Professional Documents
Culture Documents
2020 in review
This document has been wri2en by SCORECHAIN S.A. a company registered in Luxembourg. This content cannot be reproduced or sold.
Table of Contents
Analysis on Uniswap 7
Analysis on KyberNetwork/1Inch/SushiSwap 9
Conclusion 17
According to DeFi Pulse, the trade volume in DeFi projects started to surge conXnuously since
May 2020 with about $14.9 billion locked in the DeFi market at the end of the year, an increase of
nearly 1600% in 7 months! 1
Such an explosion in the popularity of DeFi drew more and more a2enXon from the regulators
and compliance officers, especially due to the fact that a number of scams happened over the
Xme.
Decentralized Exchanges (DEXs) is among the most popular Decentralized finance (DeFi)
applicaXons.
DeFi refers to all financial applicaXons that use blockchains and cryptocurrencies to disrupt the
financial intermediaries and make finance more accessible to everyone, which also include yield
farming, lending plaeorms, stablecoins, wrapped coins and predicXon markets. Most of them are
running on the Ethereum network.
DEX can be defined as a blockchain-based peer-to-peer (P2P) online service that allows users to
make direct cryptocurrency transacXons with each other. Unlike a centralized exchange, a DEX
doesn’t idenXfy its users and it doesn’t store their funds. It does not act as an intermediary but
rather as a protocol that enables transacXons. All data are registered in the distributed ledger and
the DEX provides the service to match the needs of buying and selling of the parXcipants.
1 h2ps://defipulse.com/
The rapid growth of DEX has drawn a lot of a2enXon in terms of Money Laundering &
Terrorism Financing (ML/TF) and raised many controversies.
This increasing use puts DeFi under the radar of regulators and governments. They start to
consider this new pracXce as a ‘haven' for criminal acXvity since most of the plaeorms which allow
this kind of pracXce lack Know-Your-Customer (KYC) or AnX-Money Laundering (AML) procedures.
Besides, they are barely under the scope of the exisXng and sXll under construcXon regulaXon.
As one of the most popular DeFi applicaXons, DEX is inevitably involved in the debates that DeFi
raises in terms of ML/TF. Like other DeFi plaeorms, the lack of KYC procedure in DEX facilitates the
users to trade. Simply generate a new wallet in-app and they can start trading right away. On the
other hand, it could raise the concern with regards to the risk of ML/TF.
Why is there a lack of AML/KYC procedures for DEXs? As menXoned above, DEXs are not
controlled by a central authority and are established on blockchains, so it may not be easy to
determine if they are related to a specific jurisdicXon or regulaXon. Technically, a DEX is not able
to perform AML/KYC procedures since they can’t access users’ funds (so for instance they can’t
freeze or verify the funds).
At the moment, it is not clear if DEXs are subject to AML/CTF regulaXons, they are for now in a
gray area of regulaXon. Some argue that since DEXs are decentralized they should not be
regulated while others are in favor of a legal framework for DEXs. DEXs are thus seen as very risky
in terms of ML/FT by regulators since they are not subject to a legal framework.
Is DEX really a “haven” widely used by criminals to launder money or to finance terrorism?
To give a state of the ML/TF through Decentralized Exchanges, Scorechain team, the
Luxembourg-based leading Risk-AML company for cryptocurrencies, has launched an analysis of
the 5 most traded cryptos on top 4 DEXs in 2020.
The data refer to the reference period from January 1st to December 1st 2020.
Below is the table for these DEX plaeorms’ monthly trading volume dominance last year
The graph below shows the monthly trading volume dominance in 2020.
We can see that during the first half of the year, KyberNetwork dominated the trading volume,
especially in January with a percentage of 77.8%. From July, Uniswap stole the limelight with the
highest dominance of 82.13% in November 2020.
Among all 4 plaeorms, Uniswap has the highest number of transacXons for the 5 coins.
Before checking the detailed results on this plaeorm, let’s define firstly what the “bad coins” are in
this research. The “bad coins” here include coins coming from or going to:
• Exchange with low score;
• Scam;
• Community reported scam;
• Mixing service;
• Hack;
• Suspicious.
