Can Crypto Thieves Use DeFi to Profit from Stolen Funds?

And should DeFi allow it? Also, Stake Capital is launching a revenue-sharing DAO

Hello defiers! Here’s what’s going on in decentralized finance

  • DeFi debate over Upbit hack

  • Stake Capital revenue-sharing DAO

A reminder that The Defiant’s beta period is ending next week. That means subscription prices will increase from $80/year and $8/month, to $100/year and $10/month. If you become a subscriber now, you’ll be locking in the discounted price for the next 12 months. You’ll have full access to the content and archive, and be in the select club of early Defiers, which will get its own perks. And this almost-daily newsletter is just the start. You’ll know what I mean soon. Thanks again for your support; it’s exciting to watch this new financial system together.

Can (and Should) DeFi Enable Crypto Thieves to Profit?

Another day, another centralized exchange hack. This time 342k ether, or about $49 million, got stolen from Upbit. The South Korea-based exchange said it will replace the funds with the company's assets, and suspended all crypto deposits, withdrawals, and transfers to cold wallets.

Upbit calls itself “the most trusted crypto-asset exchange,” but these hacks are exactly why it’s better not to trust exchanges and have the ability to control your funds. I wrote about how Dexes are an answer to this just yesterday, here.

Aside from the “not your keys, not your crypto” meme that comes up whenever centralized exchanges get hacked, this time, because ETH was stolen, another interesting question came up: What if the hacker is able to more easily profit from the stolen funds thanks to DeFi.

Whereas before, hackers had to somehow obscure the flow of funds and cash out before their accounts were blacklisted, they can now profit from the stolen funds using decentralized finance platforms, which largely don’t do KYC and aren’t supposed to interfere with users’ trades and funds by design.

The hacker may move the stolen ETH into a MakerDAO Vault to mint DAI, or use Kyber Network or Uniswap Exchange to swap, and then deposit that Dai into Compound Finance to generate interest, Bobby Ong of Coingecko and Su Zhu of Three Arrows Capital said. Or any other combination using the dozens of platforms designed to enable anyone, anywhere to engage in complicated financial transactions.

Do these organizations need to stop the stolen money flow?

If they do, that would potentially put them in a tough position with regulators who can use their interference as evidence to say that they actually do control these systems and should be held liable for any other forms of misconduct (like money laundering or unregistered securities trading) happening on them. If they don’t, they’d be enabling thieves to profit from other people’s money, and signaling to other hackers that the door is open for them to do the same.

Another question is, can they stop them?

The New SaaS is Staking-As-A-Service

Sign up to get the best and only daily newsletter focusing on decentralized finance news, complete with analysis, exclusive interviews, scoops, and a weekly recap. Those who become paying subscribers in the current 60-day beta period which started Oct. 1 get an early supporter discount :)

About the author: I’m Camila Russo, a financial journalist writing a book on Ethereum with Harper Collins. I was previously at Bloomberg News in New York, Madrid and Buenos Aires covering markets. I’ve extensively covered crypto and finance, and now I’m diving into DeFi, the intersection of the two.