BingX Insights

Get the latest blockchain news on BingX.

DeFi Vulnerabilities Exploited By Illicit Actors, Says US Treasury Report

Ronaldo Marquez 2023-04-07 04:00

A new report by the United States Treasury Department highlights the growing concern of the US regulatory agencies regarding “illicit” actors exploiting decentralized finance (DeFi) services and their associated vulnerabilities. 

The report defines DeFi as virtual assets protocols and services that allow for automated peer-to-peer transactions using smart contracts based on blockchain technology. However, it notes that the term is often used “loosely” in the industry and often refers to services that are not “truly decentralized.” 

DeFi Services Under The US Treasury’s Lens

Many DeFi services have a controlling organization or governance that provides a measure of centralized administration. However, the US Treasury’s risk assessment report claim that “illicit” actors, including ransomware, cybercriminals, thieves, scammers, and Democratic People’s Republic of Korea (DPRK) cyber actors, are exploiting DeFi services to “launder” their “illicit” proceeds. 

Furthermore, the report highlights alleged vulnerabilities in the US and foreign Anti Money Laundering/Combating the Financing of Terrorism (AML/CFT) regulatory, supervisory, and enforcement regimes and the technology underpinning decentralized finance services that these actors are allegedly exploiting. 

According to the report, The Bank Secrecy Act (BSA) and related regulations impose obligations on financial institutions to assist US government agencies in detecting and preventing money laundering. The report emphasizes that the most significant illicit finance risk in the DeFi domain is from services that are “not compliant with existing AML/CFT obligations.” 

Furthermore, according to the report, these obligations apply to entities that function as financial institutions as defined by the BSA, regardless of whether they are centralized or decentralized. 

The report further emphasizes that DeFi services functioning as a financial institution must comply with the BSA’s obligations, including AML/CFT. The risk assessment recommends that federal regulators engage with the industry to explain how relevant laws and regulations, including securities, commodities, and money transmission regulations, apply to DeFi services. 

This engagement would help to clarify the regulatory landscape and ensure that DeFi services comply with relevant laws and regulations. 

US Treasury Acknowledges The Rapid Growth Of Decentralized Finance

The assessment further recognizes that the virtual asset ecosystem, including decentralized finance, is “changing rapidly.” Per the report, the US government will continue to research and engage with the private sector to stay up-to-date with developments in the DeFi ecosystem and how they could affect the threats, vulnerabilities, and mitigation measures to address illicit finance risks. 

The assessment also poses several questions that will be considered as part of the recommended actions to address illicit finance risks, including how to treat decentralized finance services that “fall outside” the BSA definition of financial institutions and areas for additional regulatory clarity. 

Overall, the risk assessment highlights the need to address potential gaps in the “regulatory regime” and ensure that the decentralized finance industry operates in a safe and secure environment to prevent illicit procedures. 

For that, it is crucial to establish a regulatory framework that balances compliance with the law and fosters innovation and growth in the decentralized finance space. Key players in the industry, such as Coinbase, have been advocating for this approach for some time.


Featured image from Unsplash, chart from