The Risks and Regulatory Pathways of Decentralized Finance in Blockchain

Author: Deng Jianpeng (Professor at the School of Law, Central University of Finance and Economics, Doctoral Supervisor, Director of the Financial Technology Legal Research Center), Zhang Xiaming; Source: “World Social Sciences”, Issue 5, 2025.

Summary

Based on smart contracts, Ethereum has pioneeringly built a new paradigm of decentralized finance on the blockchain. However, decentralized finance harbors various risks, impacting traditional financial regulatory mechanisms and giving rise to numerous legal issues, posing challenges to financial legislation and regulation. The U.S. government's sanctions against the decentralized finance application Tornado Cash mark a watershed moment for financial regulation of decentralized finance, triggering significant legal controversies. Subsequently, the court's rejection of the sanctions also had far-reaching effects. The mainstream regulatory models for decentralized finance include suppressive and responsive types. Under the responsive model, the sanctions against Tornado Cash have sparked controversies over exceeding authority, violating due process, and disproportionate penalties, while also raising market concerns about the fragility of decentralized finance. China should timely change its regulatory approach to decentralized finance applications, penetrate the “veil” of decentralized finance, and optimize the responsive regulatory model. On this basis, it is essential to clarify the attributes of key infrastructures such as smart contracts and establish standards; strengthen the regulation of nodes, using centralized nodes such as stablecoins as effective leverage for decentralized finance regulation; regulate decentralized finance from the perspective of anti-money laundering, reasonably determining the legal nature of relevant actions by smart contract protocol developers; focus on balancing privacy protection and financial security; enhance extraterritorial jurisdiction and law enforcement capabilities to fully address the potential negative impacts of decentralized finance, and improve China's comprehensive capabilities in developing financial technology and digital finance.

1. Introduction: The Shift of Financial Paradigm and Regulatory Dilemma in the Digital Wave

We are at a historical juncture where digital technology is profoundly reshaping the global financial landscape. Cryptocurrency assets, built on a blockchain infrastructure—from Bitcoin, the pioneer of value storage, to stablecoins that attempt to anchor real value, and to non-fungible tokens that represent the assetization of everything—along with the vast financial innovation ecosystem derived from them, are emerging and iterating at an unprecedented speed. In this wave, decentralized finance (DeFi) is undoubtedly the most disruptive and cutting-edge representative. It aims to utilize smart contracts and distributed networks to construct a global, open, and transparent financial operating system that does not rely on traditional centralized intermediaries such as banks, brokerages, and insurance companies. This “financial Lego” revolution not only challenges the financial intermediary model that has developed over centuries but also brings profound impacts on the financial technology legislation, regulatory frameworks, and judicial practices of countries around the world.

However, compared to the rapid development of DeFi globally, the relevant research in the domestic academic community presents a complex situation. Existing studies on public blockchains (the most dynamic and challenging form of blockchain) in China mainly focus on regulatory governance of private cryptocurrencies, the qualification of crypto assets in judicial practice, cryptocurrency crimes from a criminal law perspective, and the legal risks arising from centralized trading platforms. However, in the more native DeFi field, systematic and comprehensive industry risk assessment and regulatory path research are still relatively weak. Although some scholars suggest strengthening industry self-governance, such as forming collaborative regulation in areas like user identity verification, anti-money laundering, and counter-terrorist financing, to compensate for current regulatory deficiencies, the feasibility of this suggestion in the highly anonymized and globalized DeFi practice is questionable. This research bias is not due to an intentional neglect of public blockchains by the academic community, but is largely influenced by the cautious policy environment in China regarding the cryptocurrency sector, which has shifted from risk warnings to “ban-like” regulations since 2017.

However, it must be clearly recognized that DeFi applications built on public chains are essentially global, borderless, and censorship-resistant. They will not cease to operate due to prohibitions from a single sovereign nation. Therefore, the study of legal regulation of DeFi not only has theoretical value in clarifying new legal relationships but also possesses a practical urgency in maintaining national financial security and strategic interests. The Central Financial Work Conference held in October 2023 elevated “accelerating the construction of a financial powerhouse” and “ensuring comprehensive coverage of financial regulation, bringing all financial activities under supervision” to an unprecedented strategic height. Against this backdrop, exploring how to effectively regulate this new financial activity, DeFi, is an inevitable requirement for safeguarding national financial security and stability, effectively preventing systemic financial risks, and protecting the legitimate rights and interests of a wide range of investors. It is also a practical demand for promoting the steady and far-reaching development of digital finance and financial technology in our country, maintaining the order of the financial market with strict and fair rule of law, and improving the modern financial regulatory system.

