With decentralized finance (DeFi) rapidly growing in popularity among investors, alarm bells have started to ring as to the potential risks that come attached to its use. DeFi stands for decentralized finance, which is a new way of providing financial services using blockchain technology. Blockchain is a system that records transactions in a secure and transparent way, without the need for intermediaries like banks or governments. DeFi aims to make finance more accessible, efficient, and fair for everyone. While DeFi has allowed more investors to access financial services, it has also become a target for criminals, scammers, and terrorists looking to launder their money. A new report from the United States Treasury Department looks into the dark side of DeFi, drawing attention to the dangers of poor cybersecurity practices associated with it.
The Risks of DeFi
DeFi is not without its drawbacks, such as:
- Cybercrime: DeFi platforms are vulnerable to hacking, phishing, malware, and other cyberattacks that can result in the loss or theft of funds. DeFi users are responsible for securing their own digital wallets and private keys, which can be challenging for beginners or non-technical users.
- Money laundering: DeFi platforms can be used to hide or transfer illicit funds, such as ransomware payments, drug trafficking proceeds, or terrorist financing. DeFi platforms often have weak or no anti-money laundering (AML) or know-your-customer (KYC) policies, making it hard to trace or stop illegal activities.
- Regulatory uncertainty: DeFi operates in a legal gray area, as most countries do not have clear or consistent rules or regulations for blockchain-based financial services. DeFi users may face legal risks or penalties if they violate local laws or regulations. DeFi platforms may also be shut down or blocked by authorities if they pose a threat to national security or financial stability.
- Governance risk: DeFi platforms are often controlled by their own users or developers through governance tokens or smart contracts. These tokens or contracts can give them the power to make decisions or changes that affect the platform’s functionality, security, or profitability. However, these governance mechanisms may not be transparent, fair, or effective, leading to conflicts of interest, corruption, or mismanagement.
The US Treasury Department’s Takedown
The Treasury Department’s 2022 Illicit Finance Risk Assessment of Decentralized Finance report notes that DeFi has become a “hotbed for bad actors” due to its peer-to-peer nature. Crypto mixers, which disguise digital assets transactions, and ransomware payments were two of the main threats highlighted. As the report notes, “There have been several instances of actors, including ransomware actors, thieves, scammers, and drug traffickers, using DeFi services to transfer and launder their illicit proceeds.”
One particularly troubling example comes from the Treasury’s August sanctions for the cryptocurrency mixer Tornado Cash, which was popular with North Korean cybercriminals. Ransomware is also a major problem, earning the label of “national security priority” from the department due to its source of extorting payments. A report from blockchain analytics firm Elliptic found that $50 million in the first half of 2022 had been moved through a single cross-chain bridge belonging to 13 ransomware strains.
A variety of frauds and scams plague the crypto industry as well, costing individuals more than $1.6 billion in 2021 alone. The range of scams is wide, going from “rug pulling” thefts to more personalized “pig butchering” scams. All of these are funded by laundered funds that are obfuscated using methods like swapping for less traceable cryptos and moving between blockchains.
The report also touched on the issue of centralization in DeFi protocols, noting that despite its namesake many of them feature governance structures like management functions and altering the functionality of smart contracts. Developers and early investors can control a DeFi protocol by allocating significant shares of governance tokens to themselves or otherwise maintaining control.
Finally, the Treasury stated that money laundering, terrorist financing, and other illicit finance still predominantly occur with fiat currency and other traditional assets like stocks and bonds. Cryptocurrencies remain a preferred choice compared to cash, but their share of financial crime is still far behind.
Despite the dangers that come with DeFi, the report acknowledges that traditional finance still wins when it comes to criminal activity. However, this insight also calls for increased regulatory oversight of DeFi platforms to ensure the safety and security of their users. The Treasury is taking a step in this direction by engaging with the private sector to promote responsible innovation while also strengthening its AML/CFT framework.
In sum, the U.S. Treasury Department’s report is a stark reminder of the real dangers associated with DeFi, from cybercrime to money laundering and terrorist financing. Despite the potential risks, DeFi continues to open up new doors for investors as it continues its rapid evolution. The Treasury Department’s efforts to reduce financial crime using DeFi will be essential in creating a safe environment for digital asset investments.
