.png)
The following represents all mentions of "DeFi" and "DEX" in the reports released from the Biden Administration on September 16, 2022
Decentralized platforms include what are referred to as decentralized exchanges (DEXs) and other types of platforms referred to as decentralized finance (DeFi) protocols. -Pg. 10
Proponents of DeFi protocols see the purported absence of intermediation as a benefit that allows users to make trades and move their assets wherever and whenever they want, without having to wait for bank transfers or pay bank fees. However, as others have observed, the miners and validators that are critical to the execution of any transaction on DeFi trading or lending platforms play an important intermediation role.28 Further, a lack of industry-recognized operational control frameworks, conduct standards, or other self-policing mechanisms often leaves users exposed to a number of risks specific to DeFi protocols,29 as well as some of the same risks as with unregistered or unregulated CEXs. As a result, it is important for investors, consumers, and other market participants to be made aware of the fact that they are exposed to greater risks when engaging with DEXs.30 See Part IV for further discussion of risks in DeFi. -Pg. 10
Many DeFi protocols claim not to rely on a formal centralized governance structure. Specifically, organizers of DeFi protocols aspire to operate autonomously, with little or no governance structure. In practice, many DeFi protocols adopt governance elements. For instance, the organizers of a DeFi protocol may employ a DAO in which (i) participants may have the ability to maintain direct real-time control of contributed funds and (ii) governance rules may be formalized, automated, and enforced using smart contracts or other software. -Pg. 10-11
There are possibly thousands of DeFi protocols, though only a small number experience significant user activity. One frequently cited data aggregator reportedly tracks more than 1,800 different DeFi protocols across 27 different categories with a combined “total value locked” (or “TVL”) of $86.0 billion as of August 19, 2022.33 The most prominent category of DeFi protocols includes those that facilitate the trading of crypto-assets (i.e., DEXs), reportedly with 516 separate platforms with a combined $26.3 billion in TVL.34 -Pg. 11
In contrast to the type of trade matching typically carried out on centralized platforms (such as central limit order books), some DEXs rely on liquidity pools and automated market-making enabled by smart contracts to facilitate trading and other types of services. Afer DEXs, lending and borrowing DeFi protocols reportedly have the greatest TVL at $17.3 billion across 164 separate platforms; there are also reportedly 338 protocols that pay users a reward for staking crypto-assets on the platform—so- called “yield” protocols—with over $8.4 billion TVL. -Pg. 11
As with DeFi ownership, mining activities may be concentrated, and indeed have become increasingly dominated in recent years by organizations with large-scale operations. 38 -Pg. 12
Crypto-asset and DeFi markets operate globally on a 24/7 basis, producing a constant flow of data about transactions, coin and token prices, trading volumes, and other financial metrics and activities taking place on- and off- chains. Where assets or transactions occur on public blockchains, such as through DEXs or other DeFi protocols, the information is recorded on the underlying ledger and is in theory completely open and transparent to all market participants.39 -Pg. 12
Unlike traditional registered exchanges, CEXs and DeFi protocols operating today either are not complying with, or are not subject to, obligations to report accurate trade information periodically to regulators or to ensure the quality, consistency, and reliability of their public trade data. -Pg. 12
Both CEXs and DEXs generate revenues through trading fees, which can vary significantly among diferent platforms. Further, trading on DEXs generally includes gas fees to compensate miners and validators for contributing the computing and storage resources necessary to verify and write transactions to a blockchain. -Pg. 16
Participation in DEX and DeFi protocols’ liquidity pools, whereby users pool and lock their assets in the platform’s smart contract, relies on a profit-sharing model. -Pg. 16
CEXs or DEXs may also ofer other yield-generating activities, including lending and borrowing and staking services, sometimes referred to by platforms and users as “yield farming.” -Pg. 16
According to one estimate, DeFi protocols developed for lending and other yield farming activities appear to account for a little over one-third of the TVL in all DeFi platforms.61 Lending participants expect to receive new tokens issued by a DeFi protocol, representing their pro rata claim on the protocol’s lending pool, which they are able to redeem later for the assets originally placed plus accrued interest. -Pg. 17
Participants may also borrow crypto-assets from DeFi lending protocols. Like centralized lending platforms, DeFi lending protocols generally permit users to borrow only a fraction of their crypto- asset collateral (i.e., the loans are “over-collateralized,” in some cases up to 150% of the loan), users who can provide the required collateral can participate in transactions on the platform, and there is no credit assessment on borrowers. -Pg. 18
Startup companies, developers, and other participants in the crypto-asset ecosystem have raised funds from investors and other users to create blockchain projects, establish DAOs or DeFi protocols, or simply to create a new coin or token. -Pg. 18
2021 also marked the first year when the level of theft in DeFi surpassed theft on centralized exchanges; out of $3.2 billion of total stolen funds, $2.3 billion was stolen from DeFi protocols, as opposed to centralized platforms, which represented a year-over-year increase of over 1,300%.119 -Pg. 28
Analysts believe that most instances of theft from DeFi protocols can be traced back to errors in the smart contract code governing those protocols, which hackers exploit to steal funds, or promoters exploit flaws in their operating code that can lead to erroneous transactions, similar to the errors that allow rug pulls to occur. -Pg. 28
Much of DeFi is funded by venture capital and other professional investors. -Pg. 30
For example, one common form of governance, used broadly in DeFi applications, is the issuance of “governance tokens,” which purport to allow disparate participants to introduce and vote on proposals determining the function of a blockchain or overlying protocols. -Pg. 30
DeFi borrowers are at risk of having their collateral liquidated and a loan terminated at any time should the value of their collateral fall below a pre-determined liquidation threshold.144 -Pg. 33
No mention of DeFi or DEX.