This article will focus on a landmark event - the United States' sanctions against the mixing protocol Tornado Cash and the subsequent legal proceedings. We use this as a prism and a case study to deeply analyze the intrinsic risks and external challenges of DeFi, systematically examining the applicability and limitations of existing financial regulatory theories in responding to such innovations. Based on this, we aim to provide forward-looking and feasible considerations for China's governance path in the digital finance era, in conjunction with the latest developments in global regulatory practices.

2. A Comprehensive Overview of DeFi Risks: Why Did Tornado Cash Become the Eye of the Storm?

1. The Connotation of DeFi: A Financial Paradigm Revolution Driven by Technology

To understand its risks, one must first clarify its essence. DeFi is not merely the online digitization of financial products; it is a completely new financial paradigm. It is built on the infrastructure of cryptographic assets and public chains that support smart contracts (such as Ethereum), providing a range of financial services like cryptocurrency trading, lending, insurance, derivatives, and asset management in an automated manner through a series of composable and interoperable smart contracts. Its core characteristic is “disintermediation” or “non-custodial,” which means that users always control their asset private keys and complete financial activities by interacting with code rather than centralized institutions.

This paradigm brings significant advantages: it greatly lowers the threshold for accessing financial services globally. Its distributed, self-sovereign, flat, open, transparent, and composable characteristics theoretically enhance financial operational efficiency, reduce service costs, optimize resource allocation, and accelerate the market transformation of blockchain technology innovation. As of June 2024, the “Total Locked Value” (TVL, which can be viewed as the scale of assets managed) of over 2,000 DeFi applications worldwide reached $105.85 billion, peaking at over $147.8 billion. It has become an innovative force that cannot be ignored, operating in parallel with and interconnected to the traditional financial system.

Tornado Cash (TC) is a key application in the vast DeFi ecosystem, focused on addressing a specific pain point—transaction privacy. Due to the completely public and verifiable ledger data of mainstream public chains like Bitcoin and Ethereum, the transaction history and balances of any address are transparent to the entire network, which undoubtedly exposes users' financial privacy. The mixer protocol has emerged in response, with TC being the largest and most representative among them. It is a decentralized, non-custodial smart contract protocol where users can deposit mainstream cryptocurrencies (such as ETH) into TC's smart contract “liquidity pool” and receive a credential (zero-knowledge proof). They can then withdraw an equivalent amount of funds using a brand new, unassociated address, effectively severing the on-chain link between the deposit address and the withdrawal address, thus achieving transaction path obfuscation and privacy protection. According to statistics, in the first half of 2024, the TC protocol received user deposits totaling $1.9 billion, a 50% increase compared to the entire year of 2023, indicating a strong market demand.

2. The Dual Risk Spectrum of DeFi: Intrinsic Governance Dilemmas and External Adverse Impact Shocks

Although DeFi portrays a beautiful vision of financial utopia, the risks it exposes in practice are equally complex and severe, which can be summarized into two levels: internal and external.

Internal Risks: The Governance Illusion and Power Concentration under “Code is Law”

In theory, DeFi projects are governed by decentralized autonomous organizations (DAOs), where all governance token holders vote collectively to achieve “code democracy.” However, reality is often harsh. The distribution of governance tokens is usually highly concentrated in the hands of founders, core teams, and venture capital firms from the early stages of the project. These “whale” investors effectively control the fate of the protocol. They can wield substantial voting power to push proposals that benefit themselves rather than what is most advantageous for the community, and even unilaterally change core protocol parameters. This makes DeFi governance prone to the path of “false democracy, true dictatorship,” where so-called community governance becomes a facade controlled by a few insiders, leading to serious agency problems and moral hazards.

