At Least $540m Laundered Through RenBridge Defi Platform, Claims Study

August 11, 2022
Another blockchain bridge comes under fire for its alleged role in money laundering schemes, highlighting a growing vulnerability in the decentralised finance (defi) ecosystem.

Another blockchain bridge comes under fire for its alleged role in money laundering schemes, highlighting a growing vulnerability in the decentralised finance (defi) ecosystem.

A new study by Elliptic, a London-based blockchain analytics company, claims that a single blockchain bridge has been used to launder at least $540m in illicit funds since 2020.

Using its proprietary technology to analyse cross-chain transactions, Elliptic found evidence that RenBridge has been used to launder the proceeds of theft, fraud, ransomware and other criminal activities.

Over the past two years, Elliptic said it identified crypto-assets worth at least $276m that were stolen from crypto exchanges and defi platforms and then laundered through RenBridge.

This includes $34m stolen from Japanese crypto exchange Liquid in August 2021, as part of a $97m hack that is suspected to have been carried out by the North Korean state.

The study also notes that some of the stolen funds laundered through RenBridge appear to originate from other cross-chain bridges.

For example, in the immediate aftermath of this month’s Nomad bridge hack — covered here by VIXIO — Elliptic believes the thieves used RenBridge to launder $2.4m of stolen funds in a matter of hours.

Likewise, among ransomware gangs, Elliptic found RenBridge to be a significant facilitator of money laundering activities.

Russia-linked ransomware gangs are believed to have laundered more than $153m in ransom payments through RenBridge to date.

Conti ransomware attackers, which crippled essential services in Costa Rica between April and June this year, and led to a nationwide state of emergency, is believed to have laundered $53m through RenBridge to date.

In total, 27 government agencies were hit during the attack, with nine described by the country’s president as “very affected”, according to a report from WIRED.

Elliptic also believes that Ryuk ransomware attackers have laundered $92m through RenBridge to date, with transfers still ongoing.

Over the past four years, Ryuk attackers, whose ransomware targets organisations rather than individuals, have compromised hundreds of schools, hospitals and other institutions.

A regulator’s head-scratcher

According to Elliptic, blockchain bridges such as RenBridge pose a challenge to regulators, as there is no central service provider, such as an exchange, that facilitates cross-chain transactions.

Instead, the transactions from one blockchain to another are processed by a network of thousands of pseudonymous validators known as “darknodes”.

In its latest report on virtual asset risks, published in June, the Financial Action Task Force (FATF) noted that “chain hopping” is quickly becoming its own distinct category of money laundering.

FATF defines chain hopping as “moving from one virtual asset into another, often in rapid succession and with the aim of evading attempts to track these movements”.

The intergovernmental organisation said that “Defi protocols can be used to perform ‘chain-hopping’, which can make the transactions more difficult to trace”.

However, Elliptic suggests that the transparency of decentralised systems, including defi platforms, can still be leveraged to trace transactions through cross-chain bridges.

In arguing this, the company also pointed to its own Holistic Screening product, which launched this week aimed at crypto businesses, financial institutions and regulators.

New game in town

Despite cross-chain bridges becoming a money laundering conduit of choice, the vast majority of their volume comprises lawful transfers of funds between major crypto-assets such as bitcoin, ethereum and others.

The total volume of all cross-chain bridges to date is easily in the billions of dollars, if not hundreds of billions.

Although cross-chain bridges provide a legitimate tool, regulators should be aware of their usefulness to hackers and money launderers, according to Elliptic.

Before cross-chain bridges existed, crypto hackers would typically launder their illicit funds through crypto exchanges that could be used anonymously.

However, with the advent of near-universal know your customer (KYC) requirements among crypto exchanges, this avenue has now been foreclosed.

In most jurisdictions, crypto exchanges are now tightly regulated, and are required to both identify their customers and provide information to law enforcement if requested.

Against this backdrop, decentralised cross-chain bridges are being “embraced” by cybercriminals as an unregulated alternative, with predictable reputational damage for the crypto industry as a whole.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.