Decentralized crypto exchanges (DEXes) should be thankful that the victim of the largest heist in history was “just” a major crypto player and not a traditional finance giant with a huge cryptoasset portfolio. Otherwise, the regulatory and political crackdown on DEXes could have been much more severe in an attempt to prevent criminals from using these platforms.
However, it seems that the so-called DEXes—many of which still suffer from centralization—have bought more time to find a fix for a legal and moral conundrum.
The $1.4 billion Bybit hack this past February once again reminded us that some DEXes, when they want, can indeed prevent the movement of stolen cryptoassets—highlighting, ironically, their centralization. Separately, other DEXes, such as the HyperLiquid platform, were caught manipulating activity to protect themselves from financial losses while failing to stop money laundering.
Meanwhile, another self-branded decentralized platform, Meteora, is facing at least two lawsuits due to alleged memecoin-related manipulation. Additionally, the major centralized crypto exchange OKX was forced to temporarily shut down its DEX aggregator “to implement additional upgrades to prevent further misuse,” after being accused of helping the Bybit hackers.
At the same time, automatic crypto exchange eXch, which was also accused of aiding the Bybit hacker, said it will shut down on May 1st due to fear of being prosecuted for "money laundering and terrorism." However, the platform is said to have attempted to prevent hackers from exchanging assets by disabling some of the token swaps.
In theory, a truly decentralized exchange doesn’t require registration, especially not Know Your Customer (KYC) procedures, and is permissionless, meaning that anyone can use the platform and no one can stop you from doing so.
However, all the above cases demonstrate that while some DEXes promote themselves as registration-, KYC-, and compliance-free, they still have instruments to intervene, meaning that their permissionlessness depends on someone’s will.
Source: Coingecko.com, April 29
Who’s going to fix it?
As popular blockchain investigator ZachXBT concluded after trying to help Bybit track the stolen funds, several "decentralized" protocols had nearly 100% of their monthly trading volume and fees thanks to North Korean hackers laundering funds through them.
“This industry is unbelievably cooked when it comes to exploits/hacks, and sadly, I don’t know if the industry is going to fix this itself unless the government forcibly passes regulations that hurt our entire industry,” the investigator said.
However, while criticizing DEXes for refusing to take any accountability, ZachXBT emphasized that centralized exchanges end up being worse, as they’re slow to react and their KYC policies are “completely flawed and easily evadable.”
The ThorChain DEX probably received the most heat and stolen funds, as Bybit hackers laundered hundreds of millions of USD worth of assets through the platform. Some developers even celebrated this kind of volume as it increased the price of its native token, RUNE. However, ThorChain's pseudonymous core developer, Pluto, resigned after failing to convince others to properly address the money laundering issue. Initially, three ThorChain validators voted to exclude transactions stemming from the Bybit hack, but the vote was reversed within minutes, as it takes only four validators to override such a decision.
At the same time, the platform was reminded that it had managed to freeze “all legit people's money” back in January, when it prevented ThorFi, a decentralized finance platform, from allowing users to withdraw cryptoassets, and then was used to launder money stolen from Bybit several weeks later.
The largest and most decentralized DEXes, such as Uniswap, were also used to convert stolen funds, as happened with cryptoassets stolen after the LastPass breach.
“Better code”
As the crypto industry overflows with examples demonstrating that the decentralization of DEXes is still more marketing trick than true permissionless tech, developers are trying to find ways to balance decentralization, technological neutrality, and the ability to prevent criminals from exploiting these platforms.
Some argue this can be solved by writing “better code” that would improve blockchain monitoring, develop smart contract–powered prevention mechanisms, and strengthen decentralized governance.
Others, like Erik Voorhees—the founder of crypto exchange ShapeShift, which moved away from being a centralized entity and is a prominent supporter of ThorChain (which is integrated with ShapeShift)—argue against more regulation:
“[Governmental regulations] haven't helped… but maybe if we add more of them?”
Voorhees also notes that Ethereum nodes and Bitcoin miners have processed transactions sent by criminals.
“That’s how crypto works. Go catch the bad guys, it’s all on-chain and public,” he said.
However, some industry players argue that the majority of people—including cryptoasset users—don’t care about decentralization, which is the core value proposition of this technology.
“If people cared about decentralization, Binance and Tether wouldn’t be the biggest players,” Jeff Dorman, chief investment officer at digital asset investment firm Arca, concluded.
This prevailing sentiment opens the door for regulators to clamp down on DEXes, forcing them to implement stricter illicit fund prevention mechanisms—leaving decentralization-believing cypherpunks to fight this battle alone.
‘Can't’ vs ‘won’t’
In either case, both the industry and society may need to rethink their whole approach to decentralized tech and crime-fighting, as stricter DEX regulation might just be another attempt to “whack a mole.” DEXes are only one of the tools that criminals use to launder illicit money, alongside blockchain bridges, which help move tokens across different networks, and mixers, which help obfuscate cryptoasset transaction history.
As the prominent case of the Tornado Cash mixer showed, the platform kept operating even while sanctioned by the US government, and its core developers were arrested.
Ultimately, it seems the DEX industry has two main options going forward: build compliant platforms, sacrificing decentralization and censorship resistance, or develop neutral, unstoppable protocols from a technological perspective.
In his famous talk Bitcoin and Unstoppable Code: The Difference Between Can’t and Won’t, Bitcoin educator Andreas M. Antonopoulos argues that the concept of unstoppable code—and the distinction between “can’t” and “won’t”—becomes critical in the context of governance, moral relativism, and decentralized technologies.
This distinction is important because once systems can be governed, the inability to intervene may have legal implications, such as negligence. Antonopoulos advocates for unstoppable code, claiming that the majority of humanity will ultimately use such tools for good.
However, a criminal-minded minority would continue using, in this case, unstoppable DEXes, forcing governments to find more fundamental ways to fight crime.
Your email address will not be published. Required fields are markedmarked