Vulnerabilities in decentralized finance (DeFi) are enabling criminals to transfer and launder illicit proceeds.
“Our assessment finds that illicit actors, including criminals, scammers and North Korean cyber actors are using DeFi services in the process of laundering illicit funds,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in a Thursday press release. “Capturing the potential benefits associated with DeFi services requires addressing those risks.”
The primary vulnerability exploited by these bad actors is the fact that many DeFi services have failed to implement anti-money laundering and countering the financing of terrorism (AML/CFT) obligations, according to the press release.
Other vulnerabilities include some DeFi services not being covered by existing AML/CFT obligations, some jurisdictions having weak or nonexistent AML/CFT controls in this area, and some DeFi services having weak cybersecurity controls, the release said.
“The private sector should use the findings of this assessment to inform their own risk mitigation strategies and to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services,” Nelson said in the release.
The U.S. government can do more as well. The report recommended that it strengthen AML/CFT regulatory supervision, consider additional guidance for the private sector regarding these obligations and address any regulatory gaps, the release said.
This report comes four months after the Financial Stability Board (FSB) said it was stepping up its monitoring of crypto-assets and DeFi and enhancing its monitoring to include DeFi-specific vulnerability indicators.
“Within the crypto-asset ecosystem, DeFi has emerged as a fast-growing segment, covering a variety of services in crypto-asset markets that aim to replicate some functions of the traditional financial system,” the FSB said Dec. 6.
Two months later, in February, blockchain intelligence platform Chainalysis reported that hackers stole $3.8 billion from crypto companies in 2022, and of that, $3.1 billion — representing 82.1% of all stolen assets — resulted from breaches of DeFi protocols and platforms.