External Risks: Systemic Risks and the Shadow of Criminal Tools

This is the most criticized aspect of DeFi by regulatory agencies, mainly reflected in:

1 Amplifiers of Money Laundering and Terrorism Financing Risks: The U.S. Treasury has repeatedly pointed out that DeFi is becoming a “cash machine” for crypto hackers and a “revolving door” for illegal funds. According to a report by blockchain data analysis firm Chainalysis, by 2022, DeFi protocols had become the largest recipients of illegal funds, accounting for 69% of the total funds transferred out of criminal addresses. Due to the lack of clear, regulated controlling entities (such as Virtual Asset Service Providers, VASP) in most DeFi protocols, they are often not directly subject to traditional anti-money laundering and counter-terrorism financing rules. Tools like TC, which enhance privacy, obscure the sources and destinations of funds through technical means, making it exceptionally difficult for law enforcement agencies to associate user identities, track transactions, collect evidence, and recover illicit funds, significantly enhancing the concealment of money laundering crimes and the urgency of their threat, posing a direct threat to national financial security.

2 Technical Risks and Smart Contract Vulnerabilities: Once a deployed smart contract on the blockchain has a code vulnerability, it may be exploited by hackers, leading to an instant theft of user assets. Due to the irreversibility of transactions, losses are often difficult to recover.

3 Transmission of Systemic Risk: The high degree of composability within the DeFi ecosystem is akin to a domino effect; a failure of a core protocol (such as a stablecoin de-pegging or the liquidation of a large lending protocol) may trigger a chain reaction throughout the entire ecosystem through liquidity locks and asset correlations.

3. The Typicality and Research Value of the Tornado Cash Case

This article takes the Tornado Cash sanction case as an entry point for studying DeFi regulation, based on its multiple typical significance:

1 Industry Benchmarking and Technical Representation: TC is the largest and most influential cryptocurrency mixer in the blockchain ecosystem, operating on 7 different blockchains and supporting mixing services for 10 mainstream cryptocurrencies, with the largest privacy asset pool. The zero-knowledge proof technology it employs represents the cutting edge of blockchain privacy protection.

2 Risk Focus: The TC case vividly demonstrates the most prominent external risk in DeFi—money laundering. Research shows that in the first half of 2022, 74.6% of the money laundering funds from blockchain security incidents flowed to TC, amounting to over 300,000 ETH. An investigation by the U.S. Treasury Department revealed that since its establishment, over $7 billion worth of illegal cryptocurrencies have been laundered through TC. This makes it an excellent case study for observing the conflict between DeFi risks and regulation.

3 Regulatory Innovation: In August 2022, the U.S. Department of the Treasury's Office of Foreign Assets Control imposed sanctions on TC, marking the first time a major government has directly sanctioned a “decentralized” smart contract protocol itself, breaking the myth of DeFi's “unregulatable” status and ushering in a new era of DeFi regulation. Subsequently, the court's partial dismissal of the sanctions sparked a global discussion on the boundaries of executive power, technological neutrality, and civil rights.

4 Academic Inspiration: This case forces legal research to go beyond surface-level analysis of DeFi and cannot simply apply regulatory strategies for consortium chains or centralized platforms to DeFi based on public chains. It requires scholars to delve deep into the technical core, understand the operational logic of core elements such as smart contracts, DAOs, and zero-knowledge proofs, thereby proposing more targeted and operational regulatory solutions.

3. The Clash of Regulatory Theories: Seeking Balance Between Suppression and Response

The rise of DeFi poses a structural challenge to the traditional regulatory system based on centralized financial models. Issues such as unclear regulatory subjects (who regulates whom?), the virtualization of regulatory objects (protocols have no physical entities), the failure of regulatory tools (code runs automatically on a global scale), and the lack of consumer protection mechanisms (who to turn to when problems arise?) are highlighted. At the theoretical level, two main modes of response have emerged.

Suppressive Regulatory Model: Power-Dominated Risk Isolation

This model aims to recognize the public interest as the ultimate goal, using the coercive administrative actions of the government as the primary means. In the field of blockchain finance, this often manifests as a strong intervention of public authority, implementing a “one-size-fits-all” ban through regulations, policies, or internal directives, and maintaining a high-pressure stance in law enforcement and judicial levels. Currently, our country adopts a model similar to this for DeFi and related cryptocurrency businesses. Its advantage lies in the ability to quickly isolate risks and prevent them from spreading to the traditional financial system. However, scholars have sharply pointed out that prohibitive regulation cannot effectively protect the legitimate property rights and interests of digital currency holders; instead, it may inhibit competition and innovation, while pushing more trading activities into underground gray areas, ultimately exacerbating the transformation of individual risks into collective and social risks. In practice, the firewall of this regulatory approach is not entirely effective, and when faced with the post-event compensation demands of dispersed investors, it may undermine the legitimacy of the prohibition mechanism.

