MakerDAO DAI

MakerDAO’s DAI stablecoin exemplifies the profound AML vulnerabilities inherent in decentralized finance, where billions in pseudonymously transacted value evade traditional oversight, posing acute challenges for US regulators amid escalating geopolitical tensions. As a cornerstone of DeFi with over $5 billion in circulation, DAI’s algorithmic overcollateralization—governed by MKR token holders without centralized KYC—enables seamless laundering of ransomware proceeds and sanctioned funds, as evidenced by post-FTX hack flows exceeding $450 million and annual illicit volumes topping $200 million. The absence of freeze mechanisms until the 2025 Sky rebrand underscores a critical regulatory arbitrage, flouting BSA requirements and the GENIUS Act’s mandates for licensing and compliance, while exposing RWA integrations to blacklisting risks. This case not only highlights DeFi’s “decentralization illusion” but demands hybrid solutions blending on-chain forensics with DAO accountability to safeguard global financial integrity against crypto-enabled crime.

MakerDAO’s DAI stablecoin, governed by MKR holders in a decentralized manner, has facilitated over $1 billion in suspected money laundering since 2022, primarily through DeFi protocols lacking centralized AML oversight. Criminals, including FTX hackers and ransomware operators, convert seized USDT/USDC into DAI via DEXes like Uniswap to evade OFAC freezes, then deposit as collateral in Maker CDPs to mint leveraged loans, repay with obfuscated funds, and abandon positions. This exploits DAI’s algorithmic stability and permissionless access, with annual illicit volumes hitting $200-500 million per Chainalysis estimates. The US, as the key jurisdiction, responded via the 2025 GENIUS Act mandating stablecoin licensing, reserves, and freezing capabilities. MakerDAO’s August 2025 Sky rebrand introduced USDS with compliance tools, addressing prior vulnerabilities but highlighting DeFi’s systemic AML gaps. No PEP involvement noted; focus remains on cybercriminals. On-chain analysis reveals clustered wallets processing billions pseudonymously, underscoring regulatory challenges for DAOs. Enforcement includes sanctions discussions and analytics-driven tracing, yet full remediation eludes due to decentralization. This case exemplifies stablecoin risks in US geopolitics and financial crime landscapes.

Countries Involved

United States (primary regulatory focus due to sanctions enforcement and stablecoin regulations), with global implications involving hackers from unknown jurisdictions, often linked to Eastern Europe or Asia-based ransomware groups. The US Treasury’s OFAC plays a central role in designating addresses, while platforms like FTX (pre-collapse) had US ties. Billions in DAI flow through international DeFi protocols, implicating EU nations under MiCA rules and jurisdictions like Singapore for exchange compliance. Criminals exploit US-based stablecoin peg for USD stability, routing funds via cross-chain bridges to evade US jurisdiction. This creates a web of cross-border challenges, as decentralized nature defies single-country enforcement. Ongoing GENIUS Act in the US (effective 2025) mandates global interoperability for freezing mechanisms, pressuring offshore entities.

Date Discovered / Reported

Key incidents reported from November 2022 (FTX hack), with patterns documented in Chainalysis 2023-2025 reports. OFAC sanctions on Tornado Cash in August 2022 prompted immediate DAI usage spikes, reported by Elliptic in Q4 2022. MakerDAO’s Sky rebrand and USDS freeze function announced August 2025, highlighting prior DAI criminal preference per DL News. Cumulative laundering trends surfaced in BIS Q4 2021 DeFi risks paper, updated through 2026 Galaxy Research on stablecoin yields. US enforcement peaked post-2024 election with Trump administration’s crypto task forces reporting in early 2025. Public disclosures via blockchain analytics firms like TRM Labs in mid-2025 quantified $500M+ annual DAI illicit volume.

