Treasury sanctions and $10B scams spur DeFi security push

Treasury sanctions and $10B scams spur DeFi security push

On June 23 the Treasury sanctioned nine people and 26 entities tied to Prince Group, proposed adding H‑Pay to Huione restrictions and industry launched OPSeC after $10B in scams.

On June 23 the U.S. Treasury sanctioned nine individuals and 26 entities linked to the Prince Group and proposed expanding Huione Group restrictions to include H‑Pay Service PLC and any successor entities. The actions followed investigative findings tying Southeast Asian scam networks to at least $10 billion in losses to U.S. victims in 2024. The industry announced a security coalition the same day.

The Treasury linked the targeted network to large‑scale investment fraud and money laundering. FinCEN identified Huione Group as a node used to launder proceeds from cyber heists and virtual currency investment scams. The administration’s 2026 National Money Laundering Risk Assessment also listed the digital asset sector as a risk area for illicit finance.

The DeFi Education Fund, together with Security Alliance (SEAL) and Asymmetric Research, launched OPSeC to raise operational security standards across protocols, signing infrastructure and developer practices. Organizers pledged a shared security resource hub, regular convenings of protocol and security teams, and briefings for lawmakers as federal crypto policy advances through Congress.

Industry and forensic reports point to a wave of high‑value DeFi losses in 2026 that shaped timing. In April nearly $630 million was reported drained across at least 27 protocol exploits. The largest was a $285 million loss at Drift Protocol after investigators concluded a six‑month social engineering campaign ended in a 12‑minute execution window following a governance migration that removed an emergency time lock. Forensics identified three intrusion vectors outside typical smart contract audits: a compromised code repository, a fake TestFlight application, and a developer tooling vulnerability that executed code when a repository was opened.

A separate $292 million breach at KelpDAO exploited a single‑verifier design in a LayerZero bridge by compromising RPC infrastructure and manipulating cross‑chain validation. TRM Labs estimated about $577 million in stolen funds through April 2026 were linked to North Korean actors, representing a large share of reported hack losses in that period.

Security firms including OpenZeppelin and SEAL assess that an increasing share of losses originate in operational layers around protocols rather than in on‑chain contract code alone. Those domains include multisig signing and governance, treasury management, incident response, DNS controls, DevOps infrastructure and identity and account controls. SEAL’s certification framework, launched in 2026, evaluates those areas through accredited auditors and records attestations on chain.

OPSeC’s organizers say the coalition intends to make operational standards legible to policymakers so those standards can inform regulation and industry practice. They described the group as an industry venue for publishing attestations, coordinating remediation, and educating lawmakers about security practices. Treasury officials indicated they will continue to pursue enforcement actions against illicit use of digital assets.

The arrival of AI in code auditing and attack discovery has provoked differing views inside the security community. Manuel Aráoz, co‑founder and former CTO of OpenZeppelin, described AI coding agents as ‘superhuman at finding vulnerabilities’ and advised exits from several major lending protocols. OpenZeppelin’s current leadership countered that AI can be deployed to assist defenders as well as attackers. Security professionals noted AI can accelerate attackers’ ability to find operational flaws while certification frameworks target practical risk vectors that audits can miss.

Articles by this author