Illicit cross-chain transfers expected to grow to $10B: Here's how to prevent them

Published at: Nov. 30, 2022

Improved blockchain analytics will become increasingly important to combat the use of cross-chain bridges for illicit means, which are estimated to surpass $10 billion in value by 2025.

Blockchain analytics firm Elliptic forecasts a 60% rise in the value of illicit cryptocurrency laundered through cross-chain bridges from $4.1 billion in June 2022 to $6.5 billion next year. This figure is projected to double midway through the decade.

Cross-chain crime has been a major talking point in 2022 with over $2 billion fleeced in hacks targeting cross-chain bridges. Aside from these bridges and their contracts being targeted, these bridges have also become an avenue for criminals to launder cryptocurrency. A prime example is an unknown hacker moving stolen funds from the now bankrupt FTX using cross-chain bridges.

Cointelegraph unpacked the findings of research released by Elliptic in correspondence with senior cryptocurrency threat analyst Arda Akartuna. 

The Elliptic analyst explained that billions of dollars in assets have been transferred between Bitcoin, Ethereum and other blockchains using bridge services such as Portal, cBridge and Synapse. Decentralized cross-chain bridges offer an unregulated alternative to exchanges for transferring value between blockchains.

Related: After FTX: Defi can go mainstream if it overcomes its flaws

While some bridges are used legitimately, Akartuna noted that the tools have emerged as a key facilitator in money laundering. ‘Chain-hopping’, or moving proceeds of crime between blockchains, has long been used to evade tracing efforts by exchanging cryptocurrency assets through decentralized or anonymous exchanges.

As blockchain surveillance, enforcement and regulatory efforts have improved, criminals have turned to cross-chains to continue laundering illicit funds:

“Decentralized cross-chain bridges provide unregulated alternatives that are being embraced by cybercriminals.”

Akartuna also notes that the sanctioning of cryptocurrency mixing service Tornado Cash has seen a shift in the way criminals launder money. Decentralized exchanges, cross-chain bridges and coin swap services are becoming a new means of moving illicit funds:

“Although the use of these platforms is overwhelmingly legitimate, they facilitate cross-chain money laundering and terrorist financing due to their lack of identity checks and anti-money laundering controls.”

An example of increased use of a cross-chain avenue for illicit means is RenBridge, which Elliptic research found to have laundered around $540 million of criminal proceeds as of August 2022. Meanwhile centralized exchanges, which also facilitate cross-chain or cross-asset swaps, are less popular for illicit actors given the push for AML and identity screening/KYC solutions.

The growing prevalence of cross-chain bridge usage for illicit means highlights the need for solutions or efforts to minimize criminal usage. Akartuna suggested users conduct due diligence on the services used to hop between blockchains and tokens and be wary of platforms associated with illicit activity.

Businesses should make use of blockchain analytics tools to screen addresses and transactions and set clear risk rules for their cryptocurrency usage. Nevertheless, there are some circumstances that simply cannot be predicted or avoided, as Akartuna explained:

“The sanctions against Tornado Cash is a prime example of how legitimate wallets may be inadvertently tainted due to sudden enforcement actions, as you now have 'pre-sanctions activity' which doesn't carry the same risk as post-sanctions activity.”

Existing single blockchain analytics solutions have done a lot to combat money laundering in the cryptocurrency space but fall short of capabilities to trace, screen or forensically investigate transactions across blockchains or tokens.

As the Elliptic threat analyst highlighted, once an asset 'hops' to a different blockchain, investigations become significantly more complex and resource intensive.

“The risk here is that a wallet can hold any number of different assets, and legacy blockchain solutions are not able to automatically trace the activities of the same entity across separate chains.”

Screening the movement of funds on separate blockchains may see some assets flagged as sanctioned while others may show no risk. In theory, this could lead to an exchange or wallet user unwittingly transacting with a sanctioned entity.

Elliptic, for example, makes use of a proprietary analytics tool with ‘holistic screening’ capabilities which merges existing blockchains into an interconnected system. This allows for visualization and screening across chains to better detect the movement of illicit funds.

Tags
Blockchain
Regulation
Analysis
Cybercrime
Cybersecurity
Elliptic
Related Posts
NCFTA onboards crypto exchange Binance to fight against cybercrime
The National Cyber-Forensics and Training Alliance (NCFTA), an American non-profit, onboarded its first crypto firm Binance to aid their ongoing battle against cybercrimes. Founded in 2002, the NCFTA partners with law enforcement and various business and academic entities to source threat intelligence to identify and mitigate cybercrime threats. By partnering with Binance, the world’s biggest crypto exchange in terms of trading volume, the NCFTA aims to tackle international cybersecurity investigations. According to Binance’s VP of Global Intelligence and Investigations, Tigran Gambaryan, the exchange aims to be the leading contributor in the fight against cybercrime, ransomware, and terrorism financing: “Joining the …
Blockchain / Jan. 18, 2022
Crypto is not criminal: US Secret Service launches 'crypto awareness hub'
The tide is turning on the way in which law enforcers discuss cryptocurrencies and treat crypto users. The United States Secret Service has launched a cryptocurrency awareness hub featuring a cheesy public service announcement video. The educational tool seeks to combat the “illicit use of digital assets as well as provide public awareness information on digital asset security and how to ensure it remains secure.” Watch the video here: "Secret Service: Safeguarding the next generation currency", Source: U.S. Secret Service Youtube U.S. Secret Service Office of Investigations Assistant Director Jeremy Sheridan said that the hub focuses on "investigating financial crimes." …
Adoption / Feb. 23, 2022
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Into the storm: The murky world of cryptocurrency mixers
Cryptocurrency mixing services are a divisive subject in the industry. Some advocate for the privacy-enabling features of these protocols while others maintain that they are mainly used for illicit means. For platforms like Tornado Cash, the mainstream verdict is “guilty as charged.” The infamous decentralized mixing protocol was sanctioned by the United States Office of Foreign Assets Control (OFAC) in August 2022, essentially making it illegal for anyone to make use of the service. Tornado Cash continues to be a contentious topic and one of its developers, Alexey Pertsev, controversially remains in detention in the Netherlands while investigators look to …
Regulation / Dec. 7, 2022
DeFi exploits and access control hacks cost crypto investors billions in 2022: Report
Cyber criminals used a variety of novel ways to carry out hacks and exploits in 2022, with over $2.8 billion of cryptocurrency stolen last year. According to a report from CoinGecko using data sourced from DeFiYield’s REKT Database, nearly half of the total crypto stolen in 2022 was fleeced using diverse methods. This includes bypassing verification processes, market manipulation, ‘crowd looting’ as well as smart contract and bridge exploits. The biggest hack of 2022 was carried out through an access control hack. Sky Mavis, the developer behind popular game Axie Infinity, saw its Ronin bridge hacked in March 2022, leading …
Blockchain / Feb. 13, 2023