Responsive regulatory model: flexible governance centered on collaborative adaptation

This model requires legal and financial regulation to actively adapt to the profound changes in technology and finance, acknowledging that in modern society, technological and financial innovations have led to a high degree of incompleteness in the legal system. It advocates for reforms and responses in the rule of law to fully stimulate the self-regulatory potential of different social systems, including the technology community. Scholars, after comparing the digital financial regulatory models of the EU and the US, point out that under the label of “smart regulation,” the US is gradually forming an adaptive and non-systematic regulatory model characterized by iteration, flexibility, risk sensitivity, and innovation-friendliness. This model not only better meets the regulatory needs of rapidly developing fintech but also aligns to some extent with the operational concept of “co-construction, co-governance, and shared benefits” advocated by DeFi. The US sanctions on TC, despite being harsh, are based on detailed investigations into protocol risks, capital flows, and relevant entities, reflecting a “proactive response” to the risks of the DeFi ecosystem rather than simple neglect or avoidance.

IV. A Comprehensive Analysis of the U.S. Sanctions on Tornado Cash: Practices, Reversals, and Deep Controversies

1. Sanctions “Combination Punch”: From Agreement Bans to Criminal Accountability

The United States has used its powerful financial governance tools to implement a step-by-step “combined punch” regulation against TC:

Phase One: Financial Sanctions at the Protocol Level (August 2022)

The Office of Foreign Assets Control (OFAC) under the U.S. Department of the Treasury has invoked the International Emergency Economic Powers Act (IEEPA) and other authorizations to include the tornado.cash website, 37 TC smart contract addresses (including at least 20 immutable contracts), and a donation address in the “Specially Designated Nationals List” (SDN List). This means that any U.S. citizen, permanent resident, or entity within the United States is prohibited from conducting any transactions with these designated “entities”; otherwise, their property and property rights in the U.S. will be frozen. The issuance of this order immediately triggered an earthquake in the industry: the open-source code hosting platform Github banned TC developer accounts; the Ethereum open-source incentive platform Gitcoin halted grants; the centralized stablecoin issuer Circle froze USDC assets in the sanctioned addresses; various node service providers (such as Infura, Alchemy) and decentralized application wallets (such as Metamask) also blocked related front-end interaction interfaces. The U.S. government has achieved substantial “encirclement” of decentralized protocols through the key “access points” of the sanctions agreement.

Phase Two: Criminal Justice Charges Against Natural Persons (August 2023)

One year after the protocol was sanctioned, the U.S. Department of Justice brought criminal charges against TC's two founders, Roman Storm and Roman Semenov, as well as core developer Alexey Pertsev, for conspiracy to commit money laundering, violating the IEEPA, and conspiring to operate an unlicensed money transfer business. In May 2024, Pertsev was the first to be sentenced to 5 years and 4 months in prison by a Dutch court (due to his arrest in the Netherlands). This case marks that the founders of DeFi protocols and core code developers are now within the reach of traditional criminal law, facing severe criminal risks.

2. Dramatic Turnaround: The Checks and Balances of Judicial Power over Executive Power

On November 26, 2024, the case took a significant turn. The Fifth Circuit Court of Appeals in the United States issued a ruling that partially overturned the Treasury Department's sanction decision against TC. The core logic of the court's ruling is:

Smart contracts are not “property”: The court believes that TC's smart contracts are immutable code programs deployed on a public chain, which cannot be owned, controlled, or modified by anyone, including their developers. Therefore, they do not fall under the definition of “property of foreign nationals or entities” as defined by IEEPA.

Incorrect identification of sanctions targets: Since smart contracts themselves are neither “property” nor “entities” in the legal sense, the inclusion of them as sanctions targets on the OFAC SDN list constitutes an over-interpretation of statutory authority and an overreach of jurisdiction.

Protecting Innovation and Freedom: This ruling emphasizes the importance of protecting privacy, innovation, and financial freedom in the blockchain space, clarifying the boundaries that administrative power should adhere to in the face of new technologies. It is seen as a significant judicial victory for open-source software and the cryptocurrency industry.

