Treasury releases 2023 DeFi illicit finance risk assessment

The Treasury Dept. on Thursday released its first-ever illicit finance risk assessment of decentralized finance (DeFi) services around the world.

Although there is no formal definition of DeFi, the term has come to commonly refer to virtual asset protocols and services purporting to allow automated peer-to-peer transactions that often use self-executing code known as “smart contracts” that are based on blockchain technology.

A variety of malicious actors have come to use DeFi services to transfer and launder their ill-gotten gains, including cybercriminals, ransomware attackers, thieves, scammers and state actors like North Korea. Those actors are able to exploit vulnerabilities in DeFi services because many such services fail to implement policies related to anti-money laundering and countering the financing of terrorism (AML/CFT) despite being obligated to do so.


illustration of someone writing code

Cybercriminals, ransomware attackers, scammers and state actors like North Korea are exploiting vulnerabilities in decentralized finance (DeFi) services to steal and launder money according to the Treasury Dept.

“Risk assessments play a foundational role in promoting understanding of the illicit finance risk environment and more effectively protecting the integrity of the U.S. financial system,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.

“Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds. Capturing the potential benefits associated with DeFi services requires addressing these risks,” Nelson added. “The private sector should use the findings of this assessment to inform their own risk mitigation strategies and to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services.”



The U.S. Treasury Department building

The Treasury Dept. notes that lax cybersecurity and failure to comply with financial regulations make decentralized finance (DeFi) firms vulnerable to malicious actors.

The Treasury Dept. assessment notes that the primary vulnerability exploited by illicit actors stems from DeFi services not complying with their AML/CFT and sanctions enforcement obligations. DeFi services that engage in activities covered by the Bank Secrecy Act – meaning the service functions as a financial institution regardless of whether it’s fully decentralized – are required to comply with AML/CFT reporting requirements to federal agencies.

Additional vulnerabilities cited by the Treasury Dept. include:

  • Some DeFi services being out of scope for existing AML/CFT obligations;

  • Other jurisdictions having weak or non-existent AML/CFT controls for DeFi services; and

  • Poor cybersecurity controls by DeFi services enable the theft of funds.

Treasury offered several recommendations for government agencies to mitigate illicit finance risks associated with DeFi services including stronger supervision of AML/CFT regulatory compliance, considering additional guidance for the private sector on DeFi services’ obligations, and addressing any regulatory gaps related to DeFi services’ AML/CFT requirements.

Want to get worth reading articles in your email? want to catch what's going on in the world?

We do not spam but sent you only important news stories 🙂

News Agencies

About Author

The latest news from the News Agencies

You may also like

Prince Harry and Meghan

Prince harry and Meghan closed their Instagram account

London: Royal Couple Britain’s Prince Harry and his wife Meghan have signed off on their royal Instagram account. Prince
boris johnson

Boris Johnson has been transferred to the ICU

British Prime Minister Boris Johnson is in ICU Tweeted Sky News Boris Johnson has been moved to an ICU after