SCORECHAIN

TRUST PROVIDER FOR CRYPTO MARKETS

State of Money Laundering & Terrorism Financing

through Decentralized Exchanges

2020 in review

This document has been wri2en by SCORECHAIN S.A. a company registered in Luxembourg. This content cannot be reproduced or sold.
 Table of Contents

Introduc>on to DEX: the most popular DeFi app 3

Ongoing debate on DEX in terms of ML/TF 4

Analysis of the most traded cryptos on Top 4 DEXs in 2020 5

Top 4 DEX Trading Volume Dominance 6

Analysis on Uniswap 7

Analysis on KyberNetwork/1Inch/SushiSwap 9

General Analysis of 4 DEXs 10

How to use Scorechain Blockchain PlaNorm to track transac>ons via DEX 11

Use case 1: Kucoin Hack 12

Use case 2: Harvest Finance Hack 15

Conclusion 17

State of ML/TF through DEX on 2020 - Scorechain analysis 2

 IntroducXon to DEX: the most popular DeFi app

According to DeFi Pulse, the trade volume in DeFi projects started to surge conXnuously since
May 2020 with about $14.9 billion locked in the DeFi market at the end of the year, an increase of
nearly 1600% in 7 months! 1

Such an explosion in the popularity of DeFi drew more and more a2enXon from the regulators
and compliance officers, especially due to the fact that a number of scams happened over the
Xme.

Decentralized Exchanges (DEXs) is among the most popular Decentralized finance (DeFi)
applicaXons.

DeFi refers to all financial applicaXons that use blockchains and cryptocurrencies to disrupt the
financial intermediaries and make finance more accessible to everyone, which also include yield
farming, lending plaeorms, stablecoins, wrapped coins and predicXon markets. Most of them are
running on the Ethereum network.

DEX can be defined as a blockchain-based peer-to-peer (P2P) online service that allows users to
make direct cryptocurrency transacXons with each other. Unlike a centralized exchange, a DEX
doesn’t idenXfy its users and it doesn’t store their funds. It does not act as an intermediary but
rather as a protocol that enables transacXons. All data are registered in the distributed ledger and
the DEX provides the service to match the needs of buying and selling of the parXcipants.

1 h2ps://defipulse.com/

State of ML/TF through DEX on 2020 - Scorechain analysis 3

 Ongoing debate on DEX in terms of ML/TF

The rapid growth of DEX has drawn a lot of a2enXon in terms of Money Laundering &
Terrorism Financing (ML/TF) and raised many controversies.

This increasing use puts DeFi under the radar of regulators and governments. They start to
consider this new pracXce as a ‘haven' for criminal acXvity since most of the plaeorms which allow
this kind of pracXce lack Know-Your-Customer (KYC) or AnX-Money Laundering (AML) procedures.
Besides, they are barely under the scope of the exisXng and sXll under construcXon regulaXon.

As one of the most popular DeFi applicaXons, DEX is inevitably involved in the debates that DeFi
raises in terms of ML/TF. Like other DeFi plaeorms, the lack of KYC procedure in DEX facilitates the
users to trade. Simply generate a new wallet in-app and they can start trading right away. On the
other hand, it could raise the concern with regards to the risk of ML/TF.

Why is there a lack of AML/KYC procedures for DEXs? As menXoned above, DEXs are not
controlled by a central authority and are established on blockchains, so it may not be easy to
determine if they are related to a specific jurisdicXon or regulaXon. Technically, a DEX is not able
to perform AML/KYC procedures since they can’t access users’ funds (so for instance they can’t
freeze or verify the funds).

At the moment, it is not clear if DEXs are subject to AML/CTF regulaXons, they are for now in a
gray area of regulaXon. Some argue that since DEXs are decentralized they should not be
regulated while others are in favor of a legal framework for DEXs. DEXs are thus seen as very risky
in terms of ML/FT by regulators since they are not subject to a legal framework.

Is DEX really a “haven” widely used by criminals to launder money or to finance terrorism?

