It is observed that crypto-cards and neobanks are generally at a great inflection point where now it has become a mainstream category inside crypto where value capture occurs. There are more than 35+ players that we have mapped out, who can be compared with each other across different models and shaped by how they monetise, scale, and acquire/retain users.

Overall there are three value layers:

1. Liquidity owners/partners (defi players) which capture yield + interchange fees

2. Rail owners (infra/B2B) which capture recurring API fees, compliance rent, and treasury/float

3. Distributors/aggregators (CeFi, regional, niche like privacy) which capture interchange/FX but face structural compression.

So, in general, what really makes these card operators defensible or gives them a strong moat? It is majorly around controlling a primitive, which can either be

• regulated access

• programmable liquidity

• deep integrations

In general cashbacks is not anymore a real moat, they are a good to have feature which can help in the initial bootstrapping phase of the product, but doesn’t really become a long-term moat for driving retained users/ loyalty to the platform; but on the other hand providing users rights, access, and reducing switching costs are definitely one of the major drivers.

Let’s understand this well by looking at a few different categories of card operators that have developed in crypto right now:

• custodial exchanges

• web3 wallets

• infra players (more backend)

• regional coverage

• niches like focus on privacy

First up, for custodial exchanges or fintech-styled players like Bybit, WireX, and Crypto.com, their major moat as a product lies in the fact that they are able to bring the best of both web2 <> web3 worlds together - they allow you to easily on-off ramp + also buy your fav tokens. So the cards actually become a great way for these players to ‘force lock inside the exchange,’ i.e., make their users sticky by capturing their liquidity and ensuring that they are not moving it elsewhere to other exchanges (more of this). On the other side, it is also an easy way for users to directly use these cards as a form of onboarding new users to their exchanges (less of this). These players mainly dominate purely on distribution games focusing on licensing, scale, and brand recognition as their major moat, but the economics compress quickly since the interchange and FX fees are capped, and token rewards also fluctuate with market cycles which reduces their profits even if they keep scaling. Overall the success of these exchanges (and eventually their cards) is a function of 1) user churn 2) market liquidity 3) loyalty.

Next there are defi players like Metamask, Etherfi, and Solayer who basically have a dual yield earning structure by internalising both the yield layer (user deposits stETH/eETH/LP positions) and the transaction layer (interchange revenue from spend) which creates two distinct value streams that traditional custodial or exchange-linked cards can’t really capture. This creates a self-reinforcing dual revenue flywheel: more assets → more yield → more rewards → more spending → more interchange → more assets.

It is fair to think that their defensibility can be majorly tied to the idea that users liquidity and usage naturally concentrate where the economics are natively aligned for them. At the same time, there are also a few risks that should be noted about these players since their revenue is highly reliant on 1) defi yields (APY compression, TVL rotation) 2) smart-contract dependencies 3) fiat bridges (operational friction to move assets onchain <> offchain). The result is that it is a great model with high structural leverage where one can have deeper upside and stronger intrinsic moats, but volatility does still exist and is heavily influenced by market conditions and protocol health

Infra providers like OrbitX and Kolo.in actually operate at a completely different layer of the stack. They are basically the ‘backend infra’ rail for many of these other companies who actually build frontend experiences on top of them and compete for acquiring new users, card designs, or cashbacks. What is handled by these infra players are aspects like issuing cards, moving money, converting between fiat and crypto, and staying compliant with regulators. Their business model is built around integrations with partner projects via APIs, SaaS fees, FX/settlement rails, and compliance tooling. The best way to think about them is that whenever a partner project performs an action for a user like issuing a card, topping up a balance, performing KYC, or running an FX conversion, it is actually handled by these players and they take a small cut. Overall, it is fair to think that once many integrations are through, the revenue streams are somewhat recurring and predictable + tied to a focus on ecosystem growth overall rather than singular user metrics like AVPU. It is actually a pain for a company to switch since they would have to rebuild their card logic, re-establish compliance channels, redo integrations with banks/networks, and migrate users, which who would want to do, right?. This is what works well for them (ofc if done well), creating deep, compounding stickiness over time. They are very comparable to web2 payment processors or custody infra tools which are barely front-user facing but actually do all the heavy lifting on the backend. It is more of a tech moat (ensuring the rails work + easy to integrate) + sales (landing good B2B clients which ideally would have good distribution and ensuring they don’t churn).

