The U.S. Treasury Department has warned of new cross-crime risks in a new assessment of decentralized finance (DeFi).
On April 6, the Treasury released its first-ever DeFi Illicit Financial Risk Assessment, which examines key financial crime risks related to DeFi, as well as potential regulatory responses to the emergence of DeFi.
His analysis comes at a time when international watchdogs such as the Financial Action Task Force (FATF) – the global anti-money laundering and countering the financing of terrorism (AML/CFT) standard setter – are focusing increasing attention on the impact of innovation in the DeFi space. .
The Treasury’s assessment found that DeFi services are increasingly being exploited by criminal actors, such as cybercriminals linked to North Korea, ransomware gangs, fraudsters and others. The report points to incidents like last year’s hack Axie Infinity by North Korea’s Lazarus Group, as well as the use of services such as the Treasury-approved mixing service Tornado Cash, as examples of the growing risk of financial crime related to DeFi.
Among the drivers of the growing illegal exploitation of DeFi according to the Treasury are services that enable cross-laundering and laundering of funds. These include, for example, services such as decentralized exchanges (DEX) and cross-bridges that allow users of DeFi services to seamlessly move funds across different blockchains and using a wide range of cryptoassets. While these innovations are important and serve as major drivers of legitimate DeFi adoption, they also allow criminals to engage in “jump chain” money laundering typologies.
Underscoring this point, the Treasury Department cites data from Elliptic’s State of Cross-Crime report, which notes that ransomware gangs laundered at least $50 million through a single cross-chain bridge in the first half of 2022.
The Treasury Department’s highlighting of these risks also highlights the importance of cryptoasset exchanges and financial institutions using blockchain analysis solutions – such as Elliptic’s Holistic Screening capabilities – to identify cross-chain laundering.
Other key findings and observations from the Treasury Department’s DeFi risk assessment include:
- Illegal actors may find DeFi services attractive for money laundering because most services do not collect know-your-customer (KYC) checks or other AML/CFT controls.
- DeFi service operators generally do not comply with US AML/CFT measures. However, Treasury believes that agencies engaged in facilitating conduct covered by US AML/CFT are not exempt from compliance simply because they are, or purport to be, decentralized.
- The Treasury indicates that it plans to review how to fill existing gaps in US AML/CFT to ensure that compliance requirements are imposed on the DeFi space more consistently and effectively.
- Meanwhile, the assessment highlights that centralized crypto exchanges and other virtual asset service providers remain in the best position to detect risks – such as cross-chain laundering risks – arising from DeFi.
- He also notes that blockchain analytics solutions play an important role in detecting and mitigating DeFi risks.
The Treasury’s DeFi risk assessment marks an important development in anti-financial crime efforts in the cryptospace, as it highlights the need for regulated businesses to take proactive steps to identify associated risks.
Contact us to learn more about Elliptic’s holistic screening capabilities and how they can enable detection of the money laundering activity highlighted in the Treasury report.
On anniversary of Hydra sanctions, OFAC sanctions Genesis cybercrime marketplace
On April 5, the US Treasury’s Office of Foreign Assets Control (OFAC) took steps to sanction a major player in the cybercrime ecosystem. The agency sanctioned Genesis Market, an illegal online marketplace that sold stolen device credentials and other compromised data used by cybercriminals to commit crimes such as hacking and ransomware. The sanctions were coordinated with the US and European law enforcement action that dismantled Genesis Market.
As Elliptic’s analysis shows, Genesis operated with a unique model among illegal markets, whereby users would pay for automated bots designed to steal data, and cheap bots sometimes reap huge data thefts for cybercriminals.
OFAC’s action against Genesis Market comes exactly one year after it sanctioned the Hydra dark web market, demonstrating that the US government remains committed to cracking down on illegal markets that facilitate cybercrime.
Singapore to join Hong Kong in clarifying crypto banking standards
According to news reports, Singapore is preparing to issue additional guidelines for banks on banking standards for crypto companies. Bloomberg reported on April 5 that the Monetary Authority of Singapore (MAS) may in the coming months release standardized risk assessment criteria that banks should use when deciding whether to establish relationships with crypto exchanges.
