According to the official release from CipherTrace, which is an excerpt from its upcoming 2020 Cryptocurrency Crime and Anti-Money Laundering Report, DeFi hacks have accounted for 21% of the total thefts and hacks this year.
The first six months of 2020 saw $51.5mln stolen from DeFi platforms, accounting for 45% of all thefts and hacks during that period. This then increased in the second half of 2020, as $47.7mln was stolen from DeFi platforms which accounted for 50% of all thefts and hacks in the second half of the year.
Booming DeFi attracts cybercriminals
Of particular significance is the fact that in 2019 the DeFi hack volume was ‘virtually negligible’ according to CipherTrace. Naturally the burgeoning DeFi sector’s rise in prominence in 2020 is a likely cause of cybercriminals looking to take advantage.
The report suggests that the sheer volume of US Dollar value locked in DeFi platforms and protocols has potentially created new money laundering risks – considering that decentralized exchanges have become the preferred route for hackers to mix stolen cryptocurrency and hide their digital tracks.
By the end of October 2020 DeFi has locked in a total of $14.2 billion, which equates to 31% of Ethereum’s total market capitalization. When compared to the amount of value locked into DeFi at the beginning of the year, we’ve seen a 700% increase from the $1.7bln accounted for at the start of 2020.
Interestingly, the percentage of hacked volume from DeFi platforms for the second half of 2020 would have been higher had it not been for the KuCoin cryptocurrency exchange hack which saw around $281mln stolen.
Had this amount not been accounted for, DeFi hacks would have accounted for 50% of the total volume of hacks and thefts. With that being said, the perpetrators of the KuCoin hack made use of the DeFi platform Uniswap to convert stolen cryptocurrency.
Calls for regulatory intervention
As the CipherTrace report rightfully outlines, DeFi protocols are ‘permissionless by design’ and have operated in an area of scarce regulatory oversight and little or zero KYC or AML information and standards. This means that the space is ripe for money launderers and other malicious actors to take advantage of.
However it seems likely that the DeFi space will soon be subject to more scrutiny. The CipherTrace report notes that the Financial Action Task Force considers decentralized exchanges to be Virtual Asset Service Providers which have applicable regulatory parameters.
In addition the US Securities and Exchange Commission has also noted the apparent vulnerability of DeFi projects. SEC Senior Advisor for Digital Assets and Innovation Valerie Szczepanik provided a cautionary commentary at the recent Parallel Summit in September:
“Don’t feed into the hype that surrounded the IPO market. Hype leads to fraud, it can lead to bad implementations of code, insufficient testing. If the industry takes the time to get it right and engages with regulators to help them do so, then good stuff percolates to the top and you will have the benefits that come with the promise of distributed ledger technology.”
The report also notes that the European Union has introduced a proposed regulation called the Markets in Crypto-Assets (MiCA) bill which could potentially ban decentralized exchanges from serving European users if they are not incorporated as legal entities and registered in a member state of the EU.