The First Ever US Risk Assessment on DeFi Claims that Crypto Markets are a Threat for National Security

At the beginning of April 2023, the US Department of the Treasury published a long-awaited report on illicit finance risks associated with decentralized finance (DeFi). The report is the first of its kind in the world.
Furthermore, it means that new regulation policies can be expected soon in relation to decentralized crypto markets being perceived as a national threat.

Reading Time: 3 minutes

defi us report

Illustration: MilicaM

The DeFi space in numbers 

You probably have some idea of what DeFi is, but for the clarity of this article, let’s stick to the most commonly used definition. DeFi stands for virtual protocols and services used for peer-to-peer (P2P) transactions and rely heavily on smart contracts built on blockchain. 

According to the data mentioned in the “2023 DeFi Illicit Finance Risk Assessment” released by the US Treasury, there are thousands of entities offering DeFi services, although only a small number experience significant user activity or have registered with regulators. 

When it comes to the market value, it’s nearly impossible to determine it, although the cited aggregator which tracks up to 2,000 DeFi services worldwide reported a “total value locked” (TVL) of $39.77 billion as of December 19, 2022. 

The category of DeFi services that you are probably the most familiar with is decentralized exchanges (DEX). Namely, there are around 650 DEXs with a combined $15.85 billion in reported TVL operating as of December 19, 2022. 

After DEX, DeFi services with the highest TVL are lending and borrowing at $10.85 billion across 197 separate services. 

Yield protocols that pay users a reward for staking virtual assets on the service also account for a significant share; 60 of these protocols have a combined TVL of over $8.66 billion. 

DeFi services with a less significant share include cross-chain bridges, liquid staking, and algorithmic stablecoins. 

No matter how impressive these numbers may sound at first, they actually represent a relatively small portion of the total activity in virtual asset markets. More precisely, according to another aggregator cited in this report, they only account for 3% of the total virtual asset activity. 

So, the issue that this report is trying to tackle is that DeFi services do not implement Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) controls or other processes to identify customers, which needs to change in the near future to decrease the amount of illicit proceeds. 

Recognized DeFi risks 

In this report, it’s noticeable that DeFi is perceived as an endless space for illicit proceeds since they are not regulated. 

image-1

Actors like the Democratic People’s Republic of Korea (DPRK), cybercriminals, ransomware attackers, thieves, and scammers are using DeFi services to transfer and launder their illicit proceeds. They are able to exploit vulnerabilities, including the fact that many DeFi services that have anti-money laundering and countering the financing of terrorism (AML/CFT) obligations fail to implement them.

Source: 2023 DeFi Illicit Finance Risk Assessment 

Not only that, but it is clearly communicated that decentralized crypto markets are a threat to national security. As they claim, what makes DeFi more appealing to criminals is that, in many cases, they are not required to provide customer identification information. In addition, this is what makes it impossible to trace these illicit proceeds. 

The report recognizes the following techniques that mentioned actors use for money laundering: 

  1. DEXs and Cross-Chain Bridges – Usually used to convert one virtual asset into a different virtual asset; 
  2. Mixers – Efficient with obfuscating the source, destination, or amount involved in a transaction, which can be done through a variety of mechanisms; 
  3. Liquidity Pools – By placing funds into liquidity pools, actors may generate funds from trading fees. 

Apart from the money laundering, illicit actors can commit other cyber crimes through hacks and heists of DeFi services, the report claims. 

These include: 

  • Ransomware; 
  • Theft; 
  • Fraud and scams; 
  • Drug trafficking. 

On the other hand, it’s pointed out that only after a risk assessment is it possible to capture the potential benefits of DeFi services. 

Who does this report refer to?   

This report refers to financial institutions that are obliged by the Bank Secrecy Act (BSA) and related regulations to assist the government in detecting and preventing money laundering. However, it does not “alter any existing legal obligations, issue any new regulatory interpretations, or establish any new supervisory expectations.” 

Moreover, this report should serve the private sector as a guideline for risk mitigation strategies against abusing DeFi services and for enhancing cybersecurity controls. In other words, the release of this report means the DeFi regulation policies are on their way. 

image-1

This assessment recommends strengthening US AML/CFT supervision and, when relevant, enforcement of virtual asset activities, including DeFi services, to increase compliance by virtual asset firms with BSA obligations.

Source: 2023 DeFi Illicit Finance Risk Assessment  

This report raised a handful of questions. 

For example, one of the arguments is that DeFi is not even subject to BSA since they are not intermediaries and do not handle user funds

Moreover, the same user claims, DeFi interfaces do not enable any transactions that are not already possible for anyone with an internet connection. 

On the other hand, the report claims that entities engaging in the activities of financial institutions as defined by the BSA, regardless of whether they are centralized or decentralized, will have to comply with these obligations. 

image-1

If a DeFi service does business wholly or in substantial part in the United States and accepts and transmits virtual assets from one person to another person or location by any means, then it most likely would qualify as a money transmitter and have the same AML/CFT obligations as a money transmitter offering services in fiat currency.

Source: 2023 DeFi Illicit Finance Risk Assessment 

Surprisingly enough, they agreed that in fact “the most money laundering, terrorist financing, and proliferation financing by volume and value of transactions occur in fiat currency or otherwise outside the virtual asset ecosystem via more traditional methods.” 

A journalist by day and a podcaster by night. She's not writing to impress but to be understood.