3. The Effectiveness of Regulation and the Deep Legal Controversies It Triggers

Effectiveness Analysis: Deterrence and Limitations Coexist

The sanctions have produced a strong “chilling effect” in the short term: the total locked value of TC dropped by about 12% within two days after the sanctions, and the price of its governance token TORN plummeted by about 40%; the global open-source community feels deeply threatened, and developers worry about being held accountable for their code. However, in the long run, the effectiveness of the sanctions is greatly diminished. Since core, immutable smart contracts cannot be shut down, users can still interact with the protocol by deploying their own nodes and other means. Blockchain data shows that after the sanctions, TC remains the most active mixer on Ethereum, with deposits in the first half of 2024 even experiencing significant growth against the trend, exposing the limitations of purely blocking completely decentralized protocols.

Four Major Core Legal Controversies:

1 Issues of Excessive Jurisdiction and Object Eligibility: The focal point of the dispute is whether OFAC has exceeded the authority granted by IEEPA. Critics (such as the cryptocurrency think tank Coin Center) argue that smart contract protocols and addresses themselves are not “individuals” or “entities” in the literal sense of IEEPA, and that developers are merely providing “pure software development services,” rather than engaging in “money transfer businesses.” Viewing uncontrollable code as a subject of sanctions lacks a legal basis. The ruling of the Fifth Circuit Court of Appeals supports this view.

2 Due process and infringement of fundamental rights: Sanctions imposed without adequate impact assessments and hearing procedures, which restrict the rights of American citizens to use a specific internet tool, are alleged to violate the due process clause of the Fifth Amendment of the U.S. Constitution. Meanwhile, the ban on privacy agreements is also questioned for infringing on the freedom of speech protected by the First Amendment of the Constitution (code as a form of expression) and the right to personal privacy.

3 Controversy of Subjective Intent in Criminal Conviction: The Department of Justice is facing significant legal challenges by prosecuting founders and developers for “conspiracy to launder money.” The core issue is how to prove that the technology developers have the subjective intent of “conspiracy”? If the developers aim to provide privacy protection technology and have no criminal intent contact with illegal users, does treating them as accomplices in money laundering violate the principle of consistency between subjective and objective elements in criminal law? This involves exploring the boundaries of the principle of technological neutrality.

4 Exposing the “Achilles' Heel” of the DeFi ecosystem: The sanctions case clearly reveals that DeFi is not a solidly decentralized entity. It heavily relies on a series of centralized or semi-centralized nodes, such as stablecoin issuers (Circle), front-end service providers (Infura), and code hosting platforms (Github). When public authority exerts pressure on these “choke points,” the usability of DeFi applications is severely impacted, providing a realistic lever for regulation and triggering profound reflections within the industry on reducing dependence on centralization.

4. A Summary of the Experience of American Regulation

1. Confirmed the regulatory nature of DeFi: Although it is difficult to eradicate completely decentralized core protocols, centralized nodes within its ecosystem can be effectively regulated.
2. The authority to formulate rules is the strategic high ground in future competition: through this case, the United States is essentially conducting a “stress test” of its DeFi regulatory model on a global scale, vying for the power to define and articulate rules in this field.
3. Responsive regulation must adhere to the spirit of the rule of law: even when actively responding to risks, any regulatory measures must be based on legal authority and follow due process. The discretionary power of administrative agencies cannot be expanded indefinitely, and judicial review is a necessary balancing mechanism. Over-regulation can stifle innovation, while insufficient regulation can enable risks; finding a balance between the two is an eternal theme.

V. Insights, Challenges, and Path Optimization for China: Building a Future-oriented Fintech Governance System

1. Theoretical Insights: Governance Wisdom from “Blockage” to “Unblocking”

Piercing the veil of “decentralization” to implement precise regulation

The TC case confirms that DeFi is not absolutely unregulated. Regulatory agencies should adhere to the principle of “substance over form,” penetrating the “decentralized” technological facade to identify and pinpoint the various centralized elements hidden behind it, including: identity elements (founders, core developers, whale users), organizational elements (core members of DAOs, codebase maintainers, node service providers), asset elements (key stablecoins), and activity elements (illegal financial activities on-chain). The U.S. Treasury Department has indirectly and effectively influenced the operation of the TC protocol by sanctioning developers, pressuring stablecoin issuers, and front-end service providers.

