The DeFi Financial Crime Arms Race

By taking a fresh approach to stamping out financial crime we can build a safer future for DeFi.

AccessTimeIconSep 27, 2022 at 5:19 p.m. UTC
Updated May 11, 2023 at 6:06 p.m. UTC
Layer 2
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Decentralized finance (DeFi) is a vibrant and innovative ecosystem that has the potential to improve efficiency and transparency in financial markets and serve as a driving force in redefining the future of finance. Built on public permissionless blockchains, DeFi’s mission is to give anyone with an internet connection the ability to tap into financial services, which in turn promotes equal opportunity and financial democratization around the world.

However, given its open nature, DeFi is undergoing the same arms race that has plagued every nascent but innovative technology and industry: fighting criminals who want to take advantage of it.

DeFi is no stranger to financial crime. In 2021, money laundering in crypto accounted for more than $8 billion, with almost $1 billion of this being sent to DeFi protocols. While these headline numbers are concerning, let’s put them in context. It’s estimated that somewhere between 100 and 250 times that number in fiat currency is laundered each year in traditional financial markets – most of it opaque, much of it undetected, and even less acted upon by law enforcement.

Michael Karbouris is vice president and head of strategy, anti-financial crime technology at Nasdaq.

The fact that we can estimate with a much higher degree of accuracy how much money is being laundered in DeFi highlights a truth that is sometimes overlooked: DeFi is largely transparent, and a transparent market should in theory be easier to police. The ability to monitor almost every transaction is something that is still near impossible to carry out in traditional fiat markets. And yes, while privacy-oriented protocols in DeFi will likely only get more popular, the beauty of zero-knowledge proof technology is that it allows opt-in transparency while maintaining privacy through pseudo-anonymity.

When it comes to DeFi, ultimately we all want an ecosystem with integrity, one that breeds confidence for the growing crypto community. But simply looking to traditional finance (TradFi) as a model on how to achieve this is not optimal. Rather than trying to fit existing regulations tailored for TradFi markets, we should be understanding DeFi’s idiosyncrasies, focusing on the types of financial crimes that are unique to the DeFi ecosystem and that truly hurt the end user, and aligning methods of detection and prevention with crypto’s core values of decentralization and trustlessness.

The various shades of DeFi-specific financial crime

The whole point of laundering money is to make illicit income, usually generated through criminal activity, appear legal. When it comes to crypto, criminal activities such as theft and fraud can look vastly different to how they appear in traditional financial markets. This is a result of the public nature of the technology, lack of intermediaries and the pseudo-anonymity afforded by permissionless blockchains.

Theft via ransomware is a technical affair, and stopping it relies heavily on a victim’s cybersecurity hygiene. Especially during periods of mass user adoption, many unsuspecting users might be expected to be lacking in this area. Intentional fraud (such as rug pulls or admin key exploits) has unfortunately been common in DeFi and has caused billions in unnecessary losses. Some estimates believe that rug pulls account for ~40% of stolen funds in DeFi.

Another category, contract exploits, are a huge contributor to stolen funds. Recent examples include the Axie Ronin bridge exploit for $650 million and the Wormhole bridge exploit of over $320 million. Funds in DeFi are usually stored in smart contracts and governed by a protocol decentralized autonomous organization (DAO). These smart contracts are typically publicly available for all to see. Because of the speed with which innovation takes place in DeFi, many protocols launch with bugs or design flaws or before they are truly battle tested. The shores of DeFi are littered with corpses of protocols that were exploited and drained of funds.

A third, more subtle category of financial crime behaviors exists exclusively on-chain. These are behaviors specific to the idiosyncrasies of the blockchain. They do not fit squarely in the realm of financial crime defined within TradFi. If you look at these behaviors closely, they are financial crimes highly specific to DeFi. For example, composability attacks are unique given the composable nature of DeFi, where individual protocol functions are made openly available for any other protocol to use and reuse.

Another example unique to DeFi is mempool front-running and sandwich attacks. Here, a bot will look for pending transactions in the mempool used to temporarily store transactions prior to a block being confirmed. The bot will simultaneously front-run and back-run the transaction by placing an order just before the trade and just after it. The net result is an unfavorable impact to the price of the asset, much like front-running in traditional markets.

We cannot hope to solve financial crime in DeFi without first understanding the idiosyncrasies of the ecosystem, and working with a community mindset that sees the value in adopting effective prevention systems aligned to these problems. Unfortunately, regulation born from TradFi, when imposed on a novel ecosystem such as DeFi, has the potential to do more harm than good.

A hotly debated example is the recent OFAC sanctions against popular mixer Tornado Cash. This is the first time OFAC has sanctioned decentralized protocol code instead of an individual, group or property. The ruling has far-reaching implications on individual due process and rights to privacy, risks stifling innovation, and while it may serve as a deterrent, it is unlikely to achieve meaningful crime prevention.

How we can protect the less-transparent CeFi ecosystem

Ironically, one of the areas where DeFi loses its advantage of transparency is when funds move to a centralized exchange – effectively going off-chain. Here, regulators must rely on market participants to detect unusual activity.

Surveillance of activity on central limit order books (CLOB) helps detect suspicious market abuse activities, like insider trading, and order book manipulation like spoofing and layering. The vast majority of market abuse carried out today is not performed via DeFi on-chain and can instead be detected by the crypto exchange themselves. Crypto exchanges should monitor their CLOB with effective market surveillance technology – an approach that is well aligned with rules that already apply to regulated centralized firms.

Similar detection for money laundering and fraudulent financial crimes in centralized finance (CeFi) can be done for fiat deposit-taking accounts at centralized exchanges. Here, fiat banking transactions can be used to build a much better understanding of customer behavior and matched with on-chain activity. Firms can find anomalies in the flow of customer funds that are indicative of fraudulent activity or money laundering either on- or off-chain.

Ultimately, once funds move off-chain to a centralized exchange or other crypto service provider, the onus lies back with the centralized party to monitor for illegal behavior.

A smart technology needs smart regulation

In general, the DeFi ecosystem is filled with mostly good actors. Many DeFi protocols as well as centralized firms that are innovating in DeFi are genuinely interested in a clean market and want to avoid criminal activity. There are banks, service providers and other regulated institutions that want to partake in crypto through issuance of stablecoins, provision of institutional-grade crypto custody, and the introduction of a whole host of new and novel crypto products and services. The spectrum of possible DeFi users spans the entirety of the global economy.

How can we help DeFi grow into a safer and better environment for all? Rather than creating regulations that force industry to abstain from DeFi, or trying to fit a novel DeFi ecosystem into a traditional financial system box, it would be more beneficial for regulators to truly understand the unique risks inherent in this innovative new ecosystem and design bespoke, light-touch regulation to address it. In parallel, the crypto industry should be building better detection systems to help isolate these unique types of financial crimes and protect the protocol end users and protocols themselves.

As it rapidly evolves, DeFi would greatly benefit from a fresh approach to stamping out financial crimes – and regulators would benefit from looking at DeFi through a lens that acknowledges the core value proposition of crypto: a trustless, decentralized and pseudonymous environment. We should help individuals and institutions feel confident interacting with and investing in DeFi, and ultimately the crypto ecosystem will grow, mature and deliver on its mission as it was envisioned.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Michael  Karbouris

Michael Karbouris is Vice President and Head of Strategy, Anti-Financial Crime Technology at Nasdaq.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.