks—including Europe’s MiCA—have been continuously implemented, and regulatory bodies, trading platforms, and financial institutions are no longer satisfied with mere formal compliance declarations but place greater importance on whether they have the ability to identify high-risk addresses such as ransomware, fraudulent stores, and sanctioned jurisdictions through on-chain monitoring. For institutions building systems from scratch, configuring more aggressive alert thresholds from the beginning is often lower in cost than trying to "reverse fix" on existing business later. On the other hand, Chainalysis, as a leading company for blockchain data analysis and compliance solutions, has its reports consistently used as industry references by regulators and institutions; this sample of 47% itself carries a bellwether attribute: it signals that a new round of "compliance arms race" has begun, with real competition no longer being about whether tools are available, but who is willing to proactively position themselves further ahead in alert sensitivity.

Blacklisted Addresses Become High-Pressure Lines: Direct Monitoring Has Basically Taken Shape

In this report from Chainalysis, "direct monitoring" is specifically defined as triggering alerts when funds come directly from known illegal sources. The so-called "known illegal sources" include previously marked ransomware payment addresses, wallets of online fraud stores, and relevant addresses that are on sanction lists or within sanctioned jurisdictions. On-chain analysis tools neatly pull these addresses into a blacklist; when the previous hop of a transfer originates from such addresses, the system immediately issues a high-priority warning, extracting this funding path from the vast number of normal transactions.

The report points out that for these "direct risk exposures," most institutions have adopted relatively strict and consistent alert standards. Regulatory bodies and leading trading platforms generally require that on-chain transfers from high-risk addresses such as those on sanction lists or suspected of terrorist financing be instantaneously identified and responded to. Even though the report does not disclose specific numerical thresholds, it clearly emphasizes the ongoing trend of tightening direct risk monitoring standards in recent years. The result is that the identification and interception of blacklisted addresses are becoming the easiest area of consensus between regulators and institutions. This "high-pressure line" woven around high-risk addresses has become the clearest and most difficult bottom line to publicly challenge within the current cryptocurrency compliance system.

Multi-hop Transfers and Cross-chain Mixing: The Blind Spots of Indirect Monitoring Are Expanding

However, this "high-pressure line" woven around blacklisted addresses begins to become blurry once extended a few stations. In this report, Chainalysis deliberately distinguishes between "direct monitoring" and "indirect monitoring": the former involves funds flowing directly from high-risk addresses such as ransomware, fraudulent stores, and sanctioned jurisdictions into institutional accounts; the latter involves funds taking a detour, passing through one or more intermediary addresses, tools, or cross-chain paths before entering institutions, leaving only a "clean" last hop for the compliance system. According to the report's description, the identification and alert configuration for this type of indirect risk exposure are clearly more lenient, far less than the "zero tolerance" applied for direct risks, forming a visibly structural gap between direct and indirect.

The report does not provide specific thresholds or multipliers for comparison but repeatedly emphasizes this "indirect monitoring gap": multi-hop transfers, cross-chain conversions, and the addition of privacy tools allow on-chain paths to be artificially lengthened, scattered, or diverted, yet monitoring rules often only trace back the source within a limited number of hops or treat assets before and after cross-chain as two disconnected trajectories. Mixing services are responsible for blending transactions into indistinguishable funding pools, while cross-chain bridges are tasked with bringing assets to another chain to adopt a different "shell." Privacy tools then erase readable traces at critical points; in the face of such a combination of technologies, the current risk control logic centered on direct sources can easily lose its grip after a few turns, which precisely creates the most difficult to define and easiest to test boundaries by high-level adversaries within the current compliance landscape.

The Tug-of-War Between Risk Control and Experience: Who Bears the Cost of Indirect Risk

For institutions, capturing funds that have passed through several hands has never been just a technical issue, but a question of balancing profit and loss. Once the alert threshold is set too low, the false positive rate skyrockets, compliance teams become inundated with investigation tasks, normal users face frequent risk control interventions, and the experience of depositing and withdrawing funds deteriorates sharply; however, raising the thresholds to allow certain suspicious paths post-multi-hop and cross-chain to "pass first" may smooth operations in the short term but leaves the tail risks exposed within the asset pool. Chainalysis points out in this report that the gap between direct and indirect monitoring standards largely stems from institutions' trade-offs in resource allocation, technical capacity, and risk tolerance, creating a tendency for indirect monitoring to be set "looser."

This leniency is neither uniform nor fairly applied across the same type of users. In regions with mature regulatory frameworks, there is a gradual move to incorporate on-chain indirect risks into rules, while some jurisdictions remain at the level of principle statements and specific requirements are still being formulated; businesses targeting high-net-worth clients or traditional financial integrations tend to increase budgets for indirect tracing, while retail-oriented platforms with thinner profit margins are inclined to direct more resources to front-end growth. The report itself does not disclose what specific thresholds different types of institutions have used or provide quantitative comparisons between regions, but existing single-source analyses have suggested that indirect risk thresholds are relatively lenient and that there are differences between different entities, theoretically allowing high-level adversaries to exploit it as "space to walk the edges," although this judgment would need more systematic on-chain evidence to support it.

From Report to On-Chain Practice: What Signals to Focus on Next

From Chainalysis's report juxtaposing "overall compliance upgrades" and "indirect monitoring gaps," it is clear that the industry has made significant progress in directly addressing high-risk source addresses: an increasing number of institutions are adopting more unified and stringent alert standards for funds coming directly from addresses such as ransomware, fraudulent stores, and sanctioned jurisdictions; the overall configuration for new entrants in 2026 could already rank among the most "conservative" by 2020. However, the report also warns that once funds take a detour and come out of intermediary addresses, mixers, or cross-chain bridges before entering trading platforms or financial service providers, the monitoring threshold for indirect risks can become noticeably looser. The real concern moving forward is whether institutions will proactively lower the tolerance for such indirect exposures in the coming years: for instance, setting more sensitive automatic identification rules for "cleaning paths" that have multi-hop connections to high-risk sources or have undergone cross-chain transformations, rather than focusing solely on the first hop of funds. Global regulation is progressing from frameworks like MiCA to more detailed execution, providing policy space for this, while on-chain analysis tools are evolving toward cross-chain tracking, multi-hop path identification, and behavioral pattern analysis. The demands for technology and compliance are increasingly in sync, but attackers will also adjust their strategies along the same timeline. If indirect monitoring continues to be significantly weaker than direct monitoring over the long term, existing reputation dividends and compliance investments could potentially backfire; conversely, whether it is possible to truly incorporate multi-hop and cross-chain pathways into daily risk control as "hard indicators" will largely determine how far and how steadily this industry can advance.

Join our community, let’s discuss together and become stronger!
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
Exclusive AiCoin Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive AiCoin Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。