State of ML/TF through DEX on 2020 - Scorechain analysis 4

 Analysis of the most traded cryptos on Top 4 DEXs
in 2020

To give a state of the ML/TF through Decentralized Exchanges, Scorechain team, the
Luxembourg-based leading Risk-AML company for cryptocurrencies, has launched an analysis of
the 5 most traded cryptos on top 4 DEXs in 2020.

The top 4 DEXs in 2020 analyzed are:

• 1inch
• KyberNetwork
• SushiSwap
• Uniswap

The 5 most traded cryptos chosen as the samples include:

• DAI
• ETH
• USDC
• USDT
• WBTC.

The data refer to the reference period from January 1st to December 1st 2020.

State of ML/TF through DEX on 2020 - Scorechain analysis 5

 Top 4 DEXs Trading Volume Dominance

Below is the table for these DEX plaeorms’ monthly trading volume dominance last year

KyberNetwork SushiSwap 1inch Uniswap

Jan 2020 77.80% 0% 22.20% 0%
Feb 2020 74.28% 0% 25.72% 0%
Mar 2020 70.65% 0% 29.35% 0%
Apr 2020 66.35% 0% 33.65% 0%
May 2020 59.33% 0% 38.33% 2.34%
June 2020 34.47% 0% 37.68% 27.85%
Jul 2020 20.31% 0% 29.18% 50.51%
Aug 2020 10.42% 0% 17.53% 72.06%
Sept 2020 2.61% 14.69% 8.79% 73.91%
Oct 2020 2.24% 5.53% 10.10% 82.13%
Nov 2020 4.85% 11.53% 5.02% 78.60%

The graph below shows the monthly trading volume dominance in 2020.

We can see that during the first half of the year, KyberNetwork dominated the trading volume,
especially in January with a percentage of 77.8%. From July, Uniswap stole the limelight with the
highest dominance of 82.13% in November 2020.

State of ML/TF through DEX on 2020 - Scorechain analysis 6

 Analysis on Uniswap

Among all 4 plaeorms, Uniswap has the highest number of transacXons for the 5 coins.

Uniswap KyberNetwork 1inch SushiSwap

DAI 269357 112777 53579 1615
ETH 9430119 809257 225735 180945
USDC 409750 64341 51012 1565
USDT 573012 55770 27578 1940
WBTC 63624 24563 9530 266

Our analysis will start with Uniswap then.

Before checking the detailed results on this plaeorm, let’s define firstly what the “bad coins” are in
this research. The “bad coins” here include coins coming from or going to:
• Exchange with low score;
• Scam;
• Community reported scam;
• Mixing service;
• Hack;
• Suspicious.

Now let’s take a look at the result on Uniswap:

• At the level of DAI

In the incoming and outgoing DAI on Uniswap, the “bad coins”, including Exchange with low
score, Scam, Community reported scam, Mixing service, Hack and Suspicious, represents
10.76% for incoming funds and 11.30% for outgoing funds.

State of ML/TF through DEX on 2020 - Scorechain analysis 7

 Analysis on Uniswap

• At the level of ETH

The proporXon of “bad coins” is 0.02% for incoming funds and 0.03% for outgoing funds, both
are very low.

• At the level of USDC

The “bad coins” represent 1.33% for incoming funds and 0.64% for outgoing funds.

• At the level of USDT

The proporXon of “bad coins” is 2.34% for incoming funds and 1.78% for outgoing funds.

• At the level of WBTC

The “bad coins” represent 0.09% for incoming funds and 1.86% for outgoing funds.

To summarise the percentage of the “bad coins” on Uniswap plaeorm in the table below:

Uniswap
Incoming funds (%) Outgoing funds (%)
DAI 10.76 11.30
ETH 0.02 0.03
USDC 1.33 0.64
USDT 2.34 1.78
WBTC 0.09 1.86

Overall, the proporXon of “bad coins” on Uniswap are between 0.02% and 2.34%, unless for DAI
of which the percentage reached around 11%, especially for “Hack” (10.43% for incoming and
11.09% for outgoing).

