Expand / Collapse search
Watch TV
Menu

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital SolutionsLegal Statement.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Tech
Published

Treasury releases 2023 DeFi illicit finance risk assessment

Lax cyber controls and failure to adhere to financial regulations make some DeFi services vulnerable to cybercrime

close
Check Point Software Technologies CEO Gil Shwed discusses competition in the cybersecurity space and explains why health care is the number one target of hackers on The Claman Countdown. video

Cybersecurity pioneer Gil Shwed warns of the rise in hactivism

Check Point Software Technologies CEO Gil Shwed discusses competition in the cybersecurity space and explains why health care is the number one target of hackers on The Claman Countdown.

The Treasury Dept. on Thursday released its first-ever illicit finance risk assessment of decentralized finance (DeFi) services around the world. 

Although there is no formal definition of DeFi, the term has come to commonly refer to virtual asset protocols and services purporting to allow automated peer-to-peer transactions that often use self-executing code known as "smart contracts" that are based on blockchain technology.

A variety of malicious actors have come to use DeFi services to transfer and launder their ill-gotten gains, including cybercriminals, ransomware attackers, thieves, scammers and state actors like North Korea. Those actors are able to exploit vulnerabilities in DeFi services because many such services fail to implement policies related to anti-money laundering and countering the financing of terrorism (AML/CFT) despite being obligated to do so.

GLOBAL TAKEDOWN OF CYBERCRIMINALS BEHIND MALWARE OPERATION

illustration of someone writing code

Cybercriminals, ransomware attackers, scammers and state actors like North Korea are exploiting vulnerabilities in decentralized finance (DeFi) services to steal and launder money according to the Treasury Dept. (Reuters/Kacper Pempel/Illustration / Reuters Photos)

"Risk assessments play a foundational role in promoting understanding of the illicit finance risk environment and more effectively protecting the integrity of the U.S. financial system," said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. 

"Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds. Capturing the potential benefits associated with DeFi services requires addressing these risks," Nelson added. "The private sector should use the findings of this assessment to inform their own risk mitigation strategies and to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services."

CHINA ECONOMIC ESPIONAGE ‘TOP THREAT’ TO US COMMERCIAL, MILITARY SECRETS

The U.S. Treasury Department building

The Treasury Dept. notes that lax cybersecurity and failure to comply with financial regulations make decentralized finance (DeFi) firms vulnerable to malicious actors. (Saul Loeb/AFP via Getty Images / Getty Images)

The Treasury Dept. assessment notes that the primary vulnerability exploited by illicit actors stems from DeFi services not complying with their AML/CFT and sanctions enforcement obligations. DeFi services that engage in activities covered by the Bank Secrecy Act – meaning the service functions as a financial institution regardless of whether it’s fully decentralized – are required to comply with AML/CFT reporting requirements to federal agencies.

Additional vulnerabilities cited by the Treasury Dept. include:

  • Some DeFi services being out of scope for existing AML/CFT obligations;
  • Other jurisdictions having weak or non-existent AML/CFT controls for DeFi services; and
  • Poor cybersecurity controls by DeFi services enable the theft of funds.

Treasury offered several recommendations for government agencies to mitigate illicit finance risks associated with DeFi services including stronger supervision of AML/CFT regulatory compliance, considering additional guidance for the private sector on DeFi services’ obligations, and addressing any regulatory gaps related to DeFi services’ AML/CFT requirements.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

close
Former head of NSA and U.S. Cyber Command Admiral Michael Rogers weighs in the risk of a Russian cyber-attack. video

Former NSA Director on cybersecurity risks from Russia

Former head of NSA and U.S. Cyber Command Admiral Michael Rogers weighs in the risk of a Russian cyber-attack.