According to blockchain forensics firm Elliptic, cybercriminals have made a significant shift in their tactics for laundering stolen cryptocurrency, moving away from traditional crypto mixers in favor of cross-chain bridges.
The “Crime Displacement” Effect
Elliptic’s data for June and July reveals that nearly all of the stolen cryptocurrency was laundered through cross-chain bridges, representing a complete reversal from the first half of 2022.
In a recent blog post dated September 18, Elliptic explained this shift as a result of the “crime displacement” effect, where criminals adapt to new methods when their existing methods face increased law enforcement scrutiny.
However, the transition to cross-chain bridges has been even more rapid than initially projected. Elliptic estimates that approximately $4 billion in illicit or high-risk cryptocurrencies have been laundered through cross-chain bridges since 2020.
Sanctions Trigger Shift
The significant shift towards cross-chain bridges can be traced back to the United States Office of Foreign Asset Control’s sanctions against Tornado Cash in August 2022. This crackdown followed allegations that Tornado Cash was a favored tool for cybercriminals seeking to obscure their stolen funds.
Consequently, the co-founders of Tornado Cash faced charges of conspiracy to commit money laundering and sanctions violations by the U.S. government. Despite appeals to a federal court, the sanctions remained in place.
The Lazarus Group’s Move
Notably, cybercriminal groups swiftly embraced cross-chain bridges. The most prominent of these is the North Korean-backed Lazarus Group, which had previously used Tornado Cash predominantly but now has turned to the Avalanche Bridge after the sanctions. This bridge was recently implicated in facilitating some of the stolen funds from Stake’s $41 million exploit on September 4, as reported by blockchain security firm CertiK.
Although crypto mixers experienced a brief resurgence between November 2022 and January 2023, primarily due to the shutdown of RenBridge, which was linked to the collapse of Alameda Research amid FTX’s bankruptcy, criminals quickly reverted to using cross-chain bridges in greater numbers.
Challenges For Blockchain Forensic Firms
One of the reasons behind criminals’ preference for cross-chain bridges is the difficulty faced by blockchain forensic firms in tracking illicit activity across different blockchain networks at scale. Elliptic points out that traditional blockchain analytics solutions lack the capability to effectively trace illicit activity across various blockchains and tokens.
Additionally, many of the stolen tokens are only exchangeable through cross-chain bridges, and most decentralized finance services associated with these bridges do not require identity verification.
Criminals are well aware of the limitations of traditional blockchain analytics solutions in tracing their activities effectively.
This trend could potentially trigger more stringent regulatory oversight, underscoring the urgency of finding effective solutions to combat the rising tide of cross-chain crime in the crypto world.