Treasury Got the Diagnosis Right. Now Let's Talk About the Cure.

On March 6, 2026, the Department of Treasury released its mandated report to Congress under the GENIUS Act — a sweeping assessment of innovative technologies that financial institutions can use to counter illicit finance involving digital assets. It covers AI, digital identity, blockchain analytics, APIs, and decentralized finance.

We read it carefully. As a company whose sole mission is stopping onchain crime before it happens, we have opinions. The short version: Treasury has correctly identified the problem. But the solutions it outlines still skew toward the tools of yesterday. Prevention is mentioned, but investigation remains the center of gravity. That has to change.

What follows is our reaction — what we celebrate, what we'd push further, and a set of concrete recommendations from the industry's front lines.

The Numbers Don't Lie — and Neither Does the Report

The report opens with a risk picture that matches what we see every day in our data. The scale of the threat is finally being stated plainly, at the federal level, in a document that will reach every bank examiner and compliance officer in the country.

• $5.8B lost to crypto investment scams in 2024 — up 47% year-over-year
• $2.8B stolen by DPRK cybercriminals in just 21 months
• $1.5B taken in a single DPRK heist in February 2025 — the largest in history

These aren't edge cases. They are the new normal. And the report is right that the pace of blockchain adoption — 3.8 billion monthly transactions as of early 2025, up 96% year-over-year — means the attack surface is expanding faster than legacy compliance tools can respond.

✅ We Agree: "Financial institutions harnessing responsible innovation will increase the security of the U.S. financial system, deter bad actors, and improve the ability of law enforcement and national security agencies to combat illicit finance." — We couldn't have written it better ourselves.

The Report's Most Important Sentence

Buried in the APIs section — not the lede, unfortunately — is the most important policy statement in the entire document:

APIs further facilitate pre-transaction risk assessments — improving the likelihood that illicit transfers can be intercepted before settlement. — U.S. Treasury, GENIUS Act Illicit Finance Innovation Report, March 2026

Before settlement. That phrase is the entire argument for the next generation of blockchain compliance infrastructure. And it deserves to be the organizing principle of the regulatory framework, not a footnote in Section 7.

The dominant paradigm in crypto compliance today — address attribution, transaction tracing, post-hoc SAR filing — is borrowed from traditional finance. It was designed for a world where transactions take days to settle and can be reversed. Blockchains settle in seconds. Transactions are irreversible. The window to act is measured in milliseconds, not business days. Yet the regulatory apparatus still centers on what happened, not on what's about to happen.

⚠️ Our Push: Pre-transaction interdiction should be the primary framework for digital asset compliance — not a supplementary tool. The report gestures at this but doesn't follow through. Every section should ask: "How do we stop this before it happens?" not just "How do we trace it after the fact?"

On Artificial Intelligence: Right Direction, Wrong Framing

The report's AI section accurately describes how financial institutions are using machine learning for transaction monitoring, SAR drafting, and customer risk scoring. That's all real. But the framing treats AI as a compliance efficiency tool — a way to do the same old things faster.

What the report underweights is AI's potential as a real-time threat intelligence engine. At Blockaid, our models are trained not just on transaction data but on the full behavioral signature of every known attack — the wallet interaction patterns that precede a drainer attack, the smart contract characteristics of a malicious dApp, the sequencing of addresses across a DPRK laundering operation. The difference between detecting an attack type you've seen before and one you haven't is the difference between a rules-based system and a genuine AI model.

The report acknowledges that "AI-powered models can be efficient at analyzing blockchain transaction patterns, simulating money laundering scenarios, and learning from and adapting to evolving criminal money laundering tactics." But it stops short of recognizing the bigger shift: AI models trained on adversarial intelligence — not just compliance data — are categorically different in their preventive capability.

✅ We Strongly Agree: Treasury's plan to work with NIST on AI risk management frameworks for financial institutions is exactly right. Regulatory clarity on how to evaluate and validate AI models will unlock investment by institutions that are currently waiting on the sidelines.

What We'd Add

Treasury should distinguish between compliance AI (automating existing processes) and security AI (proactively preventing novel threats). The latter requires different data, different model architectures, and a different evaluation standard. Regulators who conflate the two will get more efficient SAR filing — but they won't stop the next $1.5B heist.

On DPRK: The Threat the Report Describes Requires a Different Response

The report's treatment of North Korean cybercriminals is admirably direct. Treasury explicitly names the $1.5B Bybit hack, the nine-step laundering process DPRK actors use (mix, bridge, swap, consolidate, repeat), and the "persistent threat to DASPs around the globe."

But the recommended response centers on AML compliance programs, mixer reporting rules, and international sanctions coordination. These are tools designed to catch criminals who are already known. DPRK actors are not using known wallets. They are generating new ones, in real time, specifically to defeat address-based screening.

What stops DPRK-linked attacks is behavioral detection at the wallet and protocol layer — identifying the patterns of a social engineering campaign before a single dollar moves, flagging a smart contract deployment that matches the signature of a known attack vector, blocking a transaction that interacts with a newly-deployed malicious contract even before that contract appears on any watchlist.

