In spite of the sharp decline in prices of popular coins such as Bitcoin and Ethereum drawing down the value of the greater cryptocurrency market over the last 18 months, consumers have continued to invest heavily into emerging cryptocurrency coins and platforms in anticipation of the next “bull run.” Cyber-criminals have capitalized on these developments and the cybersecurity flaws that often accompany platforms launching on the fly, making off with millions of dollars worth of crypto via hacking exploits and scams. More recently, criminals have turned their attention to targeting what are known as “blockchain bridges” and using other sophisticated tactics unique to the cyber realm to avoid apprehension by the proper authorities.
Blockchain bridges (also known as “cross-chain” bridges) connect independent blockchains and enable the transfer of assets and information between multiple independent platforms. Essentially, these bridges provide the ability to spend one type of cryptocurrency as another (i.e. spending Bitcoin as Ether). They have become necessary across this industry given that some blockchains and/or crypto platforms are unable to use certain types of cryptocurrencies that others might utilize heavily. As blockchains mint different coins and operate on varying sets of rules, the bridge serves as a neutral zone so users can smoothly switch between one and the other, greatly improving the crypto experience.3 Blockchain bridges also offer additional benefits that include decreased transactions fees, a reduction in congestion/improved network throughput, and access to innovative yield-earning activities.4 Tens of billions of dollars in assets have been transferred between Bitcoin, Ethereum and other blockchains utilizing popular bridge services such as Portal, cBridge and Synapse to date, with these options providing something of a boon to investment into newer coins found on the market. However, analysts have speculated that bridges of this variety offer a plethora of avenues of exploitation by hackers given the openness of such a domain, let alone the fact that bridges themselves have become a tool widely utilized to send assets across blockchains for purposes of money laundering. This is largely due to the fact that criminals can effectively bypass the centralized services that would normally be used to trace and freeze suspicious transactions, thus allowing for the laundering of funds to continue without notice.
Additionally, given that blockchain bridges often hold hundreds of millions of dollars worth of digital assets in escrow, they have continued to garner the unwanted attention of bad actors looking to make off with large payouts. Last week, blockchain analytics firm Elliptic Connect reported that a single cross-chain crypto bridge known as RenBridge was used to launder $540 million since the year 2020. Of that sum, there is an estimated $153 million in ransomware proceeds with alleged ties to North Korea.1 The report also specifies that more than $2.4 million from the August 1st Nomad hack had already been laundered through RenBridge. All told, approximately $1.4 billion worth of cryptocurrency has already been lost to breaches of these bridges thus far in 2022, with this trend expected to continue at the international level.
Setting the bar, the United States government has begun taking action to help stop the bleeding, with financial watchdogs expected to initiate a true regulatory crackdown on bridges over the coming months. Crypto mixing/blending services – i.e. third-party outlets that make it more difficult to track individual transactions by mixing source funds with other funds before sending back an equivalent of blended funds whose origins are then subsequently obscured – are also a prime target. Just last week the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) levied sanctions against one particular platform tied to many cross-border criminal economic ventures. The mixer known as Tornado Cash was alleged to haveplayed a direct role in the laundering of more than $7 billion in crypto since 2019. Much of the laundering was done on behalf of North Korean entities, with the mixer directly tied to the largest crypto heist seen to date involving the infamous Lazarus hacking group in which $620 million was pilfered dating back to March of 2022.
All told, blockchain analytics firm Chainalysis concluded that Tornado Cash played a role in laundering funds from every North Korean crypto hack in 2022.2 This is significant given that the U.S. and several of its international counterparts have accused North Korea of deploying hackers in wake of stringent American sanctions in order to continue providing funding for the Republic’s nuclear weapons programs. The revelations lead the Treasury Department as far as to call the platform a direct “threat to national security”, with the agency indefinitely barring American citizens and entities from carrying out any further transactions with the mixer. “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors,” Brian Nelson, the under secretary of the Treasury for terrorism and financial intelligence, said in a statement. These efforts are hopefully a sign of things to come in the continued fight against illicit finance, though this remains an uphill battle at current.
- Sigalos, MacKenzie. “Crypto Criminals Laundered $540 Million by Using a Service Called RenBridge, New Report Shows.” CNBC, CNBC, 10 Aug. 2022.
- Starks, Tim, and Aaron Schaffer. “Analysis | Treasury Cracks down on a Tool That Helped Launder Billions.” The Washington Post, WP Company, 9 Aug. 2022.
- “What Are Blockchain Bridges and Why Do We Need Them?” Liquid.
- “What Are Cross-Chain Bridges? Definitions, Characteristics, and Reviews.” Alchemy, 10 May 2022.