State of ML/TF through DEX on 2020 - Scorechain analysis 8

 Analysis on KyberNetwork, 1Inch and SushiSwap

The analysis has been performed with the same approach on 3 other plaeorms:
KyberNetwork, 1Inch and SushiSwap.
The table below summarised the percentage of the “bad coins” on KyberNetwork. We can see
that the proporXon of “bad coins” on KyberNetwork is less than 1% for both incoming and
outgoing cryptos.

KyberNetwork
Incoming funds (%) Outgoing funds (%)
DAI 0.92 0. 003
ETH 0. 003 0.90
USDC 0.18 0.0008
USDT 0.13 0.08
WBTC 0.08 0.03

On 1Inch, we can see the proporXon of “bad coins” is less than 1% for both incoming and
outgoing cryptos, unless for outgoing ETH with a bit higher percentage (1.062%). The table below
shows the details.

1Inch
Incoming funds (%) Outgoing funds (%)
DAI 0. 039 0.19
ETH 0.64 1.062
USDC 0.25 0.24
USDT 0.47 0.12
WBTC 0.42 0.17

On SushiSwap, we can see the proporXon of “bad coins” is far lower than on other
plaeorms: between 0.007% and 0.45%, especially without any hacked USDT nor hacked WBTC.
The table below shows the details.

SushiSwap
Incoming funds (%) Outgoing funds (%)
DAI 0. 0627 97
ETH 0.45 0.14
USDC 0.02 0.04
USDT 0. 007 0.03
WBTC 0.12 0.45

State of ML/TF through DEX on 2020 - Scorechain analysis 9

 General Analysis of 4 DEXs

Taking into account all 5 coins, below is the distribuXon of high/medium/low scores of the
funds going through each DEX plaeorm during the year.

The raXo of coins with bad scores is much higher than the previous analysis for each DEX.

At first glance, it seems that it is contrary to the result of the analysis on each DEX plaeorm.
Actually, this is because the previous analysis only counted the riskiest coins: Exchange with low
score, Scam, Community reported scam, Mixing service, Hack and Suspicious. However, the pie
charts here considered not only the elements menXoned above, but also the numerous
transacXons performed between DEXs while most of them have a low score in the Scorechain risk
scoring system.

For example, 36.32% of funds on Uniswap going through DEX with bad scores (out of 40.8% funds
with bad score), 55.58% on Kybernetwork (out of 55.8%), 57.40% on 1inch (out of 57.6%) and
47.83% on SushiSwap (out of 47.9%). Therefore, if this part is deducted from the total bad coins
percentage, the result is coherent with the previous analysis.

State of ML/TF through DEX on 2020 - Scorechain analysis 10

 How to use Scorechain Blockchain Plaeorm to track
transacXons via DEX
The analysis above may raise a few quesXons: how to deal with so many transacXons through
DEX? How to miXgate the risk they may bring to your business?

As the first crypto AML provider to read through DEX transacXons to prevent money laundering
and terrorism financing (ML/TF), Scorechain provides the soluXon to this issue with its Ethereum
AnalyXcs Plaeorm.

• Scorechain is able to provide AML/CTF for any DEX trades

Scorechain is able to deanonymize transacXons that are led through DEX to idenXfy source and
desXnaXon of funds passing through the plaeorms. By using Scorechain Ethereum AnalyXcs
Plaeorm, the users can follow the assets even if they are swapped through a DEX. They can carry
out a Risk-AML analysis on the provenance and desXnaXon of one cryptocurrency converted to
another through the DEXs. The figure below shows the origin of Paxos Gold (PAXG) in a wallet and
its risk score.

• Scorechain provides AML Risk-Scoring on swaps origin and des>na>on of funds 

Scorechain users can see the ‘Swap input’ as the iniXal cryptocurrencies used in the transacXon
and are able to idenXfy the origin of the cryptocurrency used. The same Risk-AML analysis can be
done for ‘Swap output’ as the converted cryptocurrencies received in return via the DEX. MulXple
DEX plaeorms are also spo2ed and analysed. Below is an example of the swap view of a
transacXon.

