Elliptic: Over $4 Billion in Illicit Crypto Laundered via Cross-Chain Technologies

Published: 07 October 2022

Cryptocurrency ChessCross-chain technologies facilitating transactions between different blockchains have been exploited and used as laundromats by criminal groups. (Photo: Ivan Radic, Flickr, License)

By Inci Sayki

Criminals have laundered at least US$4 billion-worth of illicit crypto proceeds using cross-chain technologies since 2020, new research by blockchain analysis firm Elliptic reveals.

Blockchains have become increasingly interconnected in recent years, and new technologies such as decentralized exchanges (DEXs), cross-chain bridges, and “coin swap” services allow for capital to move around seamlessly between thousands of different crypto assets.

This ease of transactions, however, raised new opportunities for criminal groups; as it mystifies the trail of transfers, making the origins and destination of the money hard to trace.

Perpetrators such as hackers, ransomware groups, dark web marketeers, online gambling platforms, illicit virtual service providers and ponzi schemers, have exploited these technologies to anonymously obfuscate the origins of billions of dollars in illicit proceeds.

In a June 2022 report on virtual asset risks, the Financial Action Task Force (FATF) first pointed out money laundering through cross-chain transactions, dubbed “chain hopping”.

According to the report released this week, $1.2 billion of stolen crypto from decentralized finance or exchange thefts have been swapped using DEXs, which allows direct transactions between crypto traders. One of the biggest DEXs operating currently is Uniswap.

A further $1.2 billion in illegal assets have been laundered using “coin swap” services, which allow users to swap assets without even creating an account. Advertisements for such services can be found on Russian cybercrime forums, and they almost exclusively cater to criminals.

Elliptic said its findings indicate a new “cross-chain problem,” which also highlight a growing concern that the laundered proceeds may fund sanctioned or terrorist entities.

The issue most recently came into light in August this year when the U.S. Treasury Department controversially sanctioned crypto mixer Tornado Cash, which the authorities said laundered over $7 billion since its creation three years ago.

Roughly half a billion dollars of the laundered amount was stolen in the largest crypto heist to date by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored group of hackers that was sanctioned by the U.S. in 2019, the Treasury said.

Previously, the U.S. Treasury had blacklisted another crypto mixer, Blender, in May this year, also used by North Korea to launder stolen virtual currencies.

According to the Treasury Department’s statement, sanctioning the laundromat Blender, the U.S. fears North Korea uses the proceeds laundered from cyber heists to “generate revenue for its unlawful weapons of mass destruction (WMD) and ballistic missile programs.”

Also in August this year, the cross-chain bridge RenBridge laundered $540M in hacking proceeds according to the Elliptic, chipping into the $4 billion muddled. Such bridges link different blockchain networks together and allows users to transfer cryptocurrency tokens from one blockchain to another.