While Binance announced on Friday that it had recovered $5.8 million in stolen funds from the Lazarus Group, law enforcement still has a long way to go in its AML efforts to equip themselves with the sophisticated tools needed to investigate crypto-related crimes.
Since the US Treasury Department sanctioned the digital wallet containing the stolen funds, hackers have begun moving the funds, laundering nearly $100 million in small installments through Tornado Cash, a mixing service that obscures the link between the source and destination of any given crypto. transaction.
Indeed, there is undoubtedly an arms race going on as hackers seek new ways to target consumers, most recently through social engineering tactics such as carried out through the Trezor-Mailchimp phishing.
According to an Elliptic employee, this is a critical time for law enforcement and the industry as a whole:
“We are at a particularly important time: everyone is still learning what is possible and how attacks can happen, and the borderless nature of cryptography makes it difficult to apply standards at scale. world,” the employee said.
“These are people who act all over the world. Even if you apply very well in one jurisdiction, if there are other jurisdictions with weaker application, you are still going to end up with a problem.
Should DeFi Consider AML Compliance Solutions?
Overall, the intelligence tools used by law enforcement can track crimes taking place directly on blockchains, rather than finding money from other crimes heading into the territory. crypto.
Some DeFi smart contracts allow the conversion of illegally acquired funds into privacy-centric cryptocurrencies like Monero, making it even easier to remove the breadcrumb trail that law enforcement must follow. Monero transactions are recorded in an obfuscated ledger, which makes transaction visibility more complex than on a public ledger like the Bitcoin network.
Admittedly, DeFi is hard to control, with $8.6 billion laundered in 2021, a 30% increase in money laundering activity over 2020, according to Chainalysis, with $900 million received by suspicious addresses. According to Chainalysis, these figures only represented funds from “native cryptocurrency” crimes, i.e. cybercriminal activities such as darknet market sales or ransomware attacks in which profits are almost always derived from crypto rather than fiat currency.
“This demonstrates that DeFi platforms need to consider compliance solutions to prevent their platform from being exploited for illicit purposes,” said Kim Grauer of Chainalysis.
“DeFi uses regulatory loopholes because they don’t actually hold the customer’s money like a broker does,” said David Jevans, a senior executive at CipherTrace, a company founded in 2015 with federal government money. American.
Time is running out for lawmakers
Right now, legislators are in a bind. If the Lazarus Group is using laundered money to fund North Korea’s ballistic missiles and nuclear efforts, after orchestrating last year’s ransomware attack on the colonial pipeline, then the onus is on the US federal government. treat them as threats to national security.
Still, questions remain as to whether it is legal under US federal law to require software developers to comply with AML rules. “Writing and publishing software is free speech under the First Amendment,” said Miller Whitehouse Levine, director of policy at the DeFi Education Fund.
One approach to regulation could be to find a corporate hook in DeFi platforms from which regulatory mandates could be suspended.
As an example, SEC Chairman Gary Gensler said that DeFi reminded him of the P2P lending business of part of the turn of the century, which had an intermediary. One could latch onto DeFi governance mechanisms, for example, and build a framework around that.
Ultimately, time is running out for lawmakers.
What do you think of this subject? Write to us and tell us!
All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes on the information found on our website is strictly at their own risk.