⚠️ Our Push: OFAC sanctions lists are valuable but structurally reactive. For nation-state threats operating at the pace and sophistication of DPRK, the compliance window closes before a new address can be designated. Behavioral detection — not address screening — is the right last line of defense. The report should say so explicitly.

On DeFi: The Right Question, An Incomplete Answer

The DeFi section is the most politically careful part of the report, and understandably so. The question of which DeFi actors should bear AML obligations is genuinely hard — legally, technically, and philosophically. The report wisely punts to Congress on the definitional question, while noting that "technological capabilities of DeFi ecosystem participants could provide opportunities to use new types of information and tools to mitigate illicit finance."

We think this is the right instinct. Trying to force DeFi into the money-services-business framework will either fail (decentralized protocols have no operator to compel) or destroy the innovation. The better path is what the report hints at: using on-chain technology itself as the compliance layer.

Smart contracts can check credentials. Oracles can feed risk scores. Application-layer interfaces — wallets, front-ends, bridges — can screen transactions before routing them. The compliance function doesn't have to live in a compliance officer's spreadsheet; it can be embedded in the protocol itself.

✅ We Agree: The report's recommendation that Congress consider a "hold law" — a safe harbor to temporarily freeze suspicious digital assets during investigation — is genuinely novel and potentially powerful. But it only works if someone detects the suspicious activity in real time. Detection infrastructure must precede interdiction authority.

Our Recommendations to Treasury and Congress

We submitted to Treasury's RFC. We've thought about this deeply. Here is what we'd add to the report's own recommendations:

1. Establish a "pre-transaction" standard for digital asset compliance - FinCEN guidance should explicitly recognize and reward compliance programs that operate at the pre-signing layer — inside wallets, dApps, and protocol interfaces. Today's framework is built around post-transaction reporting. A new standard should incentivize institutions to intercept, not just report.
2. Fund a national threat intelligence sharing infrastructure for crypto security - The report calls for greater blockchain analytics sharing among institutions. We'd go further: Treasury and FinCEN should establish a structured threat feed — analogous to FS-ISAC for traditional finance — that distributes real-time indicators of compromise (IOCs) from security providers to financial institutions, with a clear safe harbor for acting on them.
3. Distinguish behavioral detection from address screening in regulatory guidance - OFAC sanctions screening and behavioral AI threat detection are both valuable but serve different functions. Regulatory guidance should treat them separately, with different evaluation criteria. Examiners should understand that a zero false-positive address screener and a high-recall behavioral anomaly detector are solving different problems.
4. Recognize wallet-layer security as a compliance control - Financial institutions are increasingly offering crypto wallets and custody products. Embedded wallet-layer security — real-time transaction simulation, dApp risk scoring, malicious contract detection — should be explicitly recognized in FinCEN's AML program guidance as a legitimate and creditable compliance control, not merely a product feature.
5. Create a DeFi security safe harbor for good-faith intervention - The report recommends a hold law for institutions. We'd extend the principle to protocol-layer actors: DeFi front-ends, wallets, and bridges that voluntarily block transactions matching known malicious patterns should receive explicit legal protection for doing so — even if a transaction was technically valid on-chain. Good-faith prevention should never create legal liability.
6. Enable real-time response: the power to pause Detection without the ability to act is insufficient. Regulators and protocol operators need legal clarity to take real-time containment measures when an attack is identified — including pausing smart contracts, freezing bridge activity, or halting token transfers during an active incident. The tools to do this exist today. What's missing is the regulatory and legal framework that authorizes their use. A safe harbor for good-faith, time-limited containment actions would be a meaningful step toward making crypto infrastructure genuinely resilient against the DPRK-caliber threats the report describes.

The Moment We've Been Building For

This report matters. Not because it solves the problem — it doesn't, and it doesn't claim to. But because it signals, at the highest levels of the U.S. government, that the crypto security problem is real, that innovative technology is the answer, and that the regulatory framework needs to evolve to support it.

We've spent the last two and a half years building infrastructure to make every onchain interaction secure by default. We've scanned billions of transactions, blocked tens of millions of attacks, and embedded our security into the wallets used by hundreds of millions of people. We know what works.

The future of crypto compliance isn't more reporting. It's prevention at the point of transaction — and the regulatory framework needs to catch up to that reality.

The GENIUS Act report is a starting gun, not a finish line. We're ready to work with Treasury, FinCEN, Congress, and our peers in the industry to build the next generation of standards. The technology is here. The threat is real. The moment to act is now.

About Blockaid

Blockaid is the onchain security platform trusted by the largest companies operating in Web3. Built by veterans of elite intelligence and cybersecurity units, Blockaid provides end-to-end protection for financial institutions, protocols, and end users — combining direct wallet and dApp integrations with real-time monitoring, detection, and response across smart contracts, infrastructure, and externally owned accounts. In 2024, Blockaid scanned over 2.4 billion transactions and blocked 71 million attacks. Blockaid is the security infrastructure behind Coinbase, MetaMask, Uniswap, Safe, and dozens of the most widely used platforms in the industry. Learn more at blockaid.io, and follow us on Twitter and LinkedIn.