<p>There has been heightened concern in recent days about the misuse of Decentralised Finance (DeFi) for illicit activities, notably by terrorist groups seeking to raise finances, build infrastructure, or expand their networks. Some of the emerging developments bring chilling messages and are a wake-up call for preventing the misuse of DeFi for terror and, broadly, a wide range of illicit activities. The developments come even as we see path-breaking developments in fintech. DeFi is on a roll, providing momentum and revolutionising financial services globally.</p>.<p>According to ‘CoinLaw’, a website that reports on fintech, the number of active DeFi users globally reached 14.2 million wallets by mid-2025. The DeFi market is projected to grow annually at 43%, from $30.07 billion in 2024 to $178.63 billion by 2029. India ranked at number three in DeFi value in the 2024 Global Crypto Adoption Index provided by Chainalysis, a blockchain data platform.</p>.<p>DeFi platforms operate on blockchains and offer financial products and services enabling saving, investing, lending, remittance, insurance contracts, etc., without the intermediation of traditional financial institutions like banking. The transactions take place through smart contracts, open protocols, and decentralised applications (D-Apps), allowing direct peer-to-peer transactions without intermediation. A digital wallet, when integrated with DeFi, serves as a gateway, bypassing the banking network.</p>.<p>Access to the DeFi service does not warrant the opening of an account or identity verification. A customer can register with a password and create several crypto wallets. Most wallets do not ask for an address, phone number, or email verification, and one can use different DeFi exchanges or DeFi lending and borrowing platforms. A 2023 working paper of the Bank for International Settlements notes that since DeFi aims at disintermediation, and the users interact with smart contracts, rather than through an institution, the absence of traditional financial institutions or market supervisory authorities makes DeFi vulnerable to criminal activity and investor fraud. In a 2023 paper (Dark side of decentralised finance: A call for enhanced AML regulation based on use cases of illicit activities), Benson et al have also underlined the vulnerability due to anonymity.</p>.<p>The risks inherent in DeFi must be evaluated against the potential advantages of DeFi, which include financial inclusion (it is available to anyone with Internet access), high liquidity, transparency (transactions recorded on a distributed ledger), lower costs of transactions, interoperability with other applications, and no requirement for permission from a central authority. There are no free lunches. Vulnerability to criminal activities is striking.</p>.<p>The embedded risks unfold when mechanics are decrypted. DeFi works through self-executing smart contracts, which are vulnerable to hacking by criminals and terrorists. It is governed through decentralised autonomous organisations (DAOs) – the group of people who participate in its governance and decision-making by virtue of their ownership of project tokens. Such a governance structure leads to regulatory uncertainty and a lack of accountability.</p>.<p>The borderlessness of DeFi and the anonymity of the participants make it challenging to recover funds stolen through cyberattacks. The tracking of transactions from unverified DeFi wallets is difficult. The illicit actors can mask their tracks by using different blockchains, crypto-mixers, anonymity-enhancing tools, and by using different DeFi wallets each time. The recipient of funds does not know from whom he received the funds. It is also difficult to block user accounts that have received suspicious funds.</p>.<p>To understand the risks in DeFi arrangements and address the potential regulatory blind spots, several jurisdictions have made their risk assessments public. In its assessment in April 2023, the US Treasury held that a DeFi service is liable to comply with anti-money laundering and terror financing obligations as applicable to any financial institution, but acknowledged that a lack of understanding among DeFi participants could exacerbate this risk, especially in jurisdictions that do not or inadequately apply international standards to DeFi service providers.</p>.<p><strong>India’s assessment gaps</strong></p>.<p>A January 2025 joint report by the European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) points to significant risks of money laundering and terror financing in DeFi protocols, as the users can transact without being identified and verified. The recent National Risk Assessment of the UK (July 2025) also underlines the same factors and underscores the inherent vulnerabilities in DeFi protocols, specifically terrorist financing. A June 2025 report by the Financial Action Task Force (FATF) – the international standard-setting body for anti-money laundering and countering of terror financing – indicates that jurisdictions continue to struggle with identifying entities in DeFi and applying the FATF standards.</p>.<p>While some usefulness of the innovative and technological features of DeFi protocols is undeniable, the risks are obvious for a jurisdiction like India, which is under constant threat of terrorism. DeFi’s inclusivity benefits are no better than the ‘JAM’ trinity and the UPI, which have already brought financial services into the hands of the common man. The borderless nature of DeFi introduces malevolent challenges. Since banning DeFi does not seem to be an option, technology-driven, risk-based mitigation measures commensurate with the evolving DeFi ecosystem could offer a workable solution.</p>.<p>India’s last National Risk Assessment was carried out in 2022. While a sectoral assessment focused on DeFi, on the lines of other jurisdictions, could proffer actionable inputs for future strategy, its wider dissemination would sensitise the DeFi participants to the risks to national security.</p>.<p>In a 2023 Mutual Evaluation Report, FATF recommended that India should broaden access to its National Risk Assessment and consider releasing a public version. Considering that the cross-border risks from DeFi are real and affect every citizen, an updated assessment of the DeFi sector would help flesh out a strategy in collaboration with the industry participants. It is time to prevent DeFi from becoming a weapon of mass destruction, as Warren Buffett famously said of the collateralised debt obligations.</p>.<p><em>(Bajpai is a former chairman of LIC and SEBI; Praveen is a former financial advisor to CFATF, a regional body of FATF, and distinguished fellow, Pahle India Foundation; <br>Syndicate: The Billion Press)</em></p>
