TL;DR: Bitcoin mining pool competition has become increasingly concentrated since 2015, and newly awarded bitcoin is sent to different destinations, according to Chainalysis. The findings matter because concentration, routing, and control points can change how practitioners think about market resilience, custody, and abuse pathways.
At a glance
What this is: This is a Chainalysis markets report on bitcoin mining pool concentration and the destination of newly awarded bitcoin.
Why it matters: It matters to security and identity practitioners because concentration and transfer pathways shape governance around custody, access control, fraud detection, and broader crypto operational risk.
👉 Read Chainalysis's report on mining pool market power and bitcoin flow concentration
Context
Bitcoin mining is a market structure problem as much as a technical one. When a small number of pools and exchanges influence where newly minted bitcoin moves, control, routing, and trust assumptions become easier to concentrate and harder to observe. For identity and access practitioners, the relevant question is not just who controls keys, but who can move value and under what governance.
Chainalysis positions the report as original research into competition between mining pools and between exchanges as destinations for new bitcoin. That makes the report more about market power, flow concentration, and custody pathways than about mining mechanics alone. The starting position is typical for crypto market analysis, but it has a clear governance angle wherever wallet control and transfer authority overlap.
Key questions
Q: How should organisations govern custody when mining rewards are routed through exchanges?
A: Organisations should treat mining reward routing as a controlled custody process, not a passive transfer. Define who can change destination wallets, require approval for route changes, and log every hop from reward issuance to exchange deposit. The main goal is to preserve traceability so that transfer authority remains auditable even when multiple operational systems are involved.
Q: Why does mining pool concentration create governance risk for digital assets?
A: Mining pool concentration creates governance risk because a small number of operators can influence where value is sent and how quickly it moves. That reduces routing diversity, increases dependency on a few control points, and makes downstream custody or compliance failures harder to contain. Security teams should therefore treat concentration as an operational resilience metric.
Q: What breaks when custody and payout controls are not separated?
A: When custody and payout controls are not separated, the same account or role can both authorise and redirect value. That creates a weak approval model, makes fraud easier to conceal, and reduces the ability to prove who changed a destination address. Separation of duties and immutable audit trails are the key compensating controls.
Q: Which compliance controls matter most for mining-related bitcoin flows?
A: The most relevant controls are approval traceability, transaction monitoring, and documented accountability for wallet and exchange destination changes. In practice, compliance teams need evidence that value movements are authorised, reviewable, and linked to named owners. Where regulated entities are involved, those records should support audit, dispute resolution, and anti-fraud review.
Technical breakdown
Mining pool concentration and network control
Mining pools aggregate hash power from many miners so rewards can be distributed more predictably. As mining has industrialised, pools with greater scale can attract more participants and sustain more stable payout flows, which can concentrate decision-making around payout policies, fee structures, and destination wallets. Concentration does not mean a single entity controls the blockchain, but it does mean fewer actors can influence how new bitcoin is routed after reward issuance. That creates governance questions around transparency, payout integrity, and dependency on a small set of intermediaries.
Practical implication: Practitioners should assess whether concentration in a small number of pools creates single points of operational and custody dependency.
Exchange destinations and custody pathways
When mining pools send newly awarded bitcoin to exchanges, the exchange becomes a downstream control point for custody, liquidity, and transaction monitoring. This matters because a mining reward that enters an exchange environment is subject to that venue’s account controls, withdrawal policies, compliance gates, and monitoring thresholds. In practice, the transfer path can obscure which party made the final routing decision, especially where multiple wallets, hot storage layers, and operational accounts are involved. The governance challenge is less about mining itself and more about the chain of custody after reward creation.
Practical implication: Practitioners should map wallet movement to exchange custody controls and verify that transfer approvals are traceable.
Market concentration as an operational risk signal
Concentration in mining pools and exchange destinations can amplify operational risk even when the underlying protocol remains intact. A market with fewer dominant routing points is more sensitive to policy changes, fee pressure, compliance actions, or service disruption at those points. For risk teams, the useful lens is not only price or throughput, but control diversity across the ecosystem. Where value creation and value routing both concentrate, the system becomes easier to profile and potentially easier to disrupt, monitor, or coerce.
Practical implication: Practitioners should treat concentration metrics as part of third-party and resilience reviews, not just market commentary.
Threat narrative
Attacker objective: The attacker objective in this pattern is to influence, intercept, or exploit a concentrated value-routing pathway rather than to compromise the blockchain itself.
- Entry occurs through concentration of mining rewards into a small set of pools and downstream exchanges, which reduces the number of observable routing points.
- Escalation follows when those few venues become the practical control layer for payout timing, transfer destination, and custody decisions.
- Impact is the creation of a narrower trust and governance surface, where disruption or abuse at one venue can affect a disproportionate share of value flow.
NHI Mgmt Group analysis
Market concentration in crypto infrastructure creates a governance problem before it becomes a security problem. When mining pools and exchanges become the dominant routing points for newly issued bitcoin, risk is no longer only about protocol integrity. It is also about custody concentration, decision bottlenecks, and the ability to audit value movement end to end. Practitioners should read concentration as a control issue, not just a market metric.
