Last week, I initiated a conversation about Decentralized Finance (DeFi) and raised questions about its potential future liability for money laundering.

I subsequently received this email from reader KT:

I work at a community bank. During a compliance training session for the board, a member asked how our AML program handled monitoring suspicious transactions via cryptocurrency. I responded, "We’re not," which led to the question, “Why not?" I then spent about 30 minutes explaining cryptocurrency and DeFi to several older, non-technical board members. At one point, I said, "the centralized in Decentralized—that’s us." I explained that the system is decentralized, meaning it doesn’t need a central authority - aka the banking system - aka us.

I’ve had that same conversation with some groups. It must be similar to how buggy makers reacted when they finally understood the potential of the automobile.

Some people can’t understand it, and others simply refuse to accept it. The next five years are going to be transformative for the banking industry.

So, when we discuss monitoring and investigating money laundering through DeFi, who does this really apply to? These transactions are beyond the reach and interest of traditional banking systems, so do bank and credit union AML professionals care?

Is this primarily a law enforcement matter? And what level of law enforcement - municipal, state, or federal?

While it's true that creating wallets and moving currencies, even swapping one currency for another, can be relatively anonymous activities, the problem for money launderers arises when they want to convert cryptocurrencies to traditional currencies. I can purchase a cheap phone, create a MetaMask wallet on it, and send and receive cryptocurrencies, all while remaining fairly anonymous. But how do I convert that Monero or Solana to cash? Off-ramping is where we break the anonymity.

Let’s examine some aspects of DeFi and how criminals manipulate them to launder illicit funds.

Smart contracts are pieces of code that automatically perform actions when certain conditions are met—like transferring money or executing a trade. They enable apps to operate without human intervention. Criminals can program smart contracts to quickly move illicit funds through dozens of transactions in minutes, obscuring the trail and making it difficult for anyone to track. Since these contracts don’t require questions or ID checks, they provide an easy way to layer funds and avoid oversight.

Cross-chain bridges allow people to transfer crypto between different blockchains—for example, from Ethereum to Binance Smart Chain. This is helpful for regular users, but for criminals, it’s a way to vanish. By “chain-hopping” from one blockchain to another, they make the transaction history much harder to trace. Law enforcement often struggles to follow the money when it’s spread across multiple chains. Billions have been laundered this way, taking advantage of the fact that most bridges aren’t regulated or monitored.

Unlike traditional crypto exchanges, decentralized exchanges (DEXs) allow users to swap coins directly with each other using smart contracts. Nobody verifies your identity, and no bank account is required. This enables criminals to quickly trade illicit coins for cleaner ones or divide them into smaller amounts across multiple trades. DEXs have become common tools in laundering schemes, used to mix, disguise, and convert stolen or illegal funds.

Mixers, also known as tumblers, accept coins from many users, pool them together, and then distribute different coins to each user. The goal is to detach the sender from the receiver. For criminals, this is an ideal tool. They can deposit stolen funds and receive clean coins that no longer have the same transaction history. Decentralized mixers—built on smart contracts—are especially dangerous because they’re difficult to shut down and are borderless. And even when the infrastructure is found, which government has the authority to shut them down?

Some crypto-crime resources I’ve found valuable:

Illicit Finance Risk Assessment of Decentralized Finance - U.S. Department of the Treasury. https://home.treasury.gov/system/files/136/DeFi-Risk-Full-Review.pdf

The State of Crypto Scams 2025 - Elliptic. https://www.elliptic.co/hubfs/The%20state%20of%20crypto%20scams%202025/The%20State%20of%20Crypto%20Scams%202025%20-%20Elliptic.pdf

Speaking of Crypto…

The GENIUS ACT has been signed into law by President Trump. "Guiding and Establishing National Innovation for U.S. Stablecoins” or GENIUS for short, establishes a regulatory framework for stablecoins and was passed by the House with 206 Republicans and 102 Democrats in support. The bill establishes a regulatory framework for stablecoins, enabling banks and other financial institutions to issue crypto assets backed by real U.S. dollars and Treasury bills. The GENIUS Act is viewed as a means to integrate digital currency into the mainstream financial system.

So what’s a "Stablecoin?

A stablecoin is a type of cryptocurrency specifically designed to maintain a stable value by pegging its price to an external reference, such as a fiat currency (like the U.S. dollar), a commodity (like gold), or another asset. This peg differentiates stablecoins from more volatile cryptocurrencies such as Bitcoin or Ether, whose values fluctuate significantly based on market supply and demand.

https://www.cbsnews.com/news/trump-signs-genius-act-crypto-bill/

For those in the Retail Market

Group-IB discusses a growing scam technique involving fake receipt generators, specifically MaisonReceipts, a subscription-based service that enables fraudsters to create counterfeit receipts from well-known brands. The service is marketed through various platforms, including social media, encrypted messaging, and Discord, and offers customizable receipts in multiple languages and currencies.

