Decentralized finance (DeFi) has seen explosive growth this year. DeFi protocols – which span the gamut of financial services from asset management, borrowing and lending, decentralized exchanges, derivatives and stablecoins – have flourished from $ 22 billion at the start of the year. 2021 to over $ 260 billion now stuck on DeFi protocols, according to DeFi Lama Data.
DeFi, where users conduct financial transactions directly with each other using smart contracts, without the need for financial intermediaries like banks, has the potential to redefine existing financial systems by bringing greater financial inclusion. to unbanked people and reducing the cost of transactions.
But the nascent DeFi industry also presents risks and is “a tempting honeypot for hackers and a reservoir of cash that launderers can take advantage of,” according to blockchain data analytics firm Elliptic in a new report. “DeFi: regulation, compliance and growth of DeCrime. “
Along with the growing popularity of DeFi, the exploitation and illicit use of decentralized technologies such as decentralized applications (dApps) is also on the rise – or what Elliptic calls “DeCrime”.
Losses due to theft and crime on DeFi platforms have risen to more than US $ 10.5 billion since the start of the year (as of November 9), an increase of 600% from $ 1.5 billion in 2020, according to Elliptic. DApps on Ethereum suffered the biggest losses at $ 8.6 billion, reflecting its current status as the blockchain of choice for DeFi. Binance Smart Chain (BSC) was next, with $ 2.5 billion in losses.
See the related article: Ethereum’s web 3.0 ecosystem expands, 3.4 million now in DeFi
“The DeFi ecosystem is an incredibly exciting and rapidly evolving space, with financial services innovation unfolding at lightning speed,” Tom Robinson, chief scientist at Elliptic, said in a statement. “It attracts large amounts of capital to projects that are not always robust or well tested. Criminal actors saw the opportunity to exploit this.
According to Elliptic, the losses are magnified by the relatively untested and immature nature of decentralized technologies. The majority of DeFi losses have been attributed to bug and code exploits, where hackers exploit errors in smart contract code, and economic exploits, where the attacker exploits loopholes in the functioning of the DeFi service. An example of an economic exploit is where an attacker manipulates asset prices in order to take advantage of arbitrage opportunities on DeFi services that would not otherwise exist, such as through a flash loan.
“Decentralized applications are designed to be trustless in that they eliminate third-party control over user funds,” said Robinson. “But you still have to believe that the creators of the protocol didn’t make any coding or design errors that could result in a loss of funds.”
“Admin key” exploits, where access to manage a smart contract is used to steal funds from the dApp, and exit scams or stack draws, where the creator or operator of the dApp disappears with user funds, are other ways in which funds have been stolen.
DApps such as decentralized exchanges (DEX), decentralized mixers, and cross-chain bridges can also be used by criminals to hide their trail of blockchain money and launder ill-gotten gains, without using centralized services that could alert the police.
“DeFi has become an important tool for money launderers, including those looking to cash in on proceeds from Asia-based trade thefts,” Robinson said. Forkast. News in a follow-up email. “The recent hacks suffered by KuCoin and Liquid resulted in the transfer of stolen funds through various dApps, which is a powerful reminder of the international need for regulators to pay due attention to DeFi. “
See the related article: What are the challenges of DeFi regulation?
With the rise of cryptocurrencies, especially stablecoins and DeFi, regulators around the world are questioning how they are supporting innovation to thrive, while managing the associated risks.
The Financial Action Task Force – the global anti-money laundering and terrorist financing standards body (AML / CTF) – said in its updated guidelines released in October that a DeFi application is not a Virtual Asset Service Provider (VASP), but creators, owners, operators or persons who have sufficient control or influence over the DeFi agreement will be considered a VASP and will be subject to AML regulation.
Consumer protection is also a top concern for many regulators. “Regulatory sentiment in Hong Kong indicates that while large institutional investors may remain free to interact with DeFi platforms and the crypto ecosystem in general, retail investors may face significant restrictions,” Chris DePow, Senior Advisor for Financial Institution Regulation and Compliance at Elliptic, Raconté Forkast. News in an email. “The HKMA and other local regulators have made it clear that consumer protection remains crucial and, therefore, the growing DeFi industry will need to be well regulated to thrive in the Hong Kong market.”
“Hong Kong regulators are keenly aware of the need for regulatory innovation to keep pace with technological innovation. Traditionally, the HKMA has long held principles of financial crime mitigation that will likely be reflected in any crypto regulations it has planned, ”added DePow. “The HKMA may well seek to develop a framework that promotes Hong Kong as a central DeFi hub in the region precisely by reassuring businesses and individuals that it is safe and secure to do business there.”
Singapore, another financial and fintech center in Asia, is also paying close attention to DeFi developments. “Regulations designed to manage risk in a world of intermediaries are ill-suited where intermediaries are replaced by smart contracts,” said Ravi Menon, managing director of the Monetary Authority of Singapore, in a recent speech to Singapore FinTech Festival 2021. is more difficult when control or governance is dispersed across the blockchain.
DePow says Singapore has taken a tough approach, expecting crypto companies to operate within the established regulatory and licensing framework.
“Regulators who play an active role in shaping regimes to adapt to new technologies will likely be a positive force in establishing their markets as hubs for secure, global DeFi activity and contributing to reduce crime rates, ”DePow said. “Currently, Singapore is ahead of its time in fulfilling its role as a catalyst for the future of finance. “
See the related article: How Singapore views Web 3.0 and DeFi as it braces for a digital Singapore dollar