Crypto custody behaves like identity governance when control over value depends on who can authorise movement. The same governance logic that applies to privileged access in IAM applies here: fewer actors holding routing authority means fewer opportunities to detect misuse, dispute ownership, or enforce policy. That intersection matters for fraud teams, compliance leads, and security architects responsible for digital asset controls.
Mining pool concentration can amplify third-party risk even when the underlying blockchain remains secure. A resilient chain can still depend on fragile custody layers, exchange policies, and payout workflows. That distinction matters because many organisations confuse decentralised protocol design with decentralised operational governance. The practitioner conclusion is straightforward: decentralisation at the protocol layer does not eliminate concentration risk at the control layer.
Value flow visibility should be treated as a governance capability, not a reporting afterthought. If organisations cannot explain where new bitcoin is routed, which exchange receives it, and who approves the transfer path, they are operating with incomplete control evidence. In regulated or high-risk environments, the gap between issuance and custody needs explicit ownership, documented approvals, and independent monitoring. Practitioners should classify post-mining routing as a first-class control domain.
Custody-routing concentration is the specific failure mode this report highlights. The report points to a small number of venues acting as the practical choke points for newly awarded bitcoin, which means governance is being concentrated into infrastructure layers that are often treated as operational plumbing. That creates a narrow trust boundary that security and compliance teams should actively test.
What this signals
The practical lesson for digital asset programmes is that market structure and security posture are now tightly linked. When a small set of pools or exchanges dominates routing, the organisation’s real control surface shifts toward custody approvals, destination governance, and third-party concentration reviews.
Custody-routing concentration: this is the point at which market dominance becomes an operational risk for asset movement. Teams that already monitor wallet controls and exchange permissions should extend that discipline to concentration metrics, because the narrowest trust boundary is often the most consequential one.
If the article’s findings hold across the market, risk owners will need a stronger bridge between treasury, compliance, and security operations. That means treating value flow visibility as an ongoing control, not a periodic report, and aligning it with incident response, fraud review, and third-party assurance.
For practitioners
- Map custody routing end to end Document every step from mining reward issuance to final exchange destination, including intermediate wallets, approvers, and account owners. Treat unexplained routing changes as a control exception, not a routine operations event.
- Review concentration exposure in third-party risk Measure how much of your exposure depends on a small number of mining pools, exchanges, or wallet operators. Include service failure, policy change, and compliance intervention scenarios in resilience reviews.
- Separate protocol trust from custody trust Do not assume blockchain integrity means operational integrity. Build distinct control checks for transaction provenance, wallet authority, and destination validation so concentration risk is visible at the governance layer.
- Audit approval rights over transfer destinations Ensure only explicitly authorised roles can change mining payout addresses or exchange destination accounts. Where approvals are delegated, log the delegation chain and review it periodically.
- Build monitoring for unusual destination patterns Alert on changes in exchange destination, wallet clustering, or payout cadence that do not match historical behaviour. Use those signals to detect policy drift, compromise, or manipulation early.
Key takeaways
- Mining pool concentration is a governance issue because it narrows the number of actors that can influence how newly issued bitcoin is routed.
- The report’s core insight is about control points, not blockchain mechanics, because custody and exchange destinations shape the real operational risk.
- Practitioners should map, approve, and monitor post-mining value flows as a distinct control domain rather than assuming protocol decentralisation covers custody risk.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and CIS Controls v8 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Access control and approval governance map to payout and custody authority. |
| NIST SP 800-53 Rev 5 | AC-6 | Least privilege is relevant where few roles can redirect or approve asset movement. |
| CIS Controls v8 | CIS-5 , Account Management | Account governance matters for the roles that can alter custody routes. |
| MITRE ATT&CK | TA0006 , Credential Access; TA0004 , Privilege Escalation | Attacks against custody systems often hinge on privileged account abuse. |
Map wallet and exchange approval rights to PR.AC-4 and review destination-change permissions regularly.
Key terms
- Mining Pool: A mining pool is a coordinated group of miners that combines hash power to increase the predictability of reward payouts. In governance terms, it becomes a shared control layer that can influence payout policies, destination wallets, and operational dependencies across participants.
- Custody Routing: Custody routing is the path value follows from issuance or receipt to its final controlled destination. For digital assets, the route matters as much as the asset itself because each hop can introduce approval, monitoring, or concentration risk that security and compliance teams need to evidence.
- Destination Concentration: Destination concentration occurs when many transactions flow to a small number of wallets, exchanges, or accounts. It is a useful risk indicator because it reveals where operational control is being centralised, even in systems that are technically decentralised at the protocol layer.
What's in the full report
Chainalysis's full report covers the operational detail this post intentionally leaves for the source:
- Exact concentration methodology for mining pool market share and exchange destination analysis
- Original research outputs showing how miners distribute newly awarded bitcoin across destination venues
- Comparative market data that practitioners can use to benchmark concentration and routing patterns
- Report-specific interpretation of competition between top mining pools and destination exchanges
Deepen your knowledge
NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and secrets management. It helps practitioners connect identity control discipline to the wider security programmes they run.
Published by the NHIMG editorial team on 2026-05-07.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org