To summarise the percentage of the “bad coins” on Uniswap plaeorm in the table below:
Uniswap
Incoming funds (%) Outgoing funds (%)
DAI 10.76 11.30
ETH 0.02 0.03
USDC 1.33 0.64
USDT 2.34 1.78
WBTC 0.09 1.86
Overall, the proporXon of “bad coins” on Uniswap are between 0.02% and 2.34%, unless for DAI
of which the percentage reached around 11%, especially for “Hack” (10.43% for incoming and
11.09% for outgoing).
The analysis has been performed with the same approach on 3 other plaeorms:
KyberNetwork, 1Inch and SushiSwap.
The table below summarised the percentage of the “bad coins” on KyberNetwork. We can see
that the proporXon of “bad coins” on KyberNetwork is less than 1% for both incoming and
outgoing cryptos.
KyberNetwork
Incoming funds (%) Outgoing funds (%)
DAI 0.92 0. 003
ETH 0. 003 0.90
USDC 0.18 0.0008
USDT 0.13 0.08
WBTC 0.08 0.03
On 1Inch, we can see the proporXon of “bad coins” is less than 1% for both incoming and
outgoing cryptos, unless for outgoing ETH with a bit higher percentage (1.062%). The table below
shows the details.
1Inch
Incoming funds (%) Outgoing funds (%)
DAI 0. 039 0.19
ETH 0.64 1.062
USDC 0.25 0.24
USDT 0.47 0.12
WBTC 0.42 0.17
On SushiSwap, we can see the proporXon of “bad coins” is far lower than on other
plaeorms: between 0.007% and 0.45%, especially without any hacked USDT nor hacked WBTC.
The table below shows the details.
SushiSwap
Incoming funds (%) Outgoing funds (%)
DAI 0. 0627 97
ETH 0.45 0.14
USDC 0.02 0.04
USDT 0. 007 0.03
WBTC 0.12 0.45
Taking into account all 5 coins, below is the distribuXon of high/medium/low scores of the
funds going through each DEX plaeorm during the year.
The raXo of coins with bad scores is much higher than the previous analysis for each DEX.
At first glance, it seems that it is contrary to the result of the analysis on each DEX plaeorm.
Actually, this is because the previous analysis only counted the riskiest coins: Exchange with low
score, Scam, Community reported scam, Mixing service, Hack and Suspicious. However, the pie
charts here considered not only the elements menXoned above, but also the numerous
transacXons performed between DEXs while most of them have a low score in the Scorechain risk
scoring system.
For example, 36.32% of funds on Uniswap going through DEX with bad scores (out of 40.8% funds
with bad score), 55.58% on Kybernetwork (out of 55.8%), 57.40% on 1inch (out of 57.6%) and
47.83% on SushiSwap (out of 47.9%). Therefore, if this part is deducted from the total bad coins
percentage, the result is coherent with the previous analysis.
As the first crypto AML provider to read through DEX transacXons to prevent money laundering
and terrorism financing (ML/TF), Scorechain provides the soluXon to this issue with its Ethereum
AnalyXcs Plaeorm.
Kucoin Hack
On Scorechain Ethereum AnalyXcs Plaeorm, the users can follow the assets even if they are
swapped through a DEX. They can carry out a Risk-AML analysis on the provenance and
desXnaXon of one cryptocurrency converted to another through the DEXs.
In September 2020, Kucoin, the Singapore based crypto-exchange, was hacked with an esXmated
stolen amount of around $150 million (based on valuaXon at that date).
Like in each hacking incident, Scorechain reacted at the earliest by taking measures such as red-
flagging the hackers’ address and idenXfied it as a Hack type with the lowest Risk-AML Scoring. In
parXcular, Scorechain’s DEX trade reading feature plays an important role in the invesXgaXon of
the DEX transacXons that the hacker uXlized to launder the stolen funds.
The example below shows that the hackers swapped SNX tokens for Ether via Uniswap.
In this case, users can see on Scorechain Ethereum AnalyXcs Plaeorm that the transacXon
received a label of “Dex trade” and the risk indicator “Hack” was triggered.
The users can also check the risk score of the swapped transacXon as shown in the piechart
below.
Meanwhile, the risk indicators “Hack” and “Dex” have also been triggered on the address which
received these funds going through DEX.
