Poor cybersecurity practices within the decentralized finance (DeFi) industry present a threat to crypto, consumers, and national security, according to a new report from the United States Treasury Department. 

The first-of-its-kind document argues that DeFi’s peer-to-peer nature presents new illicit finance risks that require extra legal supervision to address. 

The Risks of DeFi

Released on Thursday, the 2023 DeFi Illicit Finance Risk Assessment details how cybercriminals, scammers, and other illicit actors are abusing the DeFi ecosystem to launder money through systems that fail to implement proper sanctions and anti-money laundering controls. 

“There have been several instances of actors, including ransomware actors, thieves, scammers, and drug traffickers, using DeFi services to transfer and launder their illicit proceeds,” the report claimed. 

The department noted a variety of techniques for accomplishing this, including swapping funds into less traceable cryptos, moving between blockchains, and sending assets through cryptocurrency mixers. Laundered funds are then cashed out into fiat currency using Virtual Asset Service Providers.

Last August, the Treasury added the cryptocurrency mixer Tornado Cash to its list of sanctioned entities, due to its popularity with Korean cybercriminals. 

Ransomware is another high-profile issue noted by the department, which is recognized as a “national security priority.” Since transactions on crypto networks like Bitcoin are both pseudonymous and irreversible, they make for an ideal payment rail through which crimi