The news comes a week after reports emerged that banking supervisors in Hong Kong plan to facilitate dialogue between local banks and crypto exchanges. These indications of proactive efforts by regulators in the APAC region to clarify standards for crypto banking are important developments, following recent bankruptcies that have raised questions about whether crypto companies will be able to secure critical banking services.
Elliptic’s David Carlisle explained the importance of this development in a separate video clip, while Elliptic’s Mark Aruliah also explained why countries like the UK should follow Hong Kong’s example if they want to encourage innovation.
US Kills Crypto Investment Scammers
On April 3, the US Department of Justice (DoJ) announced a major law enforcement effort to disrupt fraudsters who perpetrated crypto-asset scams. According to a statement from the Justice Department, it seized $112 million from fraudsters who were involved in “pig slaughter” – a form of investment fraud that US law enforcement agencies say results in billions of dollars in losses to victims annually.
As we described in the Great Slaughter post, law enforcement agencies can retaliate against fraudsters by tracking their assets on the blockchain. This action by US law enforcement to trace and seize the proceeds of fraud is an important effort to rob criminals of their profits.
South Korea cracks down on crypto firms’ compliance gaps
On March 30, 2023, the Korean Financial Intelligence Unit (KoFIU) under the Financial Services Commission (FSC) announced enforcement measures taken against five domestic crypto exchange operators.
The move came after on-site inspections revealed major deficiencies and lapses in anti-money laundering and countering the financing of terrorism (AML/CFT) controls. On the same day, the results of the inspections – which were carried out in the second half of 2022 – were published.
KoFIU’s findings included indications that local crypto companies failed to identify suspicious transactions. You can read our full analysis of South Korea’s crypto company inspections here.
Japan warns against unregistered crypto exchanges as it continues to invest in web3
On March 31, Japanese regulators also took steps to call out crypto exchanges they believe are serving the country without regulation. In a notice it published, the Japan Financial Services Agency (JFSA) has warned several crypto exchanges that they must stop servicing Japanese customers without a JFSA license.
The warning offers another example of the trend toward increased regulation affecting the crypto space. It also comes as Japan announced plans to increase investment in web3 and related innovations – an indication that the country does not want to prevent crypto innovation, but rather ensure that the industry can mature with appropriate safeguards in place.
OCC and FCA establish financial technology offices
Some key regulators are working to improve their ability to monitor crypto and other financial technologies by establishing dedicated offices to focus on those issues.
On March 30, the US Office of the Comptroller of the Currency (OCC) – America’s national banking supervisor – announced the establishment of its Office of Financial Technology “to strengthen the agency’s expertise and ability to adapt to the rapid pace of technological change in the banking industry.” The announcement states that the scope of the new office will include understanding the impact of cryptoassets on the US banking system.
On March 31 – the day after the OCC’s announcement – the UK’s Financial Conduct Authority (FCA) announced the launch of its new technology research center to enable the regulator to better understand the impact of new technology on the financial sector. Among the new hub’s research priorities will be a better understanding of blockchain technology to shape the future of cryptoasset regulation, as well as the potential impact of the metaverse.
UK Warns Foreign Crypto Firms Against Consumer Ads
In other cryptocurrency news, the FCA has warned firms based outside the UK of upcoming UK consumer advertising rules. In a LinkedIn post on April 5 – Glenn Redemann – FCA’s Crypto Asset Authorization Manager, shared a letter sent by the FCA to certain international crypto firms.
The letter warns that the UK’s upcoming rules on financial promotions mean that only FCA-registered crypto asset companies will be able to market to UK consumers without having to seek third-party approval for their ads.
Crypto companies located overseas that continue to sell to UK consumers without approval will be committing an offense under the incoming promotion regime. The letter urges overseas crypto-asset businesses to register with the FCA before new rules on promotions come into force later this year, or risk facing a ban on marketing to UK consumers.
DeFi Americas Regulation