The DeFi Financial Crime Arms Race
We can create a safer future for DeFi by adopting a novel strategy for combating financial crime.
Decentralized finance (DeFi) is a thriving and forward-thinking ecosystem that has the ability to enhance financial market efficiency and transparency and act as a catalyst for rethinking the nature of the future of finance. DeFi’s goal is to enable access to financial services for anybody with an internet connection, which will advance global equality and financial democratization. DeFi is built on open permissionless blockchains.
However, because to its open nature, DeFi is currently engaged in the same arms race that has dogged every emerging but brilliant sector and technology: fending off criminals who seek to exploit it.
DeFi has experience in financial fraud. Over $8 billion was laundered in cryptocurrencies in 2021, with approximately $1 billion going through DeFi schemes. Let’s put these headline figures in perspective even though they are alarming. Between 100 and 250 times as amount in fiat money is thought to be laundered annually in traditional financial markets; the majority of this activity is opaque, most of it goes unnoticed, and even less of it is dealt with by law authorities.
Nasdaq’s vice president and head of strategy for anti-financial crime technologies is Michael Karbouris.
We can estimate the amount of money being laundered in DeFi with a lot more precision, which brings to light a sometimes-overlooked fact: DeFi is mostly transparent, and a market that is transparent should theoretically be simpler to monitor. In the conventional fiat markets, it is still essentially impossible to monitor virtually every transaction. And certainly, zero-knowledge proof technology is beautiful in that it enables opt-in transparency while protecting privacy through pseudo-anonymity, even if privacy-oriented protocols like DeFi will probably only get more popular.
In the end, we all want a DeFi environment that upholds integrity and inspires trust in the burgeoning crypto community. However, it is not ideal to only use conventional finance (TradFi) as a model for how to accomplish this. We should understand DeFi’s peculiarities, concentrate on the kinds of financial crimes that are specific to the DeFi ecosystem and that actually harm the end user, and align methods of detection and prevention with crypto’s fundamental values of decentralization and trustlessness rather than trying to fit existing regulations designed for TradFi markets.
The Various Shades Of DeFi-Specific Financial Crime
Making illicit wealth, which is typically produced via criminal activities, look lawful is the entire goal of money laundering. Crimes like theft and fraud might seem quite differently in the crypto world than they do in more established financial systems. This is due to the technology’s openness, the absence of middlemen, and the pseudo-anonymity provided by permissionless blockchains.
Ransomware theft is a technological issue, and preventing it primarily depends on the cybersecurity practices of the victim. Many unknowing users may be anticipated to be deficient in this area, especially during moments of widespread user adoption. Sadly, deliberate fraud (such as rug pulls or admin key vulnerabilities) has been widespread in DeFi and has resulted in billions in needless losses. According to some calculations, almost 40% of the stolen money in DeFi comes via rug pulls.
The category of contract exploitation also plays a significant role in the theft of money. Examples from recent times include the $650 million Axie Ronin bridge vulnerability and the approximately $320 million Wormhole bridge exploit. Decentralized autonomous organizations and smart contracts are typically used to hold and control funds in DeFi (DAO). Usually, everyone can view these smart contracts since they are publicly accessible. Due to the pace at which innovation occurs in DeFi, many protocols are introduced without enough testing or with bugs or design problems. The bodies of procedures that were abused and drained of money are all over the coasts of DeFi.
Only on-chain is home to a third, more subtle group of financial criminal practices. These actions are exclusive to the quirks of the blockchain. They don’t quite fall under the definition of financial crime given by TradFi. These actions are extremely specific financial crimes to DeFi, if you examine closely. Composability attacks, for instance, are distinct due to DeFi’s composable nature, in which individual protocol functions are made freely available for usage and reuse by any other protocol.
Mempool front-running and sandwich assaults are two further examples of DeFi-specific attacks. In this case, a bot will search for open transactions in the mempool, which serves as a temporary storage space for transactions before a block is verified. By placing an order just before and just after the trade, the bot will front-run and back-run the transaction concurrently. The end effect is a negative influence on the asset’s price, similar to front-running in conventional markets.
Without first comprehending the peculiarities of the ecosystem and working with a community attitude that recognizes the benefit in implementing efficient preventative measures suited to these issues, we cannot hope to tackle financial crime in DeFi. Regulating a unique environment like DeFi using rules derived from TradFi, however, runs the risk of doing more harm than good.
The recent OFAC fines on well-known mixer Tornado Cash are a contentious example. For the first time, decentralized protocol code rather than a person, organization, or piece of property has been sanctioned by OFAC. The decision might have significant effects on people’s rights to privacy and due process, it could stifle innovation, and although it might act as a deterrent, it is unlikely to effectively reduce crime.