WASHINGTON, April 7 — North Korea, cybercriminals, ransomware attackers, thieves and scammers are using decentralised finance (DeFi) services to transfer and launder their illicit proceeds, the US Treasury Department warned yesterday.

So-called DeFi platforms allow users to lend, borrow and save, usually in cryptoassets and stablecoins, without using banks.

In a new illicit finance risk assessment on decentralized finance, the Treasury found that illicit actors are exploiting vulnerabilities in US and foreign anti-money laundering and combating the financing of terrorism (AML/CFT) regulation and enforcement as well the technology underpinning the services.

DeFi services that fail to comply with these obligations to prevent money laundering and terrorism financing pose the most significant illicit finance risk in this domain, the assessment found.


“Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds,” the Treasury’s Under Secretary for Terrorism and Financial Intelligence, Brian Nelson, said in the statement.

Nelson added that the private sector should use the findings of the assessment to inform their risk mitigation strategies and to take steps to prevent illicit actors from using decentralized finance services.

Other vulnerabilities found in the assessment included the potential for DeFi services to be out of scope for existing AML/CFT obligations, the lack of implementation of international AML/CFT standards and poor cybersecurity practices.


The assessment recommended strengthening US AML/CFT supervision, considering additional guidance for the private sector on DeFi obligations and addressing any regulatory gaps related to the services. — Reuters