A new report from the United States Treasury Department warns that poor cybersecurity practices within the decentralized finance (DeFi) industry present a threat to crypto, consumers, and national security. The report argues that DeFi’s peer-to-peer nature presents illicit finance risks that require additional legal supervision to address.
The Risks of DeFi
The 2023 DeFi Illicit Finance Risk Assessment, released on Thursday, details how cybercriminals are exploiting the DeFi ecosystem to launder money through systems that fail to implement proper sanctions and anti-money laundering controls, thereby posing a risk to the crypto industry, consumers, and national security. Techniques for achieving this include swapping funds into less traceable cryptos, moving between blockchains, and sending assets through cryptocurrency mixers, with laundered funds cashed out into fiat currency via Virtual Asset Service Providers. The Treasury sanctioned Tornado Cash last August due to its popularity with Korean cybercriminals. The report also highlights ransomware as a high-profile issue recognized as a “national security priority”, with criminals extorting payments from victims using crypto networks since transactions are both pseudonymous and irreversible. A study by Elliptic showed that 13 ransomware strains laundered their money through a single cross-chain bridge, totaling $50 million in H1 2022. The report also acknowledges at least $1.6 billion was stolen through crypto-related scams in 2021.
DeFi’s Weakness: Centralization
The Treasury report exposes DeFi’s centralized points of failure despite its name, with many DeFi services still featuring governance structures, or developers and early investors maintaining de facto control. Although DeFi poses risks, the report acknowledges that fiat currency remains the most common method of money laundering, proliferation financing, and terrorist financing.