To further obfuscate the laundering of ransomware proceeds, threat actors avoid using the same wallet addresses and use chain hopping,7 mixing services,8 and decentralized financial9 (DeFi) services. - Pg. 3
As described below, however, some persons despite characterizing themselves as P2P service providers or DeFi protocols may constitute a VASP and thus have AML/CFT obligations. -Pg. 5
Some DeFi services, meanwhile, allow for automated P2P transactions without the need for an account or custodial relationship, ofen through the use of smart contracts. Recent law enforcement investigations involving virtual assets have uncovered chain hopping (moving assets from one blockchain network to another via an exchange, swap, or “wrapped” asset19), and some of this activity has involved the use of smart contracts and other DeFi services. DeFi services often lack AML/ CFT or other processes to identify customers or suspicious activity and allow layering of proceeds, or the separation of the criminal proceeds from their origin, to take place instantaneously and pseudonymously. Frequently, DeFi services purport to run autonomously without the support of a central company, group, or person, despite having a controlling organization—through a decentralized autonomous organization, concentrated ownership or governance rights, or otherwise—that provides a measure of centralized administration or governance. -Pg. 6-7
As noted above, some P2P service providers and DeFi services providers may have AML/CFT obligations if they operate wholly or in substantial part in the United States and offer money transmission services. -Pg. 7
Some of the supporting actions also include new efforts, such as preparing an illicit finance risk assessment on DeFi or convening state supervisors responsible for VASPs to promote standardization and coordination of state licensing and AML/CFT obligations. -Pg. 9
Lead efforts at the FATF to monitor the virtual asset and VASP sector for material changes or developments that necessitate further revision or clarification of the FATF standards. This includes discussions on DeFi, P2P, non‐fungible tokens (NFTs), and other emerging technologies. (Lead: TREAS) -Pg. 10
Prepare and publish a risk assessment by February 24, 2023 on the money laundering and terrorist financing risks related to DeFi. Prepare and publish a risk assessment by July 2023 on the money laundering and terrorist financing risks related to NFTs. (Lead: TREAS) -Pg. 10
Deepen engagement with the private sector to enhance its understanding of existing compliance obligations; exchange information on priority illicit finance threats, as appropriate; and continue fostering relationships with firms in the virtual asset space, to include DeFi. -Pg. 14
What are the illicit finance risks related to DeFi and P2P payment technologies? -Pg. 16
What steps should the U.S. government take to effectively mitigate the illicit finance risks related to DeFi? -Pg. 16
As explained below, much of the criminal activity today continues to fall within the three main categories identified in the Enforcement Framework, but the rise of DeFi has created new opportunities for criminal exploitation— and associated challenges for law enforcement agencies investigating possible wrongdoing. -Pg. 4
In the two years since the publication of that Enforcement Framework, the digital assets ecosystem has expanded in key ways, driven by quickly evolving technology, the proliferation of digital assets beyond bitcoin,10 and the rise of DeFi. -Pg. 5
According to one estimate from a blockchain analysis company, more than $3.2 billion in cryptocurrency was stolen from individuals and services in 2021.31 This represents a significant year-on-year increase, almost six times the amount stolen in 2020, driven in large part by victimization of DeFi platforms, whose open-source architecture makes it easier for attackers to identify security vulnerabilities or exploit flaws in smart contract code.32 -Pg. 9
Since the publication of the Cryptocurrency Enforcement Framework in 2020, the digital assets space has seen dynamic growth in DeFi and the development and popularization of NFTs. -Pg. 10
