Treasury $10B Scam Warning Spurs DeFi Self-Policing

On June 23 the U.S. Treasury announced sanctions on nine people and 26 entities tied to the Prince Group and proposed expanding a Huione Group designation to include H-Pay Service PLC and any successor entity. The agency linked the measures to Southeast Asia scam networks that federal officials say cost Americans at least $10 billion in 2024. The industry announced a separate security initiative the same day aimed at improving protocol operations.

FinCEN described Huione Group as a node for laundering proceeds from cyber heists and virtual currency investment scams. The Treasury’s 2026 National Money Laundering Risk Assessment flagged the digital asset sector and identified digital asset investment fraud as a frequent scheme in illicit finance.

A coalition called OPSeC, formed by the DeFi Education Fund with Security Alliance (SEAL) and Asymmetric Research, pledged to strengthen operational security across decentralized finance. Organizers outlined workstreams that include a shared security resource hub, regular convenings of protocol teams and security firms, and educational briefings for lawmakers as legislation advances in Congress.

Data on recent exploits helped shape the response. In April 2026 nearly $630 million was reported stolen across at least 27 DeFi exploits, with the largest losses tied to signer controls, bridge designs and infrastructure failures. The Drift Protocol suffered a $285 million drain that investigators traced to a six-month social engineering campaign. Forensics identified three intrusion vectors outside smart contract code: a cloned malicious repository used by a contributor, a fake TestFlight application, and a vulnerability in VSCode/Cursor that allowed arbitrary code execution when the repository was opened. A governance migration that removed a time lock three days before the attack eliminated the protocol’s last intervention window.

KelpDAO was hit for roughly $292 million after attackers compromised RPC infrastructure and manipulated a single-verifier LayerZero bridge to change cross-chain validation logic. Security firm TRM Labs estimated about $577 million in stolen crypto through April 2026 was attributable to North Korean-linked hackers, representing about 76% of global cryptocurrency hack losses in that period and concentrated in a small number of large attacks.

Security firms and auditors have reported that many recent losses originated in operational controls rather than in smart contract code alone. SEAL’s certification framework, launched in 2026, evaluates protocols across six domains: multisig operations, treasury management, incident response, DNS security, DevOps infrastructure and identity and account controls. Certification outcomes are recorded as on-chain attestations; organizers said those attestations are intended to make operational practices visible to investors and counterparties.

Views differ on the impact of artificial intelligence. Manuel Aráoz, co-founder and former CTO of OpenZeppelin, wrote that he considers “all of DeFi unsafe” and described AI coding agents as “superhuman at finding vulnerabilities,” advising some investors to exit major protocols. OpenZeppelin’s CEO, Demian Brener, rejected the exit thesis and presented AI as both an offensive and defensive tool, endorsing AI-augmented security work.

Treasury officials said they will continue to take steps against illicit abuse in the digital asset industry. OPSeC organizers said they aim to produce verifiable security improvements and clearer operational standards that can be presented to regulators and lawmakers while legislation is being drafted.