TL;DR: China’s historic cryptocurrency activity, including periods where miners controlled as much as 65% of global hashrate, is now being reassessed as the government tightens controls and advances the digital yuan, according to Chainalysis. The governance lesson is that state policy can rapidly reconfigure transaction, custody, and monitoring assumptions across digital asset ecosystems.
At a glance
What this is: This report examines China’s historic cryptocurrency activity and the implications of its crackdown on decentralized cryptocurrencies alongside the digital yuan push.
Why it matters: It matters to security and identity practitioners because state-backed digital money changes trust, transaction controls, and the governance model around custody, monitoring, and access.
By the numbers:
- Miners from China have historically been dominant, at times controlling as much as 65% of global hashrate.
👉 Read Chainalysis' analysis of China’s historic cryptocurrency activity and digital yuan strategy
Context
China’s cryptocurrency ecosystem has been shaped by scale, state policy, and rapid shifts in where value moves. The report frames a problem that matters beyond crypto trading: when a government changes the rules, the operational trust model around custody, transaction visibility, and market participation can change just as quickly.
For identity and access practitioners, the relevant question is not whether crypto is decentralised in theory, but how governance works when control points are concentrated in exchanges, wallets, miners, and state-led payment infrastructure. That is why this report is best read as a policy and control-surface analysis, not a purely market history piece.
Key questions
Q: How should organisations assess risk when digital currency ecosystems shift toward state control?
A: They should separate market volatility, custody exposure, and regulatory change into different risk categories. A state-led currency can alter participation rules and visibility without changing the underlying payment use case, so governance should focus on who controls access, what data is observable, and which transactions are subject to policy intervention.
Q: Why does mining concentration matter in a blockchain network?
A: Mining concentration matters because it can create operational dependence on a small number of participants even when the network is technically distributed. That increases sensitivity to regulation, infrastructure disruption, and policy change. Security teams should treat concentration as a resilience signal, not just a market share statistic.
Q: What do security and compliance teams get wrong about decentralised systems?
A: They often assume decentralisation removes governance dependencies. In practice, access to wallets, exchanges, validation infrastructure, and analytics still sits with identifiable operators. Effective governance looks at those control points directly, including approval authority, monitoring, and the ability to revoke access when conditions change.
Q: How can teams monitor digital asset activity without overrelying on narrative analysis?
A: Use transaction data, concentration trends, and policy developments together. On-chain evidence shows how the ecosystem is actually behaving, while open source research and interviews explain why. That combination produces a more defensible view of risk than headlines or ideology alone.
Technical breakdown
How mining concentration changes control in a cryptocurrency ecosystem
Mining concentration matters because it can shape transaction validation power, influence network resilience, and create geographic dependencies that affect the broader ecosystem. When a small number of actors control a large share of hashrate, the system may still function, but its operational trust profile becomes more sensitive to regulation, infrastructure shifts, and enforcement pressure. In practice, concentration is less about ownership in the corporate sense and more about who can sustain compute, energy, and network access at scale.
Practical implication: Map concentration risk to where transaction validation, custody, or monitoring depends on a narrow set of operators.
Digital yuan governance and the shift from open networks to state control
A central bank digital currency changes the governance model because the issuer can define participation rules, transaction policy, and visibility requirements in a way public cryptocurrencies cannot. The digital yuan is therefore not just a payment instrument. It is a policy tool that can re-anchor economic activity inside a controlled monetary architecture, with different implications for privacy, surveillance, and cross-border flows than open blockchain systems.
Practical implication: Review how state-issued digital money alters privacy, monitoring, and access assumptions in payment and compliance workflows.
Blockchain data and open source research in market intelligence
Historical blockchain data can reveal transaction volume, miner behaviour, and ecosystem shifts that are not obvious from policy announcements alone. Open source research and expert interviews add context, but the core value is correlation across on-chain activity, market timing, and regulatory changes. That combination helps analysts distinguish ideology from operational reality.
Practical implication: Use on-chain evidence alongside policy analysis when assessing how regulatory change will affect control points and risk.
NHI Mgmt Group analysis
State-led digital currency is a governance model change, not just a payments update. The report shows how the move toward the digital yuan sits alongside pressure on traditional cryptocurrencies, which means control is shifting from distributed network participants toward policy-defined issuance and oversight. For security and identity teams, that matters because trust boundaries are being redrawn around who can participate, observe, and transact. Practitioners should treat digital currency programmes as governance architecture, not only as financial technology.
