While Binance announced Friday that it had recovered $5.8 million in stolen funds from Lazarus Group, law enforcement still has a long way to go in equipping itself with the necessary, sophisticated tools to investigate cryptocurrency-related crimes go.
Since the U.S. Treasury Department approved digital wallets holding stolen funds, hackers have moved funds to launder nearly $100 million in installments through Tornado Cash, a hybrid service that obfuscates the origin and destination of any given cryptocurrency contacts between transactions.
In fact, there is undoubtedly an arms race going on as hackers are finding new ways to target consumers, most recently social engineering tactics via the Trezor-Mailchimp phishing scam.
According to Elliptic employees, this is a critical time for law enforcement and the industry at large:
“We’re at a particularly important moment: everyone is still learning what’s possible and how attacks can happen, and the borderless nature of encryption makes it difficult to enforce standards globally,” the employee said.
“These people operate all over the world. Even if you enforce well in one jurisdiction, if enforcement is weaker in other jurisdictions, you will still have problems.”
Should DeFi Consider AML Compliance Solutions?
In general, the intelligence tools used by law enforcement can track crimes that take place directly on the blockchain, rather than finding funds from other criminal activities into the crypto space.
Some DeFi smart contracts allow illegally obtained funds to be converted into privacy-focused cryptocurrencies such as Monero, making it easier to eliminate breadcrumbs tracked by law enforcement officials. Monero transactions are recorded in an obscure ledger, making transaction visibility more complex than a public ledger such as the Bitcoin network.
Of course, DeFi is difficult to police, with money laundering reaching $8.6 billion in 2021, a 30% increase from 2020, according to Chainalysis, with suspicious addresses receiving $900 million. According to Chainalysis, the figures represent only funds from “crypto-native” crime, meaning cybercriminal activity, such as darknet market sales or ransomware attacks, where profits are almost always made in cryptocurrency rather than fiat.
“This shows that DeFi platforms need to consider compliance solutions to prevent their platforms from being abused for illicit activities,” said Chainalysis’ Kim Grauer.
“DeFi is taking advantage of regulatory loopholes because they don’t actually hold customers’ money like brokers,” said David Jevons, a senior executive at CipherTrace, which was founded in 2015 with federal funding.
Lawmakers’ clock is ticking
For now, lawmakers are in a dilemma. If the Lazarus Group used money laundering to fund North Korea’s ballistic missile and nuclear programs and orchestrated last year’s ransomware attack on colonial pipelines — then the US federal government should rightly view these as a national security threat.
However, questions remain as to whether it is legal under U.S. federal law to enforce compliance with AML rules on software developers. “Writing and publishing software is free speech under the First Amendment,” argues Miller Whitehouse-Levine, policy director at the DeFi Education Fund.
One regulatory approach might be to find a corporate hook on a DeFi platform where regulatory mandates can be suspended.
As a case in point, SEC Chairman Gary Gensler said DeFi reminded him of the P2P lending business of the early 2000s, which had an intermediary. For example, one could lock in the DeFi governance mechanism and build a framework around it.
Ultimately, time is running out for lawmakers.
What do you think about this topic? Write to tell us!
All information contained on our website is published in good faith and for general information purposes only. Any action that readers take with respect to the information on our site is entirely at their own risk.