Optimize regulatory models, evolving towards inclusive and prudent “responsive regulation”

Our country should timely reflect on and optimize the current regulation approach that focuses on “blocking.” Any one-size-fits-all ban may be as inappropriate as trying to regulate cars with “horse laws”; it not only fails to address the problem but may also accelerate the lag of the law, weakening the legitimacy and effectiveness of regulation.

Conceptual Shift: Acknowledge the progressive nature of the technology and philosophy represented by DeFi, effectively separating the technology itself (neutral code) from illegal activities that utilize this technology. Standards and guidelines can be established to regulate the technological framework; illegal activities should be severely punished according to the law.

Enhance dialogue and collaboration: Regulators should actively communicate with developers, investors, and auditing institutions in the DeFi sector to understand their operating logic and real risks, while reserving flexible space for responsible innovation, under the premise of maintaining the bottom line of preventing systemic financial risks. The U.S. court's rejection of sanctions against TC is a correction of excessive administrative intervention, protecting the space for innovation and is worth learning from.

Adhere to the principle of rule of law: substantively, regulation must be conducted within legal authority, and smart contracts should not be arbitrarily interpreted as “entities” or “property.” Procedurally, the principle of due process must be followed to ensure the rights to information, participation, and remedy for the parties involved, ensuring the balance and appropriateness of regulatory measures, and strictly adhering to the principle of proportionality.

2. Special challenges and constraints faced by China due to its national conditions

However, the regulatory model of the United States cannot and must not be directly copied to China, as we face unique challenges:

1. Extraterritorial jurisdiction is limited: The core teams of DeFi are mostly based overseas, and the U.S. can hold them accountable through “long-arm jurisdiction,” while Chinese regulatory authorities find it difficult to effectively reach them.
2. The systemic advantages of “digital dollars”: The current lifeblood of DeFi—stablecoins (such as USDT and USDC)—are essentially an extension of the dollar system. China lacks digital currency tools with equivalent global influence for hedging and regulation.
3. Ambiguity in Legal Liability Determination: The legal status of DAOs is unclear, and the boundaries of civil and criminal liability for smart contract developers under current laws are extremely vague, which poses significant challenges for law enforcement and the judiciary.
4. The overall ability of global regulation needs to be improved: effective global regulation requires strong discourse power, advanced on-chain analysis technology, a well-established international law enforcement cooperation network, and a corresponding domestic regulatory framework. Our country still has a long way to go in building capabilities in these areas.

3. Path Optimization of China's Financial Regulation: Six Strategic Measures

Based on the above analysis, our country may consider taking the following gradual optimization path:

1 Clarify legal attributes and implement a standard-first strategy

Legal Qualification: It is urgent to clarify the legal attributes of core elements of DeFi such as smart contracts, DAOs, and stablecoins at the legislative level. For instance, immutable smart contracts, due to their uncontrollability, should not be classified as “property”; while variable contracts that can be controlled by specific entities may be regarded as property or legal acts.

Establish national standards: Led by the National Standardization Committee, in collaboration with industry experts, release documents such as the “Guidelines for the Operation of Key Financial Infrastructures of Smart Contracts”, to unify the programming specifications, security audit standards, privacy protection requirements, and dispute resolution mechanisms of smart contracts. Embed compliance elements into the code development phase to achieve flexible governance of “regulation through code”.

2 Control key nodes, using stablecoins as a strategic breakthrough

Stablecoin Qualitative Regulation: Stablecoins anchored to a single foreign currency are clearly categorized under the broad definition of “foreign currency securities” or foreign exchange assets, subject to existing foreign exchange management and anti-money laundering frameworks for regulation.

Developing a Renminbi stablecoin: Actively support the exploration of issuing compliant stablecoins pegged to offshore Renminbi or Hong Kong dollars in compliant jurisdictions (such as Hong Kong). This is not only a strategic measure to counter the hegemony of the “digital dollar”, but also serves as a means to monitor related DeFi activities and enhance our country's influence in the digital finance sector. The “Stablecoin Bill” passed in Hong Kong in 2025 has provided a regulatory framework that can be referenced.