State of ML/TF through DEX on 2020 - Scorechain analysis 11

 Use Case 1: Kucoin Hack

How to use Scorechain Blockchain Plaeorm to track transacXons via DEX

Kucoin Hack

On Scorechain Ethereum AnalyXcs Plaeorm, the users can follow the assets even if they are
swapped through a DEX. They can carry out a Risk-AML analysis on the provenance and
desXnaXon of one cryptocurrency converted to another through the DEXs.

In September 2020, Kucoin, the Singapore based crypto-exchange, was hacked with an esXmated
stolen amount of around $150 million (based on valuaXon at that date).

Like in each hacking incident, Scorechain reacted at the earliest by taking measures such as red-
flagging the hackers’ address and idenXfied it as a Hack type with the lowest Risk-AML Scoring. In
parXcular, Scorechain’s DEX trade reading feature plays an important role in the invesXgaXon of
the DEX transacXons that the hacker uXlized to launder the stolen funds.

The example below shows that the hackers swapped SNX tokens for Ether via Uniswap.

In this case, users can see on Scorechain Ethereum AnalyXcs Plaeorm that the transacXon
received a label of “Dex trade” and the risk indicator “Hack” was triggered.

State of ML/TF through DEX on 2020 - Scorechain analysis 12

 Use Case 1: Kucoin Hack

How to use Scorechain Blockchain Plaeorm to track transacXons via DEX

Kucoin Hack (part 2)

The users can also check the risk score of the swapped transacXon as shown in the piechart
below.

Meanwhile, the risk indicators “Hack” and “Dex” have also been triggered on the address which
received these funds going through DEX.

The users can check the provenance of the funds and see that the risk score of the incoming funds
is 1 (the lowest and riskiest). The example below shows that 99.88% of the Ether in this address
came from the Kucoin Hack through DEX, meaning that the swap from SNX tokens to Ether via
Uniswap DEX doesn’t change the fact that the funds are tainted and their risk score is sXll the
lowest.

Besides, both the KYT (Know-Your-TransacXon) and KYA (Know-Your-Address) reports disclose the
informaXon to noXfy the compliance team.

State of ML/TF through DEX on 2020 - Scorechain analysis 13

 Use Case 1: Kucoin Hack

How to use Scorechain Blockchain Plaeorm to track transacXons via DEX

Kucoin Hack (part 3)

Below is an example of the KYT report, showing that the funds went from Kucoin Hack and
they went to Uniswap DEX.

In the KYA report of the address receiving hacked funds, the compliance team can see that
99.88% of funds are from Kucoin Hack through Uniswap DEX.

The hacker’s a2empt to launder the money by swapping SNX tokens to Ether via DEX to avoid the
tracking is totally a failure in front of Scorechain’s powerful DEX trade reading feature. By tracking
DEX transacXons Scorechain proved hackers used DEX to launder the funds and converted the
jackpot.

With the Risk-AML alerts and risk indicators triggered, the compliance team using Scorechain are
able to pay more a2enXon to this kind of transacXons and the addresses that are involved with
these hacked funds. Having received these alerts, the compliance team can take appropriate
mesures accordingly, such as freezing funds or stopping any further trades with the owner of this
suspicious address. Furthermore, the compliance team in charge should file suspicious acXvity
reports (SARs) to the relevant authoriXes, report the idenXty of the address owner - in case they
have followed KYC rules (Know-Your-Customer) so they can open a case and invesXgate further by
associaXng an ID to a public Ethereum address.

State of ML/TF through DEX on 2020 - Scorechain analysis 14

 Use Case 2: Harvest Finance Hack

How to use Scorechain Blockchain Plaeorm to track transacXons via DEX

Harvest Finance Hack

In October 2020, the DeFi plaeorm Harvest Finance also suffered from an a2ack. By using a
large flash loan to perform an arbitrage a2ack, the a2acker drained around $25 million from the
plaeorm (based on valuaXon at that date) and swapped the funds for renBTC (rBTC).

