Security Firm: Slow Political Response Giving DeFi Hackers a Free Hand

DeFi, blockchain, cryptocurrency, legislation

Decentralized finance (DeFi) hacks cost crypto investors more than $2 billion in the first six months of the year alone. That’s more than in all of 2021 — so why aren’t regulators and politicians focusing on them more?

Those numbers could get a lot worse, according to crypto security firm CertiK. It predicts that losses could more than triple 2021’s numbers by the end of this year.

And yet, even the fledgling attempts to build a U.S. regulatory framework for cryptocurrency have largely ignored DeFi, as has Europe’s fully agreed-upon Markets in Crypto-Assets (MiCA) bill.

There are some reasons for this, not the least of which is that regulating DeFi — where projects claim to be so decentralized there is no central management at all, just smart contracts — is a lot more difficult than normal crypto and stablecoins.

But it’s also where the need is greatest, said Sen. Elizabeth Warren (D-Mass.), who focused her crypto-skepticism on decentralized finance in a December hearing by the Senate Banking Committee.

Read more: Sen Warren Calls DeFi the ‘Most Dangerous’ Part of Crypto at Senate Hearing

It is “where the regulation is effectively absent and — no surprise — it’s where the scammers and the cheats and the swindlers mix among part-time investors and first-time crypto traders,” she said.

Big Need

And yet the costs are devastating — both in the short term to the tens of thousands of individuals who have lost funds to various DeFi hacks, of course, but also in the longer terms to the ability and willingness of people to make payments on crypto projects and blockchain platforms.

That specifically impacts the cross-chain payments that dramatically expand the usefulness and value of those projects and platforms.

This is because most of those stolen funds come from so-called bridge projects that facilitate these payments, essentially allowing users to deposit a cryptocurrency usable on one blockchain and borrow tokens issued by and on another blockchain, returning them to unlock their original assets.

These include the $620 million Ronin hack in March, a $320 million Wormhole hack in February, a $100 million Harmony hack on June 24 and the $190 million Nomad hack on Aug. 1, among others.

See also: The $100M Hack and Crypto’s Cross-Chain Payments Problem

It’s hard to say what the impact on these bridge programs will be, but they rely on users trusting that their funds will be available when they want to withdraw them — much like stablecoins, which have had their own problems. And as bridges get a bad name, that can’t plausibly continue.

Then, there are those algorithmic stablecoins, which are a growing corner of the DeFi market. However, the $48 billion run and collapse of the Terra/LUNA stablecoin ecosystem in May has left those projects’ viability in doubt, although many people would argue that’s a good thing.

Indeed, the crypto legislation that got closest to actually advancing to a vote — and that legislators still say could pass in the current session — is a stablecoin bill that would effectively ban algorithmically dollar-pegged stablecoins.

Related: How a Stablecoin’s $48B Collapse Rippled Across Crypto

Beyond that, while the crypto lenders that went near or into bankruptcy in the wake of the TerraUSD stablecoin collapse were centralized projects, one of DeFi’s core offerings is lending/borrowing platforms, which have plenty of risks of their own.

Little Action on the Horizon

The only fully-formed proposal, the “Responsible Financial Innovation Act” from Sens. Cynthia Lummis (R-Wyo.) and Kirsten Gillibrand (D-N.Y.), largely takes a pass on DeFi.

First, it orders the treasury secretary, Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) to work with industry participants to “analyze the market position of decentralized finance technologies with respect to digital assets” and report back to Congress in one year.

Not with policy recommendations, mind, just with facts and figures.

Besides that, it orders the Treasury Department’s Financial Crimes Enforcement Network’s (FinCEN) Innovation Lab to recommend changes in law, policy and regulations in order to “more effectively facilitate the supervision of financial technology,” of all digital assets, distributed ledger technology (the foundation of blockchain) and DeFi.

Nor is it any better in the European Union, where the fully developed and (presumably) soon-to-pass MiCA law largely “left out” DeFi, Diego Ballon Ossio, a senior associate at global law firm Clifford Chance, wrote in a July 1 blog on the legislation.

However, he added, there is “a review clause baked into the rulebook that will likely lead to specific regulatory regimes at a later date.”

Beyond that, “crypto assets that are issued by a DeFi protocol will still qualify as crypto-assets,” so exchanges and other crypto-assets service providers (CASP) that list or trade in them will have to comply with regulations for other digital assets.

For all PYMNTS crypto coverage, subscribe to the daily Crypto Newsletter.