Dan Kitwood | beautiful pictures
One major way that criminals in the crypto world launder money is by sending digital assets over blockchains, bypassing a centralized service that can track and freeze transactions.
They use so-called cross-chain bridges to make that happen, and the dollar amount is getting bigger and bigger. A specific cross-chain bridge called RenBridge has been used to launder at least $540 million in crime-related crypto since 2020, According to new research from blockchain analytics firm Elliptic.
Included in that amount is $153 million in ransomware payments, which means hackers are using RenBridge when they break into corporate networks and force companies to pay to get their data back. Elliptic said RenBridge is a “critical facilitator” for Russia-linked ransomware gangs.
David Carlisle, Elliptic’s Vice President of Policy and Regulatory Affairs, said cross-chain bridges are “a bit of luck and a curse” at the moment. Like so many other popular crypto instruments, they help expand the market by giving people more ways to pay and transact. Cross-chain bridges are crucial to the development of decentralized finance, or DeFi, the space, which is a cryptocurrency alternative to the banking system.
The flip side of it is, “they’re not effectively regulated and are very vulnerable to hacking or being used in crimes like money laundering,” Carlisle told CNBC.
Carlisle said he expects regulators to start focusing on bridges within the next six to 12 months, as governments continue to crack down on the darkest corners of the crypto world.
On Monday, the Ministry of Finance blacklisted the cryptocurrency mixing service Tornado Cashalleging the service was used to launder more than $7 billion worth of virtual currency since 2019. Carlisle said action taken by the Treasury Department’s Office of Foreign Assets Control indicates that US regulators are ready to tackle criminal behavior in crypto.
“A key question is whether bridges will become subject to regulation, as they operate a lot like crypto exchanges, which are already regulated,” Carlisle said.
Developers have built cross-chain bridges to allow users to send tokens from one chain to another. The transfer of digital assets between chains is based on Darknodesor a network of thousands of pseudonymous validators. That allows them to become a major tool for obfuscating cryptocurrencies.
RenBridge has become a popular destination to do just that. Elliptic says it is used to launder assets derived from theft, fraud, ransomware and many other types of criminal activity.
Other crypto assets laundered on RenBridge may have been stolen by North Korea, Elliptic said. This service is also used by Conti cybercriminal group, recently attacked the Costa Rican government and caused a nationwide state of emergency. Elliptic research shows that Conti laundered more than $53 million through RenBridge.
“Cross-chain bridges are a loophole in regulatory mechanisms that have been carefully established by governments around the world to combat cryptocurrency laundering,” said Tom Robinson, principal scientist at Elliptic. “.
RenBridge is a suitable option for those who want to clean up stolen cash. More than $267 million in crypto assets taken from exchanges and DeFi services have been laundered through RenBridge over the past two years, including $33.8 million from Japanese crypto exchange Liquid, according to a report. Elliptic.
Bridges are especially vulnerable.
Blockchain cybersecurity company CertiK noted before that as bridges hold hundreds of millions of dollars in assets in escrow and multiply their possible attack vectors by operating on two or more blockchains, they become prime targets for hackers.
Last week, a bridge called Nomad lost nearly 200 million dollars in a devastating exploit due to a bug. Within hours, the thieves started using RenBridge to launder money. So far, $2.4 million in crypto assets stolen from Nomad have been sent via RenBridge, according to Elliptic.
“Ransomware gangs, scammers and even North Korean hackers are moving from regulated crypto exchanges to an unregulated, decentralized alternative,” Robinson said.
RenBridge is an open protocol, so it doesn’t work with the CEO or any central figure. CNBC has reached out to support email address listed on Ren .’s Crunchbase profile to request comment.