Crypto custody risk is increasingly a control-plane problem. When access to wallets, exchanges, and transaction rails is the practical control point, the real question becomes who can authorise movement, revoke access, and monitor abnormal flows. That is structurally similar to identity governance in other high-trust systems: the access layer matters more than the brand of asset being moved. Practitioners should focus on the authority chain behind custody and transaction approval.
China’s historic mining dominance illustrates concentration risk in supposedly distributed systems. A network can be technically decentralised and still operationally dependent on a limited set of powerful participants. That creates resilience and policy exposure that looks familiar to IAM and PAM teams: distribution alone does not guarantee governance. Practitioners should assess where nominal decentralisation masks practical concentration.
Blockchain analytics are becoming a prerequisite for policy-informed risk management. The report combines historical blockchain data, open source research, and interviews, which is the right pattern for understanding fast-moving digital asset ecosystems. Purely narrative analysis misses the control shifts that matter. Practitioners should anchor decisions in observable transaction and participation data, not just policy headlines.
What this signals
China’s digital currency direction is a reminder that control shifts often happen faster than security operating models. When policy changes move transaction governance toward state-defined rails, teams need to reassess where trust, monitoring, and approval authority actually sit.
Custody concentration gap: the practical risk is not only who owns an asset, but who can move it, observe it, and revoke access to it. That is a control problem that looks familiar to identity teams, especially where approval chains and monitored access are still weak.
For organisations that touch digital assets, the immediate programme implication is to treat transaction visibility, access approval, and regulatory monitoring as linked control domains. The more concentrated the control surface, the more important it becomes to define ownership and escalation paths before policy shifts force the issue.
For practitioners
- Separate protocol risk from policy risk Track network-level resilience, custody exposure, and regulatory change as distinct risk categories rather than treating them as one crypto issue. This helps security and compliance teams avoid mixing validation risk with governance or sanctions exposure.
- Review custody controls around approval authority Identify who can initiate, approve, and revoke transfers across wallets and exchange accounts, then test whether those controls are documented and monitored. The control objective is clear approval authority, not informal operator trust.
- Use on-chain evidence in governance reviews Bring transaction history, concentration trends, and ecosystem migration data into periodic risk reviews so decisions are based on observed behaviour rather than assumptions about decentralisation.
- Align digital currency oversight with privacy obligations Assess how state-backed digital payment models affect data visibility, retention, and access to transaction records, especially where identity verification or compliance processes are involved.
Key takeaways
- China’s crypto story is as much about governance as it is about technology, because policy can rapidly change how value is validated, moved, and observed.
- The report’s 65% hashrate figure shows that distribution alone does not guarantee resilience when control concentrates around a few operators or jurisdictions.
- Teams overseeing digital assets should map custody authority, monitoring, and regulatory exposure as separate controls, then test them against real transaction data.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | GV.OC-1 | The report is fundamentally about organisational context and changing control assumptions. |
| NIST SP 800-53 Rev 5 | AC-6 | Custody and approval chains depend on least-privilege access and defined authority. |
Use CSF governance and context-setting to separate policy, custody, and resilience risk.
Key terms
- Hashrate Concentration: Hashrate concentration is the share of a blockchain’s mining power held by a limited set of participants. High concentration does not automatically imply compromise, but it increases operational dependency, policy sensitivity, and resilience concerns when regulation or infrastructure conditions change.
- Digital Currency Governance: Digital currency governance is the set of rules, controls, and oversight mechanisms that determine who can participate, transact, observe, and enforce policy in a monetary system. It covers technical rails, regulatory authority, approval chains, and the visibility of transaction data.
- On-Chain Analytics: On-chain analytics is the analysis of blockchain transaction data to identify behaviour, concentration, movement patterns, and anomalies. It is useful because it provides observable evidence of ecosystem activity, which can be compared with policy changes, market shifts, and enforcement actions.
- Custody Control Surface: The custody control surface is the collection of identities, approvals, wallets, and monitoring points that govern how digital assets are moved and protected. In practice, it is where authority is exercised, revoked, and audited, making it the most important governance layer in many asset environments.
What's in the full report
Chainalysis' full report covers the operational detail this post intentionally leaves for the source:
- Historical blockchain analysis of China’s mining activity and transaction volume, including the evidence base behind the 65% hashrate figure.
- The report’s discussion of both legal and illicit transaction patterns, which is useful for teams comparing policy risk to enforcement risk.
- Expert interview context on the motivations behind the crackdown and what they may mean for future digital currency governance.
- A closer look at the digital yuan project, including the possible goals and ecosystem effects that are only summarised here.
Deepen your knowledge
NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, workload identity, secrets management, and identity lifecycle controls. It is designed for practitioners who need to connect access governance to the broader security programme.
Published by the NHIMG editorial team on 2026-05-07.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org