TL;DR: Institutional adoption, layer-2 scaling, and emerging infrastructure trends such as RWAs and DePIN are driving a crypto rebound and ending crypto winter, according to Chainalysis. The governance challenge is no longer whether crypto persists, but how compliance, custody, and monitoring adapt as the market becomes more institutional.
At a glance
What this is: This is Chainalysis’s crypto market outlook, which argues that institutional adoption, scaling improvements, and new infrastructure trends are signalling a recovery phase for the sector.
Why it matters: It matters to IAM, fraud, and compliance teams because market recovery usually expands on-chain activity, third-party risk, and identity verification pressure across exchanges, custodians, and adjacent financial services.
👉 Read Chainalysis's crypto spring report on recovery, adoption, and scaling
Context
Crypto market recoveries change the control environment as much as they change sentiment. When institutional participation increases, organisations face more counterparty exposure, stronger compliance expectations, and greater need for traceable identity and transaction governance across exchange, custody, and onboarding workflows.
The identity connection is indirect but real: as crypto infrastructure matures, KYC, AML, fraud detection, and access governance become more operationally important. That makes this report relevant not only to crypto businesses, but also to security and risk teams supporting identity verification, financial crime controls, and privileged access in trading and custody platforms.
Key questions
Q: How should crypto platforms prepare for institutional adoption risk?
A: They should treat institutional adoption as a control-scaling problem, not just a business-growth signal. That means stronger onboarding assurance, tighter privileged access separation, clearer transaction approval paths, and audit-ready monitoring across custody and settlement workflows. If those controls are immature, growth will expose governance gaps faster than revenue can cover them.
Q: Why do scaling technologies create new security governance challenges in crypto?
A: Scaling technologies increase the number of systems, dependencies, and exception paths that must be governed. Layer-2s and bridges can improve throughput, but they also make visibility, reconciliation, and incident containment harder unless teams extend control coverage beyond the base chain. The risk shifts from transaction delay to control fragmentation.
Q: What do organisations get wrong about crypto market recovery?
A: They often assume recovery is mainly a market or finance issue, when it is also a security and compliance issue. As activity increases, weak identity checks, over-trusted counterparties, and poor segregation of duties become more consequential. Recovery exposes control debt that was easier to ignore in a quieter market.
Q: How do compliance teams know if crypto controls are keeping up with growth?
A: They should look for evidence that onboarding, monitoring, and privileged access controls remain consistent as volume rises. Warning signs include manual exception handling, delayed investigations, weak reconciliation across infrastructure layers, and unclear accountability for wallet and transaction decisions. Those signals show governance is lagging market expansion.
Technical breakdown
Institutional adoption changes the control surface
Institutional flows alter how crypto platforms must think about trust. A market dominated by retail speculation can tolerate more manual exception handling, but institutional activity raises expectations for auditability, counterparty due diligence, access segregation, and repeatable controls. In practice, that means custody, onboarding, transaction monitoring, and privileged administration all need stronger governance. The operational question shifts from growth to controllability.
Practical implication: re-check identity, access, and transaction controls before onboarding new institutional counterparties.
Layer-2 scaling increases operational complexity
Layer-2s reduce congestion and improve throughput, but they also add routing, bridge, and dependency complexity. Each additional layer can create new reconciliation points, new abuse paths, and more fragmented visibility for operations and security teams. From a governance standpoint, faster settlement and broader use cases do not eliminate risk. They change where it concentrates, especially in integrations, wallet policy, and incident response readiness.
Practical implication: extend monitoring and control coverage to bridges, integrations, and settlement paths, not just core chains.
RWAs and DePIN expand the asset and identity problem
Real-world assets and decentralised physical infrastructure push crypto beyond speculative tokens into systems that represent off-chain value or real-world operations. That makes identity, authorization, and data integrity more important because failures can affect assets, services, and counterparties outside the blockchain itself. Security teams should treat these ecosystems as hybrid environments where technical controls, business processes, and regulatory obligations intersect.
Practical implication: align asset governance, identity assurance, and third-party oversight before supporting RWA or DePIN use cases.
Threat narrative
Attacker objective: The attacker seeks to abuse scale and trust expansion in a recovering market to move illicit value with less friction and less scrutiny.
- Entry occurs through market growth, new integrations, and expanded participation across exchanges, custodians, and service providers.
- Escalation follows as attackers exploit fragmented onboarding, weak transaction monitoring, or over-trusted counterparties in higher-volume environments.
- Impact is increased fraud, laundering, and operational exposure across trading platforms, wallets, and compliance workflows.
NHI Mgmt Group analysis
Market recovery in crypto is a governance event, not just a price event. As institutional adoption expands, the burden on control design shifts from managing hype risk to managing counterparty, custody, and transaction risk at scale. Security and compliance teams need repeatable identity assurance, access segregation, and monitoring discipline before growth widens the blast radius.