Scorechain immediately flagged the address as hack with the lowest risk-AML scoring and
monitored closely the movements of the funds.

The DEX trade reading feature helps to track the swapped funds. Below is an example of a
transacXon which swapped the hacked funds for renBTC via the Curve.fi DEX plaeorm. The label
‘Hack’ beside the sender's name can draw immediately the compliance team’s a2enXon to this
risky transacXon.

The transacXon received a label of “Dex trade” and the risk indicators “Hack” was triggered.

State of ML/TF through DEX on 2020 - Scorechain analysis 15

 Use Case 2: Harvest Finance Hack

How to use Scorechain Blockchain Plaeorm to track transacXons via DEX

Harvest Finance Hack (part 2)

As shown in the piechart below, although the swap via Curve.fi DEX plaeorm, the risk score of
the transacXon is sXll the lowest as it is hacked funds.

The users can also see that in the KYA report of the hacker’s address that the hacked funds
went through Curve.fi DEX plaeorm with “Hack” as the Type and “1” as the risk score.

In this use case, we can also see that the a2acker laundered the hacked funds by using the DEX.

However, the swap from one coin to another coin via DEX doesn’t change the fact that the hacked
funds are tainted and their risk score is sXll the lowest. Scorechain DEX trades reading feature
makes it possible for the compliance team to idenXfy and track these funds even if the funds go
through mulXple DEXs. In this way, the compliance team can promptly take appropriate measures
when the suspicious funds reach their plaeorms and thus have a be2er risk control.

State of ML/TF through DEX on 2020 - Scorechain analysis 16

 Conclusion

DEX is used by criminals to launder money or to finance terrorism at a certain level, but not as
widely as exaggerated by some media.

However, the lack of KYC is sXll an innate “flaw” for DEX in terms of compliance. The regulators
start to look for a soluXon to put DEX under the scope of regulaXon. For example, the FATF
claimed to the G20 that jurisdicXons need to revise standards to implement AML/CTF miXgaXng
measures. Besides, the recent drax of the European Commission MiCa could ban EU ciXzens
access to DeFi projects if they do not comply with the proposed and very strong legal
requirements.

Furthermore, Scorechain Risk-AML soxware for cryptocurrency can provide Scoring & Red flags for
transacXons processed through decentralized exchanges to prevent money laundering and reduce
criminal acXvity through DeFi. Criminals should know now it is not a smart choice to launder
money through DEX as it is traceable.

Compliance and prevenXng measures for ML/TF in the cryptocurrency ecosystem is moving fast
that’s why it is of vital importance that companies have the right tools in place to keep up with all
the new developments.

State of ML/TF through DEX on 2020 - Scorechain analysis 17

 About Scorechain

As a leader in cryptocurrency transacXon monitoring soxware for AML/CTF compliance,

Scorechain Blockchain AnalyXcs suite helps compliance teams in crypto firms to meet regulatory
requirements and to implement a risk-based approach by saving cost and Xme.
 
Scorechain AnalyXcs Suite covers Bitcoin including Lightning Network, Ethereum analyXcs with
standard ERC20 acXvity coverage and stablecoins, XRP Ledger, Litecoin, Bitcoin Cash, Dash and
Tezos. The soluXon provides the risk scoring for each crypto transacXon/address/wallet with
customisable parameters, which allows the users to idenXfy and manage the ML risks by
implemenXng their internal control policy. The real-Xme alert system gives the possibility of
ongoing transacXon monitoring and the reporXng system helps them to fulfil their reporXng
obligaXons for suspicious acXvity. Last but not the least, the feature ‘Risk indicators’ helps users
red flag suspicious acXviXes at the level of enXXes/transacXon behaviours and jurisdicXons with
more than 350 risk scenarios.

We can assist and guide you into your crypto compliance

journey

contact@scorechain.com

www.scorechain.com

State of ML/TF through DEX on 2020 - Scorechain analysis 18