The crypto industry has seen a significant shift toward regulatory compliance since its early days, according to James Smith, co-founder of Elliptic, a crypto compliance firm established in 2013.

“In the early days, only a few companies approached compliance in a serious way,” Smith told Cointelegraph at the Token2049 event. “Coinbase was our first customer — they knew from the start that they wanted to build their business that way. But for most others, it just wasn’t a major priority.”Elliptic co-founder James Smith at Token2049. Source: Cointelegraph

That began to shift as regulators, including those in New York State, took a more active interest in the crypto industry. The involvement of traditional financial institutions like Fidelity and DBS Bank also contributed, as they entered the space with established compliance expectations from traditional finance services.

Fidelity, for instance, offered its first crypto service for customers in 2019, while the Asian giant DBS created a digital exchange for accredited and institutional investors in 2020.

“We’ve seen a big change in the last couple of years. Exchanges on the global map all care about compliance now, because they want to be part of a global ecosystem,” Smith said.

Related: DeFi security and compliance must be improved to attract institutions

Compliance questions after Bybit hack

Crypto exchanges and peer-to-peer protocols remain the industry’s key compliance targets. For authorities, these firms are seen as critical choke points where Anti-Money Laundering and broader financial surveillance controls take effect. At the same time, they’re frequent candidates for sophisticated hacks and laundering operations, as seen in the Lazarus Group’s tactics.

The latest example comes from the Bybit hack, where the Lazarus Group engaged in a sophisticated money laundering scheme to funnel funds. The hackers quickly swapped low-liquidity tokens for Ether (ETH), then swapped them for Bitcoin (BTC) using no-KYC (Know Your Customer) decentralized exchanges.

“They went through some no KYC exchanges, which probably shouldn’t exist, but also through a decentralized protocol where there was lots of liquidity provision that enabled them to get it into Bitcoin,” Smith said, adding that “we’re making it too easy for them as an industry.”

Smith also noted that even after firms flagged the funds as stolen, users continued to trade them through decentralized platforms. “Why was there so much liquidity available to help launder this money?” he said, arguing that those providing liquidity to such protocols should be subject to basic checks on the source and destination of funds. “Go and look at who’s making money. And that’s the first place to start putting some controls.”

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis