The New Economics of Crypto Exchanges: How Security, Liquidity and Compliance Became Barriers to Entry

Security failures within the cryptocurrency market create negative externalities for more than just the exchange impacted by a given security breach. According to Chainalysis, in 2024, losses due to attacks on cryptocurrency services amounted to over $3.4 billion; the Bybit breach represents the largest theft in the history of the cryptocurrency industry, exceeding $1.5 billion in losses. Additionally, there was an increase in cybercrime due to state-sponsored actors, as North Korean hacking groups extracted approximately $1.3 billion in digital assets in 2024 using social engineering techniques to gain access to private keys, as well as using infiltration of internal processes to commit fraud against various exchanges.

These events have established the minimum acceptable standard of operational security within the cryptocurrency exchange industry. To be considered a credible cryptocurrency exchange, the following elements of an exchange's security architecture are required as a minimum standard: 1) multi-level key management, 2) cold and hot wallet infrastructure, 3) multi-signature authorization, 4) continuous transaction monitoring, and 5) independent security audits.

The development of Proof of Reserves represents the market driven response to address the issue of information asymmetry related to the deposit of digital assets by customers into a centralised exchange. The deposit of a customer's digital asset creates an inherent information asymmetry between the customer (the principal) and the exchange (the agent). Therefore, customers cannot observe that the exchange has the digital assets it claims to possess. However, through the Proof of Reserves method, customers can verify on-chain the collateral backing their digital assets.

The policy implication is clear: security architecture must be incorporated into the creation of the exchange's infrastructure from the outset, rather than adapting it following the completion of development. Many new entrants into the cryptocurrency exchange marketplace can address this by making build-or-buy decisions and selecting a white-label futures trading platform with an integrated security architecture and compliance tools already bundled within them—this allows for the conversion of a significant capital investment into a relatively small operating expense.

Liquidity Has a Dual Role as Both a Public Good and Competitive Advantage

Liquidity has been identified as both a public good and a competitive advantage in exchange markets. It affects the price discovery process, transaction costs, and ultimately how well a platform can attract and retain order flow. Therefore, by 2026, minimum liquidity standards will be a condition of market participation rather than a distinguishing feature.

According to Kaiko market analysis, only a small number of exchanges that have consolidated within the sector now hold the majority of high-quality liquidity, which has resulted from superior execution performance. This creates a tendency towards a natural monopoly, where liquidity attracts additional order flow, causing liquidity to deepen, thus creating a self-reinforcing feedback loop that disadvantages exchanges that did not reach critical mass.

Newly launching exchanges have the potential to create credible commitment problems. Without the ability to attract the necessary amount of market depth at launch, a new exchange must rely on either (A) substantial capital investment in market maker agreements or (B) partnerships with established liquidity providers. Both of these options require a much higher minimum viable scale of entry.

Compliance Function: From Operational Constraint to a Mechanism to Access Capital

MiCA represents the most significant regulatory development affecting the market's operational capacity, as it represents an evolution in regulation. In order to operate within the EU, all crypto exchanges must now obtain the status of a Crypto-Asset Service Provider (CASP) and meet established standards set out in the regulations regarding risk management, corporate governance, and client protection, along with other baseline operational requirements such as KYC, AML, and Travel Rule compliance.

The economic rationale for compliance has transitioned from a cost reduction strategy to the ability to access markets and therefore acts as a critical pathway into institutional pools of capital for exchanges. Institutional investors such as pension funds, commercial banks, and large corporate treasury operations are also subject to their own regulatory requirements and are unable to transact with entities that do not comply with applicable regulations. Thus, compliance becomes a prerequisite for access to institutional capital at levels that are far higher than those provided by retail markets.

Implications of the Market Structure

Increased minimum standards on capital and operational complexity across all sectors have greatly increased the level of investment needed in developing Exchanges that can be compliant. As a result, this has created two distinct market structures. First, existing exchanges have become more concentrated than ever with the ability to meet the new higher minimum capital and operational complexity levels. Second, as new entrants require third-party white-label infrastructure, or technology providers, in order to provide a compliant enterprise-grade exchange, it has created an increased strategic focus on these white-label providers for use by new entrants.

A considerable amount of new risk is associated with being non-compliant. A significant data breach, reserves being inadequate, or regulatory violations can lead to a rapid loss of reputation for any exchange. As a result, the expected value of maintaining a compliant exchange is substantially greater than the potential cost of non-compliance.

In summary

The cryptocurrency exchange market has now matured to an institutional level at which regulatory compliance, liquidity, and security have become interdependent elements of a cohesive structure of trust, rather than remaining independent. Competition in this segment of the market has changed accordingly. The ability to meet minimum compliance standards will no longer be an area of differentiation. Future competitive advantages will be derived from how well and deeply these standards have been integrated into the technological and organizational designs of the exchange. This integration will determine which exchanges will be able to attract institutional investor capital for the foreseeable future.