Cross-chain bridges move digital assets across blockchains, circumventing a centralised entity that can track transactions.
Criminals in the crypto world often launder money by sending digital assets across blockchains to avoid a central service that can track and freeze transactions.
They use things called “cross-chain bridges” to do this, and the amounts of money involved are getting big. Elliptic, a blockchain analytics company, has found that since 2020, a cross-chain bridge called RenBridge has been used to wash at least $540 million in criminal crypto cash.
This amount includes $153 million in payments for ransomware. This means that hackers are using RenBridge when they break into corporate networks and demand money to get the data back. Elliptic says that RenBridge was “an important enabler” for ransomware gangs that had ties to Russia.
David Carlisle, vice president of policy and regulatory affairs at Elliptic, said that cross-chain bridges are “a little bit of a blessing and a little bit of a curse” right now. Like so many other popular crypto tools, they help the market grow by giving people more ways to pay and do business. Cross-chain bridges are especially important for the growth of decentralised finance, or DeFi, which is crypto’s alternative to the banking system.
On the other hand, “they’re pretty much unregulated, so they’re easy to hack and can be used in crimes like money laundering.” said Carlisle
Carlisle said that he thinks regulators will start focusing on bridges in the next six to twelve months, as governments continue to crack down on the worst parts of the crypto world.
On Monday, the Treasury Department put Tornado Cash on a list of services that should not be used. They say that since 2019, the service has been used to wash more than $7 billion worth of virtual currency. Carlisle said that what the Treasury’s Office of Foreign Assets Control did shows that U.S. regulators are ready to go after criminal behaviour in crypto.
Carlisle said, “One big question is whether bridges will be regulated, since they work a lot like cryptocurrency exchanges, which are already regulated.”
Cross-chain bridges were made so that users can send tokens from one chain to another. Darknodes, which are networks of thousands of anonymous validators, are used to move digital assets between chains. Because of this, they have become one of the best ways to hide crypto cash.
RenBridge quickly became a popular place to do this. Elliptic says that it has been used to wash money from theft, fraud, ransomware, and other illegal activities.
Elliptic said that it was likely North Korea that stole the other crypto assets that were laundered through RenBridge. The Conti cybercrime group also used the service to attack the Costa Rican government, which led to a national state of emergency. Elliptic’s research shows that Conti has used RenBridge to wash more than $53 million.
“Cross-chain bridges are a way to get around the rules that governments all over the world have worked hard to set up to stop crypto laundering,” said Tom Robinson, Elliptic’s chief scientist.
RenBridge is the place to go if you want to clean stolen money. Elliptic says that in the last two years, more than $267 million in stolen crypto assets from exchanges and DeFi services were washed through RenBridge. This included $33.8 million from the Japanese crypto exchange Liquid.
Attacks are most likely to happen on the bridges.
Blockchain security company CertiK has said before that bridges are easy targets for hackers when they hold assets worth hundreds of millions of dollars in escrow and operate across two or more blockchains. This gives hackers more ways to attack the bridges.
Last week, a bug caused a bridge called Nomad to lose almost $200 million in a terrible way. Within hours, the thieves started to wash the money through RenBridge. Elliptic says that $2.4 million worth of cryptocurrency that was stolen from Nomad has been sent through RenBridge so far.
“Ransomware gangs, scammers, and even hackers from North Korea are moving away from regulated crypto exchanges and toward a decentralised, unregulated alternative,” said Robinson.
RenBridge is an open protocol, which means that it doesn’t have a CEO or any other central leaders.