Cross-chain bridge RenBridge laundered $540M in hacking proceeds: Elliptic

Published at: Aug. 11, 2022

Cross-chain bridges have been the target of more than a few hacks this year, but new data from blockchain analytics provider Elliptic alleges one has been used to launder over half a billion dollars in ill-gotten crypto assets. 

According to an Aug. 10 report, crypto bridge RenBridge has facilitated the laundering of at least $540 million in proceeds of crime since 2020 through a process known as chain hopping — converting one form of cryptocurrency into another and moving it across multiple blockchains.

Elliptic said that decentralized cross-chain bridges provide “an unregulated alternative to exchanges for transferring value between blockchains.”

Rogue states and hacker groups

For the most part, cross-chain bridges or blockchain bridges are used for legitimate purposes, enabling users to move cryptocurrencies seamlessly across blockchain networks.

Users typically deposit their tokens from one chain to the bridge protocol, which is locked into a contract, then the user is issued the equivalent of a parallel token in another chain.

However, Elliptic noted these bridges have also been used by ransomware gangs, exploiters, and hackers to launder proceeds of crime, with RenBridge accounting for at least $540 million of laundered proceeds since 2020. 

Most recently, at least $2.4 million in crypto assets stolen during the Nomad hack on Aug 2 went through the cross-chain bridge, according to the firm.

Elliptic also noted that assets from decentralized finance (DeFi) services worth at least $267.2 million have been laundered using RenBridge in the last two years, while a portion of the $80 million stolen from Liquid Global exchange last year, allegedly by North Korea, has passed through RenBridge.

The Conti ransomware group, which famously attacked the Costa Rican government back in June, has also laundered over $53 million through RenBridge so far.

Authorities concerned

Elliptic noted that blockchain bridges such as RenBridge poses a challenge to authorities trying to clamp down on individuals and groups using the emerging technology for illicit activities.

"Blockchain bridges such as RenBridge pose a challenge to regulators since there is no central service provider that facilitates these cross-chain transactions," it said. 

Related: Is there a secure future for cross-chain bridges?

In a Jun. 30 status report from the Financial Action Task Force (FATF), the intergovernmental organization highlighted increasing risks associated with "chain hopping," particularly in the DeFi space:

“The rapid growth and evolution of the Defi sector is a cause for concern as it could cause risks to accelerate and proliferate.”
Tags
Related Posts
Zabu token price flatlines after $3.2M attack on Avalanche blockchain
Zabu Finance, a DeFi application on the Avalanche blockchain, has reportedly been exploited for crypto tokens worth $3.2 million. The removal of a large number of tokens eventually reduced the value of Zabu tokens to zero. Zabu Finance announced the exploit by asking for help from Avalanche and popular Avalanche-hosted decentralized exchanges such as Pangolin and Trader Joe: “Zabu Team Wallet has not sold a single Zabu. We're under an exploit, possibly from Spore Pool. We're investigating the exploit. Need help Pangolin, Trader Joe, Avalanche.” Based on further investigation, Zabu found the attacker stole the assets from a pool of …
Technology / Sept. 13, 2021
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Avalanche flash loan exploit sees $371K in USDC stolen
Avalanche-based lending protocol Nereus Finance has been the victim of a crafty hack that saw a user net $371,000 worth of USD Coin (USDC) using a smart contract exploit. Blockchain cybersecurity firm CertiK was one of the first to detect the exploit on Sept. 6, indicating that the attack impacted liquidity pools on Nereus relating to decentralized exchange Trader Joe and automated market maker Curve Finance. CertiK also suggested that underlying protocols themselves were impacted, however, Curve Finance responded via Twitter on Sept. 7, stating “maybe you meant ‘assets impacted,’ not ‘protocols impacted’. Only @nereusfinance and its assets seem impacted.” …
Technology / Sept. 8, 2022
Reversible blockchain transactions would improve cryptocurrency
A proposal out of Stanford University to make crypto transactions reversible is adding a wrinkle to discussions of crime and fraud prevention. Researchers suggested that mutability — the ability to reverse blockchain transactions — would help prevent crime. One of the advantages of cryptocurrency is that it is possible for the market — individuals, traders and banks — to decide if reversibility is wanted. Not only would a new (reversible) cryptocurrency be able to test the acceptance or desire for reversible transactions, it would help to test the idea that reversibility reduces crime. Although cryptocurrency is not a tool of …
Technology / Oct. 5, 2022
DeFi exploits and access control hacks cost crypto investors billions in 2022: Report
Cyber criminals used a variety of novel ways to carry out hacks and exploits in 2022, with over $2.8 billion of cryptocurrency stolen last year. According to a report from CoinGecko using data sourced from DeFiYield’s REKT Database, nearly half of the total crypto stolen in 2022 was fleeced using diverse methods. This includes bypassing verification processes, market manipulation, ‘crowd looting’ as well as smart contract and bridge exploits. The biggest hack of 2022 was carried out through an access control hack. Sky Mavis, the developer behind popular game Axie Infinity, saw its Ronin bridge hacked in March 2022, leading …
Blockchain / Feb. 13, 2023