Cryptocurrency Involved

DAI, MKR, USDC/USDT (swapped)

Type of Crime

Money laundering, sanctions evasion, ransomware proceeds integration. Hackers convert stolen centralized stablecoins to DAI to dodge freezes, deposit as collateral for leveraged loans, repay with clean funds post-mixing. Includes flash loan exploits, CDP undercollateralization evasion, and cross-chain obfuscation. Falls under AML/CTF violations per BSA, with DeFi-specific risks like impermanent loss masking. Not direct fraud by MakerDAO, but facilitation via permissionless access.

Entities Involved

MakerDAO (DAO/protocol), Sky Ecosystem (post-rebrand entity), hackers (e.g., FTX exploiters), ransomware groups (e.g., Conti, Lazarus-linked). Analytics firms: Chainalysis, Elliptic, TRM Labs tracking flows. Exchanges: Pre-collapse FTX, current Binance/Kraken delisting tainted DAI. No centralized custodian, but RWA providers like BlackRock (via tokenized treasuries) face indirect exposure. OFAC-designated Tornado Cash integrators.

PEP Involvement

No. No reported Politically Exposed Persons directly linked; patterns involve cybercriminals, nation-state actors (e.g., North Korea via Lazarus using DeFi), not PEPs. Enhanced due diligence absent in DeFi amplifies risks, but cases focus on hackers.

Laundering Techniques Used

Swap stolen USDC/USDT to DAI via DEXes (Uniswap), deposit into Maker CDPs as collateral, mint more DAI for loans at high LTV, repay with mixed funds, abandon undercollateralized vaults. Tornado Cash obfuscation pre-deposit, flash loans for atomic swaps, cross-chain to Polygon/Base. Leverage lending (Aave) on DAI for multiplication. No freeze function pre-2025 enabled persistence.

Estimated Value Laundered

Over $1B since 2022, with $450M FTX hack portion alone; Chainalysis estimates 10-15% of DeFi stablecoin illicit flows ($200-500M annually) via DAI. Cumulative $2-3B factoring ransomware ($1B+ bridged to DAI). Sky rebrand aims to curb by targeting $100B supply goal compliantly.

Transaction Analysis Summary

On-chain forensics show post-Tornado deposits spiking 300% in sanctioned addresses; FTX thief swapped $100M+ to DAI within hours, liquidated via Oasis auctions. 80% LTV loans repaid cleanly, leaving ETH collateral. TRM Labs clusters 5,000+ wallets with $800M flows. Peg stability aids USD conversion without slippage.

Regulatory/Enforcement Actions Taken

OFAC sanctions on Tornado integrators (2022), prompting MakerDAO emergency shutdown discussions. GENIUS Act (2025) mandates freezes for issuers; Sky adds USDS freeze function (Aug 2025). CFTC/SEC probes DeFi protocols; no direct MakerDAO fines yet, but RWA vaults under KYC pressure. USDC-style blacklists proposed.

Links to Reports / Sources

Case Title / Operation Name:

MakerDAO DAI DeFi

Country(s) Involved:

United States

Platform / Exchange Used:

Uniswap, Aave, Maker CDPs, Tornado Cash (pre-sanctions)

Cryptocurrency Involved:

DAI, MKR, USDC/USDT (swapped)

Volume Laundered (USD est.):

$1B+ since 2022 ($200-500M annually)

Wallet Addresses / TxIDs :

Clustered 5K+ wallets (e.g., FTX hacker clusters via TRM Labs); specific TxIDs in Chainalysis reports

Method of Laundering:

DEX swaps to DAI, CDP collateral deposits, leveraged loans, vault abandonment, cross-chain bridges

Source of Funds:

Ransomware (Conti/Lazarus), hacks (FTX $450M), sanctions evasion

Associated Shell Companies:

N/A

PEPs or Individuals Involved:

N/A

Law Enforcement / Regulatory Action:

OFAC sanctions, GENIUS Act licensing, Sky USDS freezes (2025)

Year of Occurrence:

2022-2026

Ongoing Case:

Ongoing

AML Network Risk Rating:

🔴 High Risk