As part of the assessment, the department explored the meaning of DeFi and concluded that, while there is no generally accepted definition for the term, it generally refers to virtual asset protocols and services that support forms of automated peer-to-peer transactions. These transactions are often conducted using self-executing codes known as ‘smart contracts’ based on blockchain technology.
The assessment found that cybercriminals, ransomware attackers, thieves and scammers are using DeFi services to transfer and launder their illicit proceeds. The US Treasury also named North Korean cyber actors specifically, as they often look for vulnerabilities in DeFi services and exploit them for their own gains. One such a vulnerability stems from the fact that many DeFi services that have anti-money laundering and countering the financing of terrorism (AML/CFT) obligations fail to implement them.
The main vulnerability exploited by bad actors relates to a non-compliance by DeFi services with AML/CFT and sanctions obligations, as DeFi services engaged in covered activity under the Bank Secrecy Act have AML/CFT obligations. Whether the services claim that they currently are or plan to be decentralized is of no consequence.
The potential for some DeFi services to be out of scope for existing AML/CFT obligations can also be considered a vulnerability. According to the assessment, the same can be said for cybersecurity controls by DeFi services that make it easier for bad actors to steal funds.
The primary role of the risk assessment is to identify the scope of an issue. However, this study also comprises a series of recommended courses of action that could reduce the impact of illicit activities in DeFi.
These include addressing any AML/CFT regulatory gaps related to DeFi services, considering additional guidance for the private sector on the AML/CFT obligations of DeFi services, as well as improving US AML/CFT regulatory supervision.
Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, highlighted that criminals, scammers, and North Korean cybercriminals rely on DeFi services to launder illicit funds. He also urged companies in the private sector to use the findings in the assessment to create their own risk mitigation strategies and to take action to prevent illicit actors from abusing DeFi services. The US Department of the Treasury encourages the private sector to provide feedback about the assessment.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now