Hackers, fraudsters and others have laundered at least $540 million through the RenBridge cryptocurrency bridge network since 2020, according to blockchain analytics group Elliptic. Elliptic researchers released the report today, citing RenBridge as an example of the risks of decentralized cross-chain networks.
RenBridge is promoted as a way to easily convert virtual currencies such as ZCash and Bitcoin to the Ethereum network and then to other blockchains. But “in addition to being a legitimate tool, cross-chain bridges have also emerged as a key facilitator of money laundering”, allowing users to avoid regulations and easily move money across networks , says the report. This includes proceeds from ransomware operations and theft from other channels.
Cryptocurrency is not as untraceable as some users expect, but it is still possible to hide the sources of funds with specific services, especially decentralized ones like Elliptic. And regulators have started to take notice. Earlier this week, the US Treasury Department sanctioned Tornado Cash, a decentralized mixer designed to hide sources of crypto. It made a similar move with the Blender.io mixer in May. In both cases, the government noted alleged use of the services by North Korean hacker groups.
Elliptic’s report also suggests that RenBridge was used to launder money stolen from Japanese crypto network Liquid, a hack linked to North Korea. He also claims that RenBridge is popular among Russia-linked ransomware operations, claiming $153 million worth of ransomware has been laundered through the service.
Many other digital services can be used for both criminal and non-criminal purposes, such as privacy and censorship evasion. But decentralized finance or DeFi is particularly prone to theft and hacking, and identifying choke points is potentially useful for security analysts and governments.