Criminals more reliant on cross-chain bridges than ever after mixer crackdowns
The sanction of cryptocurrency mixer Tornado Cash in August caused the first major shift, which is accelerating even faster than projected.
Cybercriminals have accelerated their shift away from crypto mixers for cross-chain bridges over the past year, according to blockchain forensics firm Elliptic.
In June and July, nearly all of the crypto stolen was laundered through cross-chain bridges, with Elliptic’s data showing a complete reversal from the first half of 2022.
In a Sept. 18 blog post, Elliptic explained the cross-chain crime trend is due to the “crime displacement” effect, where criminals move to a new method to carry out the illicit activity when the existing method gets over-policed. However, the shift to cross-chain bridges is rising ahead of their projections.
Between July and September 2022, the ratio of laundered funds passing through mixers vs. cross-chain bridges flipped, corresponding to the United States Office of Foreign Asset Control’s sanctioning of Tornado Cash in August 2022, said the firm.
Elliptic said many cybercriminals, like the North Korean-backed Lazarus Group, flocked to the Avalanche bridge after the sanctions.
This same bridge was reportedly used recently by the Lazarus Group to facilitate some of the stolen funds in Stake’s $41 million exploit on Sept. 4, according to blockchain security firm CertiK.
Crypto mixers saw a small comeback between November 2022 and January 2023, due to the shutdown of RenBridge, which closed in December after its financer, Alameda Research, collapsed amid FTX’s bankruptcy.
Elliptic estimates that RenBridge facilitated $500 million in laundered funds throughout its operation.
However, shortly after, criminals returned to cross-chain bridges — even more than before.
Chain-hopping via bridges has become one of the most popular money laundering methods for illicit actors. That’s been a problem for crypto investigators — until now. Meet TRM Phoenix — automated cross-chain tracing through 12+ bridges & services: https://t.co/OziATjlO4P pic.twitter.com/7QsLthn180
— TRM Labs (@trmlabs) August 25, 2022
Related: 3 steps crypto investors can take to avoid hacks by the Lazarus Group
Elliptic said that criminals may be preferring cross-chain bridges as it is difficult for blockchain forensic firms to track illicit activity across chains in a scalable manner.
“Criminals are aware that legacy blockchain analytics solutions do not have the means to trace illicit blockchain activity across blockchains or tokens in a programmatic or scalable manner.”
In addition, many of these stolen tokens are only exchangeable through cross-chain bridges, while most of these DeFi services do not require identity verification to use, Elliptic explained.
The firm estimates that $4 billion in illicit or high-risk cryptocurrencies have been laundered through cross-chain bridges since 2020.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story