- The U.S. Treasury has called for DeFi services to implement AML controls to reduce illicit activity
- The Treasury said that bad actors are taking advantage of such vulnerabilities to an alarming degree
- A report last week revealed that North Korea alone stole $1.7 billion in cryptocurrencies in 2022
Decentralized finance (DeFi) vulnerabilities are facilitating the transfer and laundering of illicit funds by criminals, according to the U.S. Department of the Treasury. The Treasury released a report on April 6 that urged DeFi providers and the U.S. government to take more effective action to reduce such vulnerabilities. The report comes two months after it was revealed that North Korean state actors stole $1.7 billion worth of cryptocurrencies in 2022.
DeFi Protocols Financing Terrorism
North Korea was mentioned as a key beneficiary of the weaknesses in DeFi platforms, with the Treasury stating that many DeFi services fail to implement anti-money laundering and countering the financing of terrorism (AML/CFT) obligations. In addition, other vulnerabilities include weak or non-existent AML/CFT controls in certain jurisdictions and inadequate cybersecurity controls.
Given that many blockchains launch with just a cursory check of their smart contracts, or they hire blockchain security companies who themselves don’t yet have all the answers, it’s hardly surprising that they are an easy target.
$1.7 Billion Stolen by North Korea in 2022
This lack of security has allowed rogue states such as North Korea to fill their boots by hacking insecure blockchains, with a February report revealing that $1.7 billion in cryptocurrencies was stolen by DPRK hackers last year. The issue of lax security on DeFi platforms has already been raised, and Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the Treasury report press release that it is time for protocols to take things seriously:
Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds. Capturing the potential benefits associated with DeFi services requires addressing those risks.
Nelson added that the “private sector” (i.e. DeFi protocols) should “use the findings of this assessment to inform their own risk mitigation strategies and to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services.”
Whether they will put their resources towards such ends without being forced to do so however is highly unlikely.