red 
Decentralized finance (DeFi) was one of the most exciting areas of growth and investment in cryptoassets during 2021 and continues this trend in 2022.
DeFi involves the use of “smart contracts” – or programmable, self-executing protocols – to give users instant access to financial services that were historically only available through centralized financial institutions.
Unlike simple P2P exchange platforms—which are basic websites that allow users of cryptoassets to connect—decentralized exchanges (DEXs) built on Ethereum use smart contracts to allow users to exchange cryptoassets for cryptoassets in real time.
Some observers see DEXs as an advantage over centralized exchanges, as they prove less susceptible to theft and loss due to their non-custodial nature.
DEX trading volume exploded during 2021, peaking at more than $30 billion per month and reporting a total of more than $1 trillion in trading volume for the entire year, according to The Block Research. Major DEXs such as Uniswap now compete with large centralized exchanges in total trading volume.
However, this increase in liquidity on DEXs has made them increasingly vulnerable to exploitation by money launderers, who can order large amounts of funds through these increasingly active platforms.
Problem with DEXs
DEXs can offer criminals the advantage of bypassing compliance controls – much in the way of dealing with non-compliant exchanges such as SUEX, Chatex or BTC-e. While offering another advantage, they lack a central administrator with active monitoring of user accounts, records, identities or activities.
In many jurisdictions, it is still unclear whether DEXs fall within the scope of AML/CTF regulation.
DEXs provide a useful mechanism for laundering the proceeds of crime. In particular, they can be used to exchange crypto-assets for crypto-assets – while avoiding exposure to regulators or law enforcement.
DEXs may also prove attractive to more sophisticated illegal users of cryptocurrencies – such as cybercriminals – who can use them with ease. In the September 2020 KuCoin hack, criminals laundered millions of dollars worth of cryptoassets through the DEX. This illustrates the emergence of these platforms as a viable avenue for money laundering.
The explosion in DeFi has also given rise to a corresponding ecosystem of tools that enable the hiding of Ether transactions – such as Tornado Cash’s mixing services. And criminals can use them in conjunction with DEXs.
More importantly, laundering through DEX is not impervious to AML controls. Unlike centralized exchanges – which are a dead end when it comes to trying to track the flow of funds through them – DEXs offer tremendous transparency when it comes to blockchain analytics.
All DEX crypto-to-crypto swaps are recorded in smart contracts on the blockchain, making these swaps visible. This therefore enables users of Elliptic’s solutions to see if the funds they have received are of illicit origin.
Typology: money laundering through DEX
The cryptocurrency money laundering typology involving DEX works as follows:
- the criminal obtains tokens based on Ether or Ethereum, for example by hacking an exchange;
- the criminal transfers the funds to the wallet they use on the DEX;
- tokens based on Ether or Ethereum are exchanged on the DEX for new tokens; and
- new tokens are deposited on a legitimate exchange and cashed out for fiat.
Money laundering through DeFi mixers
Criminals are aware that blockchain’s transparency makes them vulnerable to tracking and detection.
To avoid detection, illegal actors routinely tried to use cryptoasset “mixers.” These are services that combine assets from different users – making it difficult to trace assets to their ultimate source. Mixers have long been a favorite money laundering technique of online criminals, and we detail the use of these technologies in Chapter 7. “Report on typologies for 2022”.
When it comes to the DeFi ecosystem, it is crucial to be aware of the emergence of specific mixing services that enable financial crime, and to be wary of one service in particular: Tornado Cash.
A problem with mixers
Compliance professionals and law enforcement agencies use the transparency of public blockchains to identify and act against money laundering and other financial crime activities. This transparency enables visibility into illicit activity across the DeFi ecosystem – acting as an important buffer.
However, criminals operating in the DeFi space have been quick to exploit Tornado Cash, a decentralized application (Dapp) that facilitates the mixing of transactions on Ethereum and other DeFi blockchains.
By sending illicit funds to Tornado Cash, criminals can obfuscate the trail of funds – making their activity harder to decipher. Tornado Cash is an increasingly popular service among criminals, so keeping an eye on transactions involving the platform can provide indicators of potential suspicious activity.
In the recent Ronin Bridge hack attributed to North Korea’s Lazarus group, hackers made extensive use of Tornado Cash to launder some of the stolen crypto assets from the heist, which totaled $540 million at the time of the theft.
On the other hand, Bitcoin mixer Blender.io recently became the first virtual asset mixer to be targeted by the US Office of Foreign Assets Control (OFAC). However, it is a Bitcoin-only mixer.
Typology: money laundering through Tornado Cash
The money laundering typology involving DEX works as follows:
- a criminal obtains tokens based on Ether or Ethereum, for example by hacking a DeFi lending platform;
- the criminal sends the stolen funds to the address of Tornado Cash;
- criminal receives new “clean” tokens from Tornado cash; and
- new tokens are deposited on a centralized exchange platform and cashed out for fiat.
Learn more about it in our dedicated report “DeFi: Risk, Regulation and the Rise of Decriminalization”or to understand the red flags and warnings you should look out for by downloading our report on typologies.
For a broader look at the intersection of DeFi and traditional financial services and the key trends and risks associated with it, register for this webinar hosted by Elliptic and Blockworks.
Global Crypto Crime Articles