The users can check the provenance of the funds and see that the risk score of the incoming funds
is 1 (the lowest and riskiest). The example below shows that 99.88% of the Ether in this address
came from the Kucoin Hack through DEX, meaning that the swap from SNX tokens to Ether via
Uniswap DEX doesn’t change the fact that the funds are tainted and their risk score is sXll the
lowest.
Besides, both the KYT (Know-Your-TransacXon) and KYA (Know-Your-Address) reports disclose the
informaXon to noXfy the compliance team.
Below is an example of the KYT report, showing that the funds went from Kucoin Hack and
they went to Uniswap DEX.
In the KYA report of the address receiving hacked funds, the compliance team can see that
99.88% of funds are from Kucoin Hack through Uniswap DEX.
The hacker’s a2empt to launder the money by swapping SNX tokens to Ether via DEX to avoid the
tracking is totally a failure in front of Scorechain’s powerful DEX trade reading feature. By tracking
DEX transacXons Scorechain proved hackers used DEX to launder the funds and converted the
jackpot.
With the Risk-AML alerts and risk indicators triggered, the compliance team using Scorechain are
able to pay more a2enXon to this kind of transacXons and the addresses that are involved with
these hacked funds. Having received these alerts, the compliance team can take appropriate
mesures accordingly, such as freezing funds or stopping any further trades with the owner of this
suspicious address. Furthermore, the compliance team in charge should file suspicious acXvity
reports (SARs) to the relevant authoriXes, report the idenXty of the address owner - in case they
have followed KYC rules (Know-Your-Customer) so they can open a case and invesXgate further by
associaXng an ID to a public Ethereum address.
In October 2020, the DeFi plaeorm Harvest Finance also suffered from an a2ack. By using a
large flash loan to perform an arbitrage a2ack, the a2acker drained around $25 million from the
plaeorm (based on valuaXon at that date) and swapped the funds for renBTC (rBTC).
Scorechain immediately flagged the address as hack with the lowest risk-AML scoring and
monitored closely the movements of the funds.
The DEX trade reading feature helps to track the swapped funds. Below is an example of a
transacXon which swapped the hacked funds for renBTC via the Curve.fi DEX plaeorm. The label
‘Hack’ beside the sender's name can draw immediately the compliance team’s a2enXon to this
risky transacXon.
The transacXon received a label of “Dex trade” and the risk indicators “Hack” was triggered.
As shown in the piechart below, although the swap via Curve.fi DEX plaeorm, the risk score of
the transacXon is sXll the lowest as it is hacked funds.
The users can also see that in the KYA report of the hacker’s address that the hacked funds
went through Curve.fi DEX plaeorm with “Hack” as the Type and “1” as the risk score.
In this use case, we can also see that the a2acker laundered the hacked funds by using the DEX.
However, the swap from one coin to another coin via DEX doesn’t change the fact that the hacked
funds are tainted and their risk score is sXll the lowest. Scorechain DEX trades reading feature
makes it possible for the compliance team to idenXfy and track these funds even if the funds go
through mulXple DEXs. In this way, the compliance team can promptly take appropriate measures
when the suspicious funds reach their plaeorms and thus have a be2er risk control.
DEX is used by criminals to launder money or to finance terrorism at a certain level, but not as
widely as exaggerated by some media.
However, the lack of KYC is sXll an innate “flaw” for DEX in terms of compliance. The regulators
start to look for a soluXon to put DEX under the scope of regulaXon. For example, the FATF
claimed to the G20 that jurisdicXons need to revise standards to implement AML/CTF miXgaXng
measures. Besides, the recent drax of the European Commission MiCa could ban EU ciXzens
access to DeFi projects if they do not comply with the proposed and very strong legal
requirements.
Furthermore, Scorechain Risk-AML soxware for cryptocurrency can provide Scoring & Red flags for
transacXons processed through decentralized exchanges to prevent money laundering and reduce
criminal acXvity through DeFi. Criminals should know now it is not a smart choice to launder
money through DEX as it is traceable.
Compliance and prevenXng measures for ML/TF in the cryptocurrency ecosystem is moving fast
that’s why it is of vital importance that companies have the right tools in place to keep up with all
the new developments.
contact@scorechain.com
www.scorechain.com