DeFi platforms raise novel fraud, consumer and investor protection, and market integrity issues. There is currently “no generally accepted definition of ‘DeFi,’ or what makes a product, service, arrangement or activity ‘decentralized.’”36 But the term broadly refers to digital asset protocols and platforms that allow for some form of automated peer-to-peer transactions, often through the use of smart contracts based on blockchain technology. Frequently, DeFi platforms purport to run autonomously without the support of a central company, group, or person, relying instead on distributed governance to allow users to make decisions collectively—although some DeFi platforms are decentralized more in name than in fact. DeFi services may include lending, borrowing, purchasing, or trading digital assets, including assets that function as financial products like securities, insurance, or derivatives. DeFi platforms are open for anyone to use and are marketed as an alternative both to traditional financial intermediaries like banks or brokerages, as well as to VASPs that operate as exchanges.37 -Pg. 10
While the transparency of DeFi platforms— typically based on smart contracts and open- source code—is one of their primary features, such transparency also allows malicious actors to identify and exploit vulnerabilities, leading to victim losses and undeniable social harm. -Pg. 10
DeFi platforms may also raise a host of consumer and investor protection and market integrity concerns of the kind typically subject to state and federal regulation. DeFi platforms offering financial products or services may fall under the jurisdiction of Treasury, the Commodity Futures Trading Commission (CFTC), and/or the Securities and Exchange Commission (SEC), among others.38 However, because it can be difficult to identify a single person or entity who operates a DeFi platform, enforcing applicable statutory and regulatory obligations can be challenging. -Pg. 10
The open-ended nature of DeFi platforms, which are accessible to users worldwide for pseudonymous, one-off transactions, and their ability to execute large, immediate, and automated financial transactions, create substantial money laundering risk. Criminal elements can exploit even well-intentioned DeFi projects if there are insufficient controls to detect and prevent transactions involving funds derived from illegal activity or intended to facilitate criminal activity. And several DeFi projects have affirmatively touted the lack of money laundering controls as one of the primary goals of decentralization. For instance, one cryptocurrency exchange announced in 2021 that it would transition from a traditional corporate structure into a decentralized autonomous organization (DAO) for the stated purpose of ceasing to collect KYC information.39 Similarly, a founder of an Ethereum-based mixing service purportedly organized it as a DAO to provide automated mixing services.40 Such examples underscore the need for robust efforts to prevent DeFi from becoming a haven for terrorists, money launderers, and other criminals. -Pg. 10
The DAC Network will also serve as a source of information and discussion addressing new digital asset forms, such as DeFi, smart contracts, and token-based platforms. -Pg. 17
To date, the SEC has brought more than 100 enforcement actions involving digital assets, including ICOs, unregistered securities exchanges, and DeFi protocols. And courts have recognized that the Howey test applies to offerings of digital assets. -Pg. 26
In August 2021, the SEC charged two individuals and their Cayman Islands company for unregistered sales of more than $30 million in securities using smart contracts and so-called DeFi technology and for misleading investors concerning the operations and profitability of their business “DeFi Money Market.”97 The SEC’s order found that the respondents used smart contracts to sell two types of digital tokens: one that could be purchased using specified digital assets and that paid a given percent interest, and another so-called “governance token” that purportedly gave holders certain voting rights, a share of excess profits and the ability to profit from token resales in the secondary market. -Pg. 27
As announced, the newly renamed and expanded Crypto Assets and Cyber Unit (formerly known as the Cyber Unit) will continue to address cyber-related threats in the nation’s markets. It will also leverage the agency’s expertise to ensure investors are protected in the crypto markets, with a focus on investigating securities law violations related to crypto asset offerings, crypto asset exchanges, crypto asset lending and staking products, DeFi platforms, NFTs, and stablecoins. -Pg. 28
The CFTC has also addressed misconduct in DeFi markets. For example, a 2022 CFTC order found that Blockratize, Inc. (d/b/a Polymarket) unlawfully offered off-exchange event-based binary options contracts and failed to obtain designation as a designated contract market or register as a swap execution facility in the derivatives (event contract) markets it operated.115 -Pg. 29
# # #
If crypto advocates don't define crypto, then the government will define crypto.