<p>There has been heightened concern in recent days about the misuse of Decentralised Finance (DeFi) for illicit activities, notably by terrorist groups seeking to raise finances, build infrastructure, or expand their networks. Some of the emerging developments bring chilling messages and are a wake-up call for preventing the misuse of DeFi for terror and, broadly, a wide range of illicit activities. The developments come even as we see path-breaking developments in fintech. DeFi is on a roll, providing momentum and revolutionising financial services globally.</p>.<p>According to ‘CoinLaw’, a website that reports on fintech, the number of active DeFi users globally reached 14.2 million wallets by mid-2025. The DeFi market is projected to grow annually at 43%, from $30.07 billion in 2024 to $178.63 billion by 2029. India ranked at number three in DeFi value in the 2024 Global Crypto Adoption Index provided by Chainalysis, a blockchain data platform.</p>.<p>DeFi platforms operate on blockchains and offer financial products and services enabling saving, investing, lending, remittance, insurance contracts, etc., without the intermediation of traditional financial institutions like banking. The transactions take place through smart contracts, open protocols, and decentralised applications (D-Apps), allowing direct peer-to-peer transactions without intermediation. A digital wallet, when integrated with DeFi, serves as a gateway, bypassing the banking network.</p>.<p>Access to the DeFi service does not warrant the opening of an account or identity verification. A customer can register with a password and create several crypto wallets. Most wallets do not ask for an address, phone number, or email verification, and one can use different DeFi exchanges or DeFi lending and borrowing platforms. A 2023 working paper of the Bank for International Settlements notes that since DeFi aims at disintermediation, and the users interact with smart contracts, rather than through an institution, the absence of traditional financial institutions or market supervisory authorities makes DeFi vulnerable to criminal activity and investor fraud. In a 2023 paper (Dark side of decentralised finance: A call for enhanced AML regulation based on use cases of illicit activities), Benson et al have also underlined the vulnerability due to anonymity.</p>.<p>The risks inherent in DeFi must be evaluated against the potential advantages of DeFi, which include financial inclusion (it is available to anyone with Internet access), high liquidity, transparency (transactions recorded on a distributed ledger), lower costs of transactions, interoperability with other applications, and no requirement for permission from a central authority. There are no free lunches. Vulnerability to criminal activities is striking.</p>.<p>The embedded risks unfold when mechanics are decrypted. DeFi works through self-executing smart contracts, which are vulnerable to hacking by criminals and terrorists. It is governed through decentralised autonomous organisations (DAOs) – the group of people who participate in its governance and decision-making by virtue of their ownership of project tokens. Such a governance structure leads to regulatory uncertainty and a lack of accountability.</p>.<p>The borderlessness of DeFi and the anonymity of the participants make it challenging to recover funds stolen through cyberattacks. The tracking of transactions from unverified DeFi wallets is difficult. The illicit actors can mask their tracks by using different blockchains, crypto-mixers, anonymity-enhancing tools, and by using different DeFi wallets each time. The recipient of funds does not know from whom he received the funds. It is also difficult to block user accounts that have received suspicious funds.</p>.<p>To understand the risks in DeFi arrangements and address the potential regulatory blind spots, several jurisdictions have made their risk assessments public. In its assessment in April 2023, the US Treasury held that a DeFi service is liable to comply with anti-money laundering and terror financing obligations as applicable to any financial institution, but acknowledged that a lack of understanding among DeFi participants could exacerbate this risk, especially in jurisdictions that do not or inadequately apply international standards to DeFi service providers.</p>.<p><strong>India’s assessment gaps</strong></p>.<p>A January 2025 joint report by the European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) points to significant risks of money laundering and terror financing in DeFi protocols, as the users can transact without being identified and verified. The recent National Risk Assessment of the UK (July 2025) also underlines the same factors and underscores the inherent vulnerabilities in DeFi protocols, specifically terrorist financing. A June 2025 report by the Financial Action Task Force (FATF) – the international standard-setting body for anti-money laundering and countering of terror financing – indicates that jurisdictions continue to struggle with identifying entities in DeFi and applying the FATF standards.</p>.<p>While some usefulness of the innovative and technological features of DeFi protocols is undeniable, the risks are obvious for a jurisdiction like India, which is under constant threat of terrorism. DeFi’s inclusivity benefits are no better than the ‘JAM’ trinity and the UPI, which have already brought financial services into the hands of the common man. The borderless nature of DeFi introduces malevolent challenges. Since banning DeFi does not seem to be an option, technology-driven, risk-based mitigation measures commensurate with the evolving DeFi ecosystem could offer a workable solution.</p>.<p>India’s last National Risk Assessment was carried out in 2022. While a sectoral assessment focused on DeFi, on the lines of other jurisdictions, could proffer actionable inputs for future strategy, its wider dissemination would sensitise the DeFi participants to the risks to national security.</p>.<p>In a 2023 Mutual Evaluation Report, FATF recommended that India should broaden access to its National Risk Assessment and consider releasing a public version. Considering that the cross-border risks from DeFi are real and affect every citizen, an updated assessment of the DeFi sector would help flesh out a strategy in collaboration with the industry participants. It is time to prevent DeFi from becoming a weapon of mass destruction, as Warren Buffett famously said of the collateralised debt obligations.</p>.<p><em>(Bajpai is a former chairman of LIC and SEBI; Praveen is a former financial advisor to CFATF, a regional body of FATF, and distinguished fellow, Pahle India Foundation; <br>Syndicate: The Billion Press)</em></p>
