Back to Markets
Crypto▼ Bearish
US Treasury's $10B scam warning shows why crypto is racing to police itself
OPSeC's security pledge faces a test as DeFi exploits hit $630M in April and policymakers tighten rules after Treasury's $10B scam action.
Continue with
On June 23, the US Treasury sanctioned nine individuals and 26 entities tied to the Prince Group, a Southeast Asian scam network that cost Americans at least $10 billion in 2024. The same day, the DeFi Education Fund, Security Alliance (SEAL), and Asymmetric Research launched OPSeC, a coalition pledging to harden crypto protocols against the operational attacks that have drained hundreds of millions this year.
Treasury described digital asset investment fraud as one of the most common and lucrative schemes run by these operations. FinCEN called Huione Group a key node for laundering proceeds from cyber heists and virtual currency investment scams. The two actions converge on a single point: the infrastructure that enables DeFi exploits and the infrastructure that enables scam payouts are increasingly the same set of rails.
April 2026 made the argument for a coalition like OPSeC hard to ignore. Nearly $630 million drained across at least 27 reported DeFi exploits, led by the $285 million Drift Protocol hack and the $292 million KelpDAO breach. TRM Labs attributed roughly $577 million in stolen crypto through April to North Korean hackers, 76% of all global hack losses in that period. The Drift hack grew out of a six-month social engineering operation that took 12 minutes to execute. Attackers attended crypto conferences in person, built relationships with contributors, and manipulated Security Council members into pre-signing hidden authorizations. A zero-time-lock governance migration three days before the drain eliminated the last intervention window.
OpenZeppelin’s own analysis argues that recent losses increasingly originate in the operational layers around protocols: signing infrastructure, governance, cross-chain dependencies, and human controls. Code audits never reached those layers. SEAL’s certification framework, launched in 2026, evaluates whether a protocol can defend itself, detect incidents, and respond. It covers multisig operations, treasury management, incident response, DNS security, DevOps infrastructure, and identity controls. OPSeC’s policy function provides a venue for those standards to become legible to legislators rather than remain internal industry infrastructure.