The U.S. Treasury believes that subpar cybersecurity practices used by decentralized finance (DeFi) services pose a threat to the crypto industry and national security 

In an April 6 report assessing the illicit finance risks in DeFi, the Treasury found that cybercriminals, including malicious actors from North Korea, used decentralized protocols to launder money.

They were able to do so by exploiting vulnerabilities in the U.S. and foreign AML regulatory regimes and the technology that underpins DeFi, stated the Treasury.

The regulators also asserted that the DeFi services operational today are covered under the Bank Secrecy Act (BSA), despite claims that they are “fully decentralized.” Many of these DeFi services don’t follow through with their AML obligations, prompting illicit actors to exploit the lack of compliance.

“Additionally, poor cybersecurity practices by DeFi services, which enable theft and fraud of consumer assets, also present risks for national security, consumers, and the virtual asset industry,” the report stated. 

The report named decentralized exchanges (DEXs), cross-chain bridges, coin mixers and liquidity pools as methods that even “lesser-skilled” actors use when laundering money. It also cited the Mango Markets exploit as a case example of how protocols are exploited. 

Following its risk assessment, the Treasury recommended that the U.S. government move to strengthen AML supervision and address the regulatory gaps related to DeFi.

More regulatory oversight could lead to tighter controls on DeFi – something that isn’t likely to be well received by the crypto community. However, many in the community saw a win for the industry in the report’s conclusion, which acknowledges that more illicit transfers are made through traditional fiat currency than digital assets.