1. Home
  2. RenBridge

RenBridge

Criminals more reliant on cross-chain bridges than ever after mixer crackdowns

The sanction of cryptocurrency mixer Tornado Cash in August caused the first major shift, but that is now accelerating even faster than projected.

Cybercriminals have accelerated their shift away from crypto mixers for cross-chain bridges over the past year, according to blockchain forensics firm Elliptic.

In June and July, nearly all of the crypto stolen was laundered through cross-chain bridges, Elliptic’s data shows a complete reversal from the first half of 2022.

In a Sept. 18 blog post, Elliptic explained the cross-chain crime trend is due to the “crime displacement” effect — where criminals move to a new method to carry out the illicit activity when the existing method gets over-policed. However, the shift to cross-chain bridges is rising ahead of their projections. 

Proportion of funds laundered between cryptocurrency mixers and cross-chain bridges between January 2022 and July 2023. Source: Elliptic.

Between July and September 2022, the ratio of laundered funds passing through mixers vs. cross-chain bridges flipped, corresponding to the U.S. Office of Foreign Asset Control’s sanctioning of Tornado Cash in August 2022, said the firm.

Elliptic said many cybercriminals, like the North Korean-backed Lazarus Group, flocked to the Avalanche bridge after the sanctions.

This same bridge was reportedly used recently by the Lazarus Group to facilitate some of the stolen funds in Stake’s $41 million exploit on Sept. 4, according to blockchain security firm CertiK.

Crypto mixers saw a small comeback between November 2022 and January 2023, due to the shutdown of RenBridge — which closed in December after its financer, Alameda Research collapsed from FTX’s bankruptcy.

Elliptic estimates that RenBridge facilitated $500 million in laundered funds throughout its operation.

However, shortly after, criminals have moved back to cross-chain bridges again, even more than before.

Related: 3 steps crypto investors can take to avoid hacks by the Lazarus Group

Elliptic said that criminals may be preferring cross-chain bridges as it is difficult for blockchain forensic firms to track illicit activity across chains in a scalable manner.

“Criminals are aware that legacy blockchain analytics solutions do not have the means to trace illicit blockchain activity across blockchains or tokens in a programmatic or scalable manner.”

In addition, many of these stolen tokens are only exchangeable through cross-chain bridges, while most of these DeFi services do not require identity verification to use, Elliptic explained.

The firm estimates that $4 billion in illicit or high-risk cryptocurrencies have been laundered through cross-chain bridges since 2020.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Cardano Primed To Continue Surging As Whales and Institutions Accumulate ADA, Says Crypto Analyst

Cross-chain bridge RenBridge laundered $540M in hacking proceeds: Elliptic

The blockchain forensics firm said cross-chain bridges provide an "unregulated alternative" to exchanges for transferring value between blockchains.

Cross-chain bridges have been the target of more than a few hacks this year, but new data from blockchain analytics provider Elliptic alleges one has been used to launder over half a billion dollars in ill-gotten crypto assets. 

According to an Aug. 10 report, crypto bridge RenBridge has facilitated the laundering of at least $540 million in proceeds of crime since 2020 through a process known as chain hopping — converting one form of cryptocurrency into another and moving it across multiple blockchains.

Elliptic said that decentralized cross-chain bridges provide “an unregulated alternative to exchanges for transferring value between blockchains.”

Rogue states and hacker groups

For the most part, cross-chain bridges or blockchain bridges are used for legitimate purposes, enabling users to move cryptocurrencies seamlessly across blockchain networks.

Users typically deposit their tokens from one chain to the bridge protocol, which is locked into a contract, then the user is issued the equivalent of a parallel token in another chain.

However, Elliptic noted these bridges have also been used by ransomware gangs, exploiters, and hackers to launder proceeds of crime, with RenBridge accounting for at least $540 million of laundered proceeds since 2020. 

Most recently, at least $2.4 million in crypto assets stolen during the Nomad hack on Aug 2 went through the cross-chain bridge, according to the firm.

Elliptic also noted that assets from decentralized finance (DeFi) services worth at least $267.2 million have been laundered using RenBridge in the last two years, while a portion of the $80 million stolen from Liquid Global exchange last year, allegedly by North Korea, has passed through RenBridge.

The Conti ransomware group, which famously attacked the Costa Rican government back in June, has also laundered over $53 million through RenBridge so far.

Authorities concerned

Elliptic noted that blockchain bridges such as RenBridge poses a challenge to authorities trying to clamp down on individuals and groups using the emerging technology for illicit activities.

"Blockchain bridges such as RenBridge pose a challenge to regulators since there is no central service provider that facilitates these cross-chain transactions," it said. 

Related: Is there a secure future for cross-chain bridges?

In a Jun. 30 status report from the Financial Action Task Force (FATF), the intergovernmental organization highlighted increasing risks associated with "chain hopping," particularly in the DeFi space:

“The rapid growth and evolution of the Defi sector is a cause for concern as it could cause risks to accelerate and proliferate.”

Cardano Primed To Continue Surging As Whales and Institutions Accumulate ADA, Says Crypto Analyst