Both providers of DeFi services and the United States government are supposed to reduce AML/CFT vulnerabilities in decentralized finance (DeFi), enabling criminals to transfer and launder illicit proceeds
The U.S. Department of the Treasury released a report on Thursday (April 6), where it stated that decentralized finance (DeFi) service providers must improve their existing AML/CFT policies.
DeFi broadly refers to virtual asset protocols and services that allow some form of automated peer-to-peer transactions, often through use of self-executing code known as “smart contracts” based on blockchain technology.
The agency described the main vulnerabilities, allowing criminals to transfer and launder illicit proceeds via DeFi platforms. Those are failures to implement AML/CFT obligations, weak or nonexistent AML/CFT controls, weak cybersecurity controls, inappropriate risk mitigation strategies, etc.
Not only the DeFi players, but also the US government can do more to address these vulnerabilities, believes the Treasury Department. Namely, it should strengthen AML/CFT regulatory supervision, consider additional guidance for the private sector and address any regulatory gaps in this segment.
Although DeFi services bring a lot of potential benefits, “illicit actors, including criminals, scammers and North Korean cyber actors are using DeFi services in the process of laundering illicit funds,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
The findings of the 2023 DeFi Illicit Finance Risk Assessment conducted by the U.S. Department of the Treasury shall inform the private sector, helping them to form their own risk mitigation strategies and “to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services.”
Earlier, the Financial Stability Board (FSB) also enhanced its monitoring of crypto-assets and DeFi to include DeFi-specific vulnerability indicators.
Reports showed that DeFi projects were main cyber attack target in 2022, witnessing 113 hacking attacks in a year, with a total of $950 million in losses.