Scaling technologies do not remove trust problems, they redistribute them. Layer-2s, bridges, and adjacent infrastructure improve performance, but they also multiply the number of places where visibility can fail. That is a classic governance pattern in digital systems: throughput goes up faster than assurance unless controls are designed for the new topology.
Crypto’s next phase will be judged by operational evidence, not narrative. RWAs and DePIN only become credible at scale if organisations can prove who can act, what can move, and how exceptions are contained. For practitioners, that means identity assurance and control evidence become part of market readiness, not just compliance paperwork.
Financial crime controls and identity governance are converging in crypto operations. The more the sector resembles regulated financial infrastructure, the more KYC, AML, fraud monitoring, and access governance need to work as one control plane. That convergence matters to exchanges and custodians, because weak identity assurance now translates directly into control failure.
Named concept: post-winter control maturation. This is the point at which market recovery exposes whether governance kept pace with product and ecosystem growth. Organisations that treated crypto winter as a pause rather than a control-building window will find the next cycle harder to govern.
What this signals
Crypto’s recovery phase should push security leaders to treat market expansion as a test of operating model maturity. As ecosystems add institutional participants, the question becomes whether identity assurance, transaction oversight, and privileged access controls scale cleanly enough to sustain trust.
Post-winter control maturation: crypto organisations that use quiet markets to build assurance, not just capacity, will be better positioned when activity accelerates. The teams that can evidence who can act, what can move, and how exceptions are contained will carry the strongest governance posture into the next cycle.
For practitioners
- Rebaseline counterparty due diligence Review onboarding, KYC, and third-party assurance requirements before expanding exposure to new institutional flows, especially where custody or settlement is delegated to external providers.
- Extend monitoring to new crypto dependencies Map controls across layer-2s, bridges, wallets, and integration partners so visibility does not stop at the core chain, and include exception handling for failed or delayed settlement.
- Tighten access segregation for high-risk functions Separate transaction approval, wallet administration, and compliance review so growth does not concentrate authority in a small number of privileged accounts.
- Align fraud and AML telemetry with identity signals Correlate account behaviour, wallet patterns, and onboarding evidence so identity anomalies are investigated before they become transaction losses or regulatory findings.
Key takeaways
- Crypto recovery is also a control challenge, because more institutional activity increases the need for identity, custody, and transaction governance.
- Layer-2 scaling and ecosystem growth improve throughput, but they also multiply the places where visibility and accountability can break down.
- Practitioners should use the recovery cycle to rebaseline onboarding, access segregation, and monitoring before market activity expands further.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while ISO/IEC 27001:2022 and GDPR define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Access governance matters as crypto platforms scale institutional participation. |
| NIST SP 800-53 Rev 5 | AC-6 | Least privilege is central to wallet, settlement, and compliance segregation. |
| ISO/IEC 27001:2022 | A.5.15 | Access control governance fits the article's focus on growing operational risk. |
| GDPR | Identity verification and fraud controls can touch personal data in crypto onboarding. |
Where personal data is processed, align onboarding and fraud controls with lawful processing and minimisation.
Key terms
- Layer-2 Network: A Layer-2 network is an additional blockchain layer built to improve speed, cost, or scalability. It reduces load on the base chain but also creates new governance points around bridging, reconciliation, and operational visibility that security teams must understand.
- Real-World Assets: Real-world assets are on-chain representations of off-chain value such as property, invoices, or financial instruments. They create a hybrid risk model because technical controls now affect assets that depend on legal, operational, and identity assurance outside the blockchain itself.
- Decentralised Physical Infrastructure: Decentralised physical infrastructure, or DePIN, refers to blockchain-enabled networks that coordinate real-world services or hardware. The control challenge is not just token economics, but trustworthy identity, authorisation, and accountability across physical and digital actors.
- Transaction Monitoring: Transaction monitoring is the process of detecting unusual, suspicious, or policy-breaching movement of value across accounts or wallets. In crypto environments, it must connect behavioural signals, counterparties, and identity evidence to be operationally useful.
What's in the full report
Chainalysis's full report covers the operational detail this post intentionally leaves for the source:
- Market-specific evidence behind the institutional adoption trend and how it changes sector behaviour
- More detailed discussion of layer-2 development and scaling initiatives across major blockchains
- The report's treatment of RWAs and DePIN as emerging infrastructure categories
- Broader case studies and supporting analysis that sit behind the crypto comeback narrative
Deepen your knowledge
NHI Mgmt Group covers identity security, NHI governance, and agentic AI through independent research, practitioner guides, and the NHI Foundation Level course, the industry's only accredited NHI security programme. Explore it when your programme needs a stronger foundation for access, lifecycle, and secrets governance.
Published by the NHIMG editorial team on 2026-05-12.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org