Benzinga – Decentralized finance (DeFi) services are increasingly becoming a national security concern in the U.S. due to their vulnerability to large-scale thefts and cyberattacks, according to the U.S. Department of the Treasury.
A combination of factors, including the aggregation of funds, lack of cybersecurity and audit requirements, concentrated administrator rights and the availability of open-source code for DeFi services’ smart contracts, contribute to these vulnerabilities, stated the Treasury’s 2023 DeFi Illicit Finance Risk Assessment published on Thursday.
Cross-chain bridges are particularly attractive targets for hackers as they often feature central storage points for funds backing the bridged assets on the receiving blockchain.
Treasuries and liquidity pools of DeFi services are also common targets.
Large software firms struggle to deploy secure products. DeFi services, which usually operate as small enterprises, face even greater challenges in secure code development.
In a market without binding or normative cybersecurity requirements, some DeFi services perform code audits, but there is a lack of standardization and services have been exploited even after claiming successful audits.
Also Read: BRICS Currency Game-Changer: Impact Of Financial Earthquake On Global Economic Dynamics
The report further stated many DeFi services make their code viewable to the public, increasing transparency and users’ confidence, but this also provides opportunities for cybercriminals to review the code and identify potential exploits for theft or other misuses.
The public availability of many DeFi services’ source code also presents opportunities for others to reuse the code in smart contracts for a separate DeFi service, potentially leading to widespread exploits if the code contains vulnerabilities.
The report added that entities such as the Democratic People’s Republic of Korea (DPRK), cybercriminals, ransomware attackers, thieves and scammers are using DeFi services to transfer and launder their illicit proceeds.
They are able to exploit vulnerabilities, despite many DeFi services that have anti-money laundering and countering the financing of terrorism (AML/CFT) obligations which they fail to implement.
“Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds. Capturing the potential benefits associated with DeFi services requires addressing these risks,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
Read Next: Japan’s Web3 Takeover: Is the Land of The Rising Sun Becoming A Crypto Haven?
Get The App
Join the millions of people who stay on top of global financial markets with Investing.com.
Download Now
© 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Read the original article on Benzinga
