Defi And Crypto Markets Deemed A Threat To National Security By Department of the Treasury
Decentralized finance (DeFi) and crypto services are increasingly becoming a national security concern in the U.S. due to their vulnerability to large-scale thefts and cyberattacks, according to the U.S. Department of the Treasury.
A combination of factors, including the aggregation of funds, lack of cybersecurity and audit requirements, concentrated administrator rights and the availability of open-source code for DeFi services’ smart contracts, contribute to these vulnerabilities, stated the Treasury’s 2023 DeFi Illicit Finance Risk Assessment published on Thursday.
Cross-chain bridges are particularly attractive targets for hackers as they often feature central storage points for funds backing the bridged assets on the receiving blockchain. Treasuries and liquidity pools of DeFi services are also common targets.
Large software firms struggle to deploy secure products. DeFi services, which usually operate as small enterprises, face even greater challenges in secure code development.
In a market without binding or normative cybersecurity requirements, some DeFi services perform code audits, but there is a lack of standardization and services have been exploited even after claiming successful audits.
The report further stated many DeFi services make their code viewable to the public, increasing transparency and users’ confidence, but this also provides opportunities for cybercriminals to review the code and identify potential exploits for theft or other misuses.
The public availability of many DeFi services’ source code also presents opportunities for others to reuse the code in smart contracts for a separate service, potentially leading to widespread exploits if the code contains vulnerabilities.
The report added that entities such as the Democratic People’s Republic of Korea (DPRK), cybercriminals, ransomware attackers, thieves and scammers are using DeFi services to transfer and launder their illicit proceeds.
They are able to exploit vulnerabilities, despite many DeFi services that have anti-money laundering and countering the financing of terrorism (AML/CFT) obligations which they fail to implement.
“Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds. Capturing the potential benefits associated with DeFi services requires addressing these risks,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
This article was originally published on Benzinga and appears here with permission.