The security and compliance of on-chain payments are no longer the sole responsibility of exchanges, but a reality that every participant must face together.

Written by: Conflux

At the end of May, addresses related to HTX were marked by multiple on-chain risk control systems, resulting in trading restrictions for some users. The market operations head of HTX characterized this incident as a rare large-scale "collateral damage" in the history of the cryptocurrency industry.

However, from another perspective, this may not be coincidental, but an early signal that new rules for on-chain payments are being formed.

The Evolution of Risks in On-Chain Payments

The HTX incident is just a prologue; it reveals that the rules of on-chain payments are undergoing essential changes.

The technical core of the recent sanctions from the UK is hidden in a provision called Regulation 17A.

For the first time, the UK has applied this regulation to cryptocurrency exchanges. Its implication is that the ban does not only cover the sanctioned entities themselves but the entire payment chain — as long as any node along the path of a transaction involves a sanctioned exchange, all transactions on that chain may be deemed "sanctioned transactions" by UK compliance authorities.

Elliptic's interpretation of this is very straightforward: their transaction tracking capabilities allow UK's virtual asset service providers and institutions to identify indirect links to sanctioned exchanges across multiple "hops." This is precisely what Regulation 17A now incorporates — the jurisdiction over indirect on-chain exposure.

In other words, you might never have had direct dealings with HTX, but if your funds come from an address that has previously deposited coins on HTX — in this system, your address gets a "risk tag."

This mechanism greatly expands the scope of risk associated with on-chain payments.

Risk Control Companies: The Core Force Defining On-Chain Red Lines

This on-chain monitoring system's operation relies on companies like Elliptic, Chainalysis, and BlockSec.

What they do is essentially bring "sanctions list screening" from the traditional financial system onto the blockchain. However, screening on-chain is more complex than in traditional finance — funds can jump across chains, mix coins, and split, with paths intentionally designed to be hard to trace.

More notably, their market positions deserve attention. Blockchain analysis tools like Chainalysis, TRM Labs, and Elliptic have become foundational compliance facilities for any institution exposed to crypto assets, rather than merely supplementary services. This means that as soon as an address gets flagged by any of these three, almost all exchanges that access their data will automatically tighten processing — this is exactly how user accounts were frozen in the HTX incident.

The capacity boundaries of this screening system are also continually expanding. In September 2025, Elliptic released a new tool to track the flow of stablecoins like USDT and USDC across multiple chains, which has been adopted by several major banks. USDT on the Tron network is a key monitoring target — Elliptic's data indicates that the proportion of USDT on the Tron chain appearing in sanctions and illicit fund flows is significantly higher than its overall market share. Tron, Tether, and TRM Labs froze over $250 million in assets involved in wrongdoing last year. Earlier, Elliptic announced it had trained a money laundering detection system using deep learning models on a dataset of over 200 million Bitcoin transactions, capable of identifying previously unknown illegal wallets. In other words, this system is not just checking known blacklists but is actively discovering new risk patterns.

The Russian Shadow Network: Real Challenges of Rule Coverage

In February of this year, Elliptic released a report indicating that a crypto "shadow network" related to Russia is still operating — most of the platforms within it have not yet been sanctioned but have been named and placed under surveillance. ABCeX is said to be the largest, having processed at least $11 billion in crypto transactions; Rapira has over $72 million in direct dealings with the sanctioned exchange Grinex; Bitpapa evades monitoring by frequently changing wallet addresses. Elliptic's conclusion is that the infrastructure for sanctions evasion targeting Russia has not disappeared but has dispersed across more platforms. — This means that the scope of marking will only continue to widen, not narrow.

This figure illustrates the scale of the issue — it is not about individual blacklisted addresses, but a large flow of funds throughout the entire ecosystem. Although some platforms have not been sanctioned, they have already been included in regulatory monitoring, and the marking range continues to expand, indicating that new rules are enhancing the ability to trace on-chain fund paths.

The "SWIFT Moment" of On-Chain Payments

There is a familiar concept in the traditional financial world: SWIFT sanctions. Being kicked out of SWIFT means your dollar cross-border payment channels are cut off; whether buying oil or grain, you will encounter significant obstacles.

On-chain payments are undergoing a similar process, only at a faster speed and broader coverage.

The difference lies in the mechanism: SWIFT sanctions are "disconnecting," once you are kicked out, subsequent payments cannot take that route. On-chain sanctions are "tagging" — your historical transaction records permanently exist on the chain and can be traced back at any time, with any address that had a connection to you potentially getting marked.

Elliptic's research points out that compliance screening must not only detect direct exposure but also identify indirect exposure to sanctioned parties amidst numerous "hops." The EU's 20th round of sanctions has officially taken effect on May 24, 2026, clearly including restrictions on crypto services related to the A7 network.

This indicates that anti-money laundering and sanction compliance on-chain are no longer just "an exchange issue," but a matter for every participant. Whether your wallet address is "clean" begins to transform into a real issue with consequences. This also illustrates that on-chain payments are no longer merely transactional behaviors; they are intertwined with compliance, sanctions, and risk control, forming systemic risks.

Industry Trends: From Passive Compliance to Proactive Risk Control

From the above cases, it can be seen that the regulatory logic of on-chain payments is undergoing fundamental changes:

1. From individual platform lists to a network-wide risk map

2. From post-event freezes to real-time monitoring and risk scoring

3. From internal processes of exchanges to integrated risk control across chains and platforms

In the coming years, exchanges, wallets, bridging protocols, and even DeFi will integrate on-chain risk monitoring. Compliance and risk control are no longer additional features, but core competitive advantages.

On-Chain Payments Enter a New Era of Risk Control

The past blockchain payment emphasized freedom and anonymity, but now, as exchanges integrate risk control tools and regulatory requirements for on-chain fund transparency increase, on-chain payments are entering a new era where deep risk control and compliance coexist.

The HTX incident is just the tip of the iceberg, indicating that on-chain payments are gradually forming new financial boundaries: it is not only about whether transactions are illegal but also whether fund paths are compliant.

In the future, crypto assets will no longer be just "emerging markets," but a part of the global financial game. Ordinary users and institutions must realize that the security and compliance of on-chain payments are no longer the sole responsibility of exchanges, but a reality that each participant must face together.