3 Prioritize anti-money laundering, precisely define technical responsibilities

Using new legal authorization: The newly added protective jurisdiction clause in the amended Anti-Money Laundering Law of 2024 provides legal tools to regulate overseas DeFi money laundering activities that harm our financial interests.

Introducing regulatory technology: Connecting to public chains through side chains, Layer 2, and other technological means, deploying on-chain monitoring systems to mark and track high-risk addresses.

Precise distinction between crime and non-crime: this is the core key. For smart contract developers, it is essential to strictly distinguish between technology-neutral development behavior and conspiracy to commit a crime. If developers are pursuing technological innovation and have fulfilled their reasonable duty of care (such as third-party security audits, setting up user whitelists, etc.), and the technology has legitimate application scenarios, then criminal liability should be avoided. Conversely, if their actions clearly serve illegal purposes, they may be considered as aiding and abetting in criminal activities related to information networks or money laundering.

4 Seeking dynamic balance, taking into account privacy protection and financial security

Regulators must recognize that privacy is a fundamental right of citizens and that code development is a form of freedom of speech. In the fight against crime, we cannot stifle technological innovation that protects privacy. All regulatory measures should adhere to the principle of proportionality, ensuring that any infringement on individual rights is proportionate to the social public interest being pursued, avoiding excessive regulation that is akin to using a sledgehammer to crack a nut.

5 Enhance extraterritorial jurisdiction capabilities and actively participate in the formulation of international rules

Innovative Jurisdiction Theory: In legal theory, we should actively explore extraterritorial jurisdiction based on “real connection” and “legitimate interest,” such as using “place of tortious act,” “location of key service providers,” and “location of the victim” as connecting points.

Promote the construction of the extraterritorial application system of domestic laws: Improve the extraterritorial application mechanisms of financial laws, criminal laws, anti-money laundering laws, and other laws.

Strengthening international cooperation and rule guidance: Actively participate in the development of DeFi regulatory standards by international organizations such as the Financial Action Task Force (FATF), and promote the internationalization of our regulatory standards. A strong nation must be one that can export rules and provide international legal public goods.

6 Strengthen capacity building and cultivate a technology-driven regulatory team

Regulatory agencies must undergo digital transformation themselves, cultivate and introduce composite talents who are proficient in blockchain technology and familiar with financial laws, establish professional on-chain data analysis teams, transform passive responses into proactive warnings, and comprehensively enhance regulatory effectiveness for new financial formats such as DeFi.

6. Conclusion

The U.S. sanctions case against Tornado Cash is like a carefully orchestrated stress test, providing an excellent perspective for us to comprehensively examine the inherent risks and regulatory logic of decentralized finance (DeFi). This case clearly reveals that while DeFi brings efficiency and innovation, it also comes with significant governance flaws and risks of being used for illegal activities; it is not a lawless land. The “re-decentralization” nodes embedded in its ecosystem offer a realistic possibility for effective regulation. However, any regulatory action must adhere to the bottom line of the rule of law and balance multiple values such as security, innovation, and rights protection; otherwise, it will face questions about its legality and effectiveness.

The game occurring between the executive, judicial, and technical communities in the United States has long surpassed national borders. It is an important piece in the global struggle for the formulation of digital financial rules, where the United States leverages its financial power and technological influence. It also poses a potential challenge to the judicial sovereignty and financial security of other sovereign nations. Currently, major countries and regions around the world are actively exploring regulatory approaches to DeFi, especially in the context of the intensified global institutional competition following the 2025 U.S. Trump administration's clear embrace of crypto assets.

In this century of unprecedented changes, China cannot be absent. We must re-examine and optimize our regulatory path with a high degree of strategic vision and urgency. We should shift from a simple “prohibition-based” isolation to building a future-oriented intelligent regulatory system centered on “standard-first, node control, functional definition, balanced governance, and international cooperation.” Only in this way can we effectively prevent and resolve financial risks while seizing the historical opportunity for the development of digital finance, continuously improving modern financial regulatory theory, enriching China's financial policy practice, and ultimately occupying a favorable position in the upcoming new global blockchain financial landscape, laying a solid foundation of rules and strength for achieving the great goal of becoming a “financial powerhouse.” The road ahead is full of challenges, but proactive exploration is much more likely to win the future than passive response.