KuCoin hack is proof that money laundering risk with DeFi is rising
02 Oct 2020

The recent $200 million hack of Singapore-based major cryptocurrency exchange KuCoin has been making headlines, but the difference between this attack and others in the past has been the hacker’s blatant utilization of everyone’s favourite new crypto frontier – DeFi (decentralized finance).

The KuCoin hacker must have had a lightbulb moment after the crypto media outlet Cointelegraph published the piece Regulatory risks grow for DeFi as a ‘money laundering haven’ not two weeks ago. Bing!

Generally it seems that the true innovation occurring in financial service is happening in DeFi. Imagine redesigning all financial products from scratch? The possibilities are endless. With $1 Billion locked into DeFi at the beginning of 2020, the figure has been increasing rapidly, currently standing at close to $10 Billion – a 10x increase. This is a very young sector with most of the operators not exceeding even 9 months. Mistakes are being made.

As is often the case, these innovations come with a whole lot of compliance risks – such as zero KYC/AML requirements for users on decentralised crypto-lending platforms. No safeguards are put on transaction monitoring so even proliferation financing sanctions can be breached by back-street uranium bargain hunters.

The lack of these basic safeguards leaves this quickly growing sphere at risk from the influence of bad actors and the majority of these DeFi projects would be treated as money laundering schemes if held to the same level of centralised VASPs – exposing some of the great teams involved in the space to the risks of being party to money laundering and terrorist financing.

The KuCoin hacker flew that flag when he/she took $millions in Synthetix tokens to the largest decentralised exchange (DEX), Uniswap and another DeFi swap provider, KyberSwap. And the KuCoin event is not the first time we at Coinfirm have seen transactions from hacks and scams going to DeFi.

This is not to say that DeFi is all bad, I personally think there is great innovation in finance happening there and transparency – once you know what you’re looking for and how – is high. But DeFi is a code, managed by the code.

Thus human intervention is theoretically very low and any measures to protect investors must be built into the protocol itself. This may encompass more stringent risk management policies or requirements to take into account the lack of credit scoring and human (or central) supervision. But for development teams coding the protocols, including compliance into the platform could be seen as hindering the fast scaling of operations at worst, or an afterthought at best.

In fact, there is a risk that compliance in DeFi is going in the total opposite direction, as Dovey Wan of Primitive Ventures notes – “All Defi infra are natural mixers with ultra low slippage” – meaning that the DeFi systems could easily be abused owing to their in-built code.

But I would urge protocol developers to take heed. Larry Cermak, The Block Crypto’s Director of Research, who chimed in about the KuCoin hack as he watched the Uniswap OCEAN (one of the hundreds of ERC-20 tokens stolen from KuCoin and which had to perform a hard fork due to the event) dumping wrote that a “high profile incident like this could bring Uniswap into regulators’ spotlight.”

By Pawel Kuskowski, Forbes, 30 September 2020

Read more at Forbes

RiskScreen: Eliminating Financial Crime with Smart Technology

Advance your CPD minutes for this content, by signing up and using the CPD Wallet