There has been heightened concern in recent days on misuse of Decentralised Finance (DeFi) for illicit activities, notably by terrorist groups seeking to raise finances, build infrastructure or expand their networks. Some of the emerging developments bring chilling messages and are a wakeup call for preventing the misuse of DeFi for terror and broadly a wide range of illicit activities. The developments come even as we see path breaking developments in fintech. DeFi is on a roll, providing momentum and revolutionising financial services globally.

According to CoinLaw, a website that reports on fintech, the number of active DeFi users globally reached 14.2 million wallets by mid-2025. The DeFi market is projected to grow annually at 43%, from $30.07 billion in 2024 to $178.63 billion by 2029. India ranked at number three in DeFi value in the 2024 Global Crypto Adoption Index provided by Chainalysis, which is a blockchain data platform.

DeFi platforms operate on blockchains and offer financial products and services enabling saving, investing, lending, remittance, insurance contracts etc., without the intermediation of traditional financial institutions like banking. The transactions take place through smart contracts, open protocols, and decentralised applications (D-Apps), allowing direct peer to peer transactions without intermediation. A digital wallet, when integrated with DeFi, serves as a gateway, bypassing the banking network.

DeFi Vulnerable to Criminal Activity, Investor Fraud  

Access to the DeFi service does not warrant the opening of an account or identity verification. A customer can register with a password and create several crypto wallets. Most wallets do not ask for an address, phone number or email verification and one can use different DeFi exchanges or DeFi lending and borrowing platforms. A 2023 working paper of the Bank for International Settlements notes that since DeFi aims at disintermediation, and the users interact with smart contracts, rather than through an institution, the absence of traditional financial institutions or market supervisory authorities makes DeFi vulnerable to criminal activity and investor fraud. In a 2023 paper (Dark side of decentralised finance: a call for enhanced AML regulation based on use cases of illicit activities) Benson et al have also underlined the vulnerability due to anonymity.

The risks inherent in DeFi must be evaluated against the potential advantages of DeFi, which include financial inclusion (it is available to anyone with Internet access), high liquidity, transparency (transactions recorded on a distributed ledger), lower costs of transactions, interoperability with other applications and no requirement for permission from a central authority. There are no free lunches. Vulnerability to criminal activities is striking.  

The embedded risks of DeFi unfold when mechanics are decrypted. DeFi works through self-executing smart contracts, which are vulnerable to hacking by criminals and terrorists. DeFi is governed through decentralised autonomous organisations (DAOs) - the group of persons who participate in its governance and decision making by virtue of their ownership of project tokens. Such a governance structure leads to regulatory uncertainty and lack of accountability.

The borderlessness of DeFi and the anonymity of the participants makes it challenging to recover funds stolen through cyberattacks. The tracking of transactions from unverified DeFi wallets is difficult. The illicit actors can mask their tracks by using different blockchains, crypto-mixers, anonymity enhancing tools and by using different DeFi wallets each time. The recipient of funds does not know from whom he received the funds. It is also difficult to block user accounts that have received suspicious funds.

To understand the risks in DeFi arrangements and address the potential regulatory blind spots, several jurisdictions have made their risk assessments of DeFi public. In its assessment published in April 2023, the US Treasury held that a DeFi service is liable to comply with anti-money laundering and terror financing obligations as applicable to any financial institution, but acknowledged that a lack of understanding among DeFi participants could exacerbate this risk, especially in jurisdictions that do not or inadequately apply international standards to DeFi service providers.

A January 2025 joint report by the European Banking Authority (EBA) and European Securities and Management Association (ESMA) points to significant risks of money laundering and terror financing in DeFi protocols, as the users can transact without being identified and verified. The recent National Risk Assessment of the UK (July 2025) also underlines the same factors and underscores the inherent vulnerabilities in DeFi protocols, specifically about terrorist financing. A June 2025 report by the Financial Action Task Force (FATF) (the international standard-setting body for anti-money laundering, countering of the financing of terrorism and countering proliferation financing) indicates that jurisdictions continue to struggle with identifying entities in DeFi and applying the FATF Standards.

Borderless Nature of DeFi

While some usefulness of the innovative and technological features of DeFi protocols is undeniable, the risks are obvious for a jurisdiction like India, which is under constant threat of terrorism. The inclusivity benefits of DeFi are no better than the ‘JAM’ trinity and the UPI, which have already brought financial services into the hands of the common man.  The borderless nature of DeFi introduces malevolent challenges. 

Since banning DeFi does not seem to be an option, in collaboration with the stakeholders, technology driven risk-based mitigation measures commensurate with the evolving DeFi ecosystem, could offer a workable solution.

India’s last National Risk Assessment was carried out in 2022. While a sectoral assessment focused on DeFi, on the lines of other jurisdictions, could proffer actionable inputs for future strategy, its wider dissemination would sensitize the DeFi participants to the risks to national security.

In its 2023 Mutual Evaluation Report on India, FATF recommended that India should broaden access to its National Risk Assessment and consider releasing a public version. Considering that the cross-border risks from DeFi are real and affect every citizen, an updated assessment of the DeFi sector would help flesh out a strategy in collaboration with the industry participants. It is time to prevent DeFi from becoming a weapon of mass destruction, as Warren Buffett famously said of the collateralized debt obligations.

(The writer is a former chairman of the Securities and Exchange Board of India and Life Insurance Corporation. Dr. Praveen Tiwari is a former financial advisor to CFATF, a regional body of FATF, and distinguished fellow, Pahle India Foundation. Views are personal. By special arrangement with The Billion Press)