Regional players like Lemon, Kasi Money, and Sora have actually built their entire value around operating deeply inside a specific (localised) market. Their strength comes from being able to have local payment rails, fiat–crypto conversion paths, domestic banking relationships, and regulatory clarity. In this case the moat is majorly a combination of understanding local user behaviour + ensuring the infra is highly fluid in the native localised setup with different partners. But ofc, localisation has its own upside limitations because it gets tough to start easily scaling this model in a new country, as one would need to again figure out new licences, forming new banking relationships, adjusting to different consumer expectations, and often redesigning the onboarding completely. So overall these players are regional masters, but have a hard time globally, making expansion slow, expensive, and operationally heavy.

Lastly, there are cards focused on a niche like privacy-focused cards such as Payy whose entire value prop is built around anonymity, censorship-resistance, and minimal disclosure, giving them a clear narrative and a loyal niche audience. Users choose them because they are more ‘ideologically aligned than purely the technological infra’. Generally, creating a brand and providing a more non-invasive experience are their major focuses. One thing these players majorly face issues with is that in regions requiring strict KYC, AML, and monitoring, compliance becomes a huge hurdle for these players to penetrate, especially when looking at more offchain transactions. Compared to all the other categories, privacy for eg: makes a very small set of user cohorts who are highly ‘privacy-first’ aligned (more ethos/ principles based than purely product experience).

Just to summarise the learnings a few objective takeaways are:

• value is shifting down the stack where real moats now come from infrastructure, compliance, and liquidity control rather than rewards or branding

• regulation is becoming the main determinant of scale, with licensing and bank access deciding who can expand into new markets/geographies

• owning the liquidity layer helps to drive revenues, as one can control yields and balances rather than competing over thin margins

• integration depth compounds defensibility

• local advantage still matters, where corridor-specific rails, FX pathways, and domestic partnerships can outperform broader players

• cefi cards deliver high volume but low leverage, remaining dependent on subsidies and thin FX/interchange economics

• defi cards offer stronger but more volatile economics

• infra rail providers once integrated are super sticky

• niches like privacy-led are more focused on narratives/branding than purely on product moats as compared to other categories, which leads to more friction in adoption + scaling

So, what would really make sense doing here?

• owning a primitive like licensing coverage, integration rails, or liquidity pathways

• creating stronger models to monetise flows around inevitabilities (volume, balances, compliance events) rather than depending on yield that comes from token inflation

• designing for a way where an operator is irreplaceable in the flow via multi-party integrations, regulator attestations, custom risk engines, and issuer–processor dependencies that can create natural switching barriers

• optimizing the flow from on-chain → off-chain by offering instant liquidity backed by crypto collateral, reducing user friction and strengthening issuer risk controls

Lastly, a few whitespaces or opportunities we identify are around:

• compliance orchestration: unifying KYC/KYB, travel-rule, sanctions, and audits into one API; the moat here comes through regulator relationships, approval data, and workflow entrenchment

• smarter FX & routing: basically a routing aggregator across CEX/DEX/RFQ with guarantees and treasury backstops; the idea is to monetise micro-fees per routed transaction + spread share

• credit on onchain collateral: real revolving credit against stables/LSTs with LTV, liquidation buffers, and auto-repay; the moat is in having highest ARPU and having a setup of a good oracle network, liquidation logic, and risk engine

• regional issuer kits: prepackaged UPI↔SEPA / PIX↔USD stacks (BIN, KYB, FX, settlement, tax) acting as ‘regional issuer-in-a-box’; the moat comes from sponsor-bank networks, local licences, BIN scarcity, and regulatory support (which are all super tough to acquire)

• legal privacy: selective disclosure (VC/ZKP) that preserves user privacy while remaining regulator-grade; the moat is built through policy-backed attestations, trust marketplaces, and regulator comfort

• yield-aware settlement & float management: a ledger that routes idle balances into approved yield, unwinds instantly for spend, and stays auditor-friendly; the moat is enabling regulated, risk-controlled yield across CeFi and DeFi.

Looking at it generally, one of the bigger opportunities right now could be something around building a compliance + FX + issuance middleware layer with optional yield and credit modules. Whoever becomes the Stripe/Checkout.com for crypto cards along with real regulatory cover will ideally end up owning the entire category (full-stack approach).

Closing in, the real value is no longer a unidirectional mechanism (who issues the card/ who offer the biggest cashback), but essentially it is a combination of a few aspects like controlling the underlying primitives around licensing, liquidity routing, compliance logic, and the settlement rails.

Overall it feels like it is about being able to identify where the real leverage and margin exist and ensuring these players are tapping into the opportunity.