2 hours ago
995
The BIS, famously known as the central bank of central banks, highlighted the need for appropriate safeguards as cryptoasset service providers have stopped being fringe aspects of global finance to become real financial intermediaries in its latest paper.Β
The post comes close to the end of an active month for DeFi hackers. Two of the biggest scandals to shake the DeFi space this year illustrate the contagion risk mentioned in the paper posted by the BIS.
BIS talks about the rapid evolution of cryptoasset service providers
The paper acknowledged how the capabilities of cryptoasset service providers have expanded beyond their initial roles as trading platforms and custodial service providers.
It presented a new classification, multifunction cryptoasset intermediaries (MCIs), in its expression of how some of the products these firms now offer closely resemble financial intermediation activities that used to be the exclusive domain of banks and prime brokers.
According to the paper, MCIs take on credit, liquidity, and maturity risk when they accept customer cryptoassets via investment programs and use those assets to fund lending, market making, and other activities.
This puts them virtually on the same level as traditional financial intermediaries. However, the paper suggests that despite this, in many jurisdictions, MCIs operate without prudential safeguards.
Meanwhile, these safeguards, like deposit insurance and central bank liquidity, apply to their traditional financial counterparts engaged in comparable risk transformation. This helps MCIs get away with things like opacity, which leads to significant data gaps.
The BIS also noted that now that TradFi and crypto are integrating, the risk of spillover effects has become more real.
To address these risks, the BIS proposed a tandem of entity-based (EB) and activity-based (AB) regulations, even though it admitted challenges that could make that route difficult.
Some of the challenges the organization mentioned in the paper were lags in coverage of borrowing and lending activities happening within existing cryptoasset regulatory frameworks, the need for effective cross-border supervisory cooperation, and limited supervisory resources.
The DeFi market has been through the wringer
There is no doubt that the DeFi sector has been wracked with some pretty scandalous exploits, as losses from this month alone have almost 4X the total for the first three months of the year.
The latest scandal, a great example of contagion risk, involved KelpDAO, where attackers exploited a vulnerability in the protocolβs verification layer.
This allowed them to mint about 116,500 rsETH out of thin air, which they then used to borrow ETH from major lending platforms like Aave. When markets realized the con, the value of rsETH collapsed, and lenders were left holding the bag.
About $292 million was drained as a result, and Aave, as well as other lending protocols, were forced to suspend operations to prevent a systemic run on their liquidity pools.
Hackers extracted about $285 million from the Drift exploit this month as well.
These scandals have shown that DeFi needs to rely on something other than code.
KelpDAO loot has crossed over to Bitcoin
According to security analysts at Halborn, the recent KelpDAO exploit has links to the Lazarus Group from North Korea. This was backed up by sleuths like ZachXBT and Tayvano on X, with Tayvano sharing in a tweet earlier today that the DPRK was involved and that the money has been completely laundered via Thorchain.
Her post came after it was revealed that the KelpDAO hackers took 1.5 days to swap nearly all of their 75,700 ETH holdings into BTC.
According to reports, most of this occurred on THORChain, which amounted to about roughly $910,000 in platform fee revenue, reminiscent of the notoriety that the platform gained in February 2025 when the same suspected group laundered the loot from the Bybit $1.5 billion hack through the same venue.
The smartest crypto minds already read our newsletter. Want in? Join them.
English (US)