The authors highlight the use of fake receipts to “authenticate” stolen and counterfeit goods sold on secondary markets. However, I believe they will more likely be used to validate merchandise that was never purchased and then returned for a cash refund. For example, create a receipt for a DeWalt drill bought with cash at a big box hardware store. Then, go into the store, pick up the drill from the shelf, and head straight to the return counter. Show the receipt and receive your cash.

https://www.group-ib.com/blog/fake-receipts-generators/

feedback: matt @ threatswithoutborders.com

The News…

There are legions of personalities who claim to be “influential” within the fraud-fighting community. Most are not. But do you know who is? David Maimon. Dr. Maimon has been a leader in the fight against fraud and financial crime for years, and he has the scars to prove it. In this Forbes article, he explains how he was personally targeted for his efforts to reveal the rapid rise of check fraud. https://www.forbes.com/sites/davidmaimon/2025/07/16/what-to-do-if-you-become-the-victim-of-identity-theft/

McDonald's exposed the personal information of 64 million job applicants through an attack on its McHire employment system. Well, it wasn’t really an attack: “The fast-food giant didn’t have its information compromised as a result of sophisticated malware or a zero-day exploit. Instead, the hackers won the war with a simple guessing game. McHire, McDonald’s AI-powered hiring chatbot, was configured with the default credentials 123456/123456 to access the administration interface for McHire restaurant accounts. No MFA, no brute-force protection, nothing.” https://www.pymnts.com/cybersecurity/2025/mcdonalds-used-123456-as-corporate-password-exposed-64-million-data-files

Timeliness is essential in incident response efforts to reduce the impact of ransomware attacks. Acting quickly can prevent financial loss, damage to reputation, and legal issues. The Cisco Talos group discusses how earlier action in the attack cycle could have lessened or even stopped the harm entirely. https://blog.talosintelligence.com/talos-ir-ransomware-engagements-and-the-significance-of-timeliness-in-incident-response/

Here’s a new term for the lexicon: “Scanception.” Cyble highlights a widespread and ongoing phishing campaign that uses QR code-based delivery mechanisms to distribute credential-harvesting URLs. The attack begins with a phishing email containing a PDF lure that prompts recipients to scan an embedded QR code, effectively bypassing traditional email security and endpoint protection controls. The campaign has been active for quite some time, with over 600 unique phishing PDFs and emails identified in just three months, targeting organizations across more than 50 countries, mainly in the Technology, Healthcare, Manufacturing, and BFSI sectors. Can we settle the Quishing vs. QRishing debate once and for all and adopt "Scanception"? https://cyble.com/blog/scanception-a-qriosity-driven-phishing-campaign/

The 2025 Cybercrime Report from Huntress highlights that security awareness training is the most underfunded aspect of cybersecurity protection. Preach! https://www.huntress.com/blog/cybercrime-trends

Share Threats Without Borders

Cool Job

AML/Fraud Investigator (remote), LightSpark. https://www.lightspark.com/careers?ashby_jid=691267ca-65ca-418b-a79d-9d94046e0ec0

Head of Fraud Risk and Investor Protection, Vanguard. https://www.vanguardjobs.com/job/22224650/head-of-fraud-risk-investor-protection-malvern-pa/

Cool Tool

Blockchain investigation tool. (Free tier available) https://metasleuth.io/

DFIR

You can now get a custom color case for your Talino. Hey, it’s the little things that matter. https://sumuri.com/talino-color-cases/

Irrelevant

The Amish don’t need Claritin. Or any allergy medication. https://www.washingtonpost.com/health/2025/07/20/allergies-amish-hygiene-thesis/

Sign Off

I’m often asked why I haven’t moved into consulting and teaching full-time, and the answer is simple: I suck at marketing myself. I’ve tried, but I just can’t seem to get the hang of it. It makes me queasy and uncomfortable because I never want to be “that guy”. You know, the guy we all make fun of. Of course, that guy seems to be living the life I want to live!

So, I appreciate everyone who helps grow the newsletter because I’m not succeeding on my own.

Summer is fading fast, live it while we have it!

Matt

“SOLUTIONS START TO APPEAR ONCE YOU TAKE ACTION.”

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.

cybercrime aml cybersecurity osint financial fraud investigations cyficrime