The crypto sector may have rebounded in recent months, but its long-standing vulnerabilities remain, the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) said in a report released Thursday.
In a joint report for the European Commission evaluating recent developments in cryptoassets, decentralized finance (DeFi), crypto lending, borrowing and staking, the regulators highlighted ongoing concerns about risks to investors and the financial system.
Among other things, the regulators found that, while DeFi hacks and the value of stolen crypto has typically grown alongside the market, the mechanisms underlying these crimes have evolved.
“While historically the majority of DeFi hacks have stemmed from on-chain vulnerabilities (mainly through the exploit of smart contract vulnerabilities), recent attacks on DeFi appear to be more successful when exploiting off-chain vulnerabilities,” such as compromising users’ private keys, the report said.
At the same time, the sector remains a threat to the financial system in terms of its vulnerability to money launderers and terrorist financiers.
The report found that DeFi protocols “present significant risks of [money laundering/terrorist financing], with flows on decentralized exchanges representing 10% of spot crypto trading volumes globally.” It also noted that these risks stem from the sector’s lack of controls, which means that users can transact anonymously.
“The risk is increased due to the cross-border nature of transactions as the funds or crypto-assets from potentially illegitimate sources can be transferred via DeFi without any obligations on the protocols to perform AML checks,” the report added.
The same kinds of money laundering risks are evident in the business of lending, borrowing and staking cryptoassets, the report found, adding that there’s also a lack of transparency in this area.
“In particular, some users may receive insufficient information on the terms and conditions of these services in areas such as fees, interest rates paid or yields, changes to collateral requirements, among other relevant disclosures,” the regulators found.
These kinds of disclosures are often “not clear or misleading,” the report said, hampering investors’ ability to “properly identify and assess all potential risks they may incur.”
Additionally, the risk of excessive leverage “is enhanced in DeFi settings and where lending services are used to fund staking,” the regulators said. “DeFi lending and borrowing also appears to face market concentration risks,” they noted.
Nevertheless, the EBA and ESMA said they didn’t find financial stability risks stemming from crypto lending, borrowing and staking activity.
They also concluded that financial institutions have “very limited direct exposure” to DeFi, noting that the repeated booms and busts in the crypto sector and DeFi markets haven’t had any meaningful spillover effects to traditional financial institutions.