Bolide Banner

Blockchain Forensics Uncover RenBridge Laundered $540 Million Hacking Proceeds

By kev_nag | kev_nag | 12 Aug 2022

RenBridge is pitched as a way to easily convert virtual currencies like ZCash and Bitcoin to the Ethereum network and then to other blockchains. But ‘as well as a legitimate tool, cross-chain bridges have also emerged as a key facilitator of money laundering,’ letting users avoid regulations and move money easily across networks, the report says. That includes the proceeds of ransomware operations and thefts from other chains. Cryptocurrency isn’t as untraceable as some users expect, but it’s still possible to mask the sources of funds with specific services, especially decentralized ones like Elliptic. And regulators have started to take notice. Earlier this week, the US Department of the Treasury sanctioned Tornado Cash, a decentralized mixer designed to obscure the sources of crypto. It made a similar move with the mixer in May. In both of those cases, the government noted the services’ alleged use by North Korean hacker groups.

[Robertson, A. Hackers and fraudsters used crypto bridge RenBridge to launder $540 million, says report. (Accessed August 11, 2022)].

“Cross-chain bridges have been the target of more than a few hacks this year, but new data from blockchain analytics provider Elliptic alleges one has been used to launder over half a billion dollars in ill-gotten crypto assets. According to a Wednesday report, crypto bridge RenBridge facilitated the laundering of at least $540 million in proceeds of crime since 2020 through a process known as chain hopping — converting one form of cryptocurrency into another and moving it across multiple blockchains” [Katte, S. Cross-chain bridge RenBridge laundered $540M in hacking proceeds: Elliptic. (Accessed August 11, 2022)].

20220811 2.png
Photo Source

20220811 3.png
Photo Source

David Carlisle, Elliptic’s vice president of policy and regulatory affairs, said cross-chain bridges are ‘a bit of a blessing and a curse’ at the moment. Like so many popular crypto tools, they help expand the market by giving people more ways to pay and transact. Cross-chain bridges are notably vital to the development of the decentralized finance, or DeFi, space, which is crypto’s alternative to the banking system. The flipside is, ‘they’re effectively ungoverned, and so very vulnerable to hacks, or to being used in crimes like money laundering,’ Carlisle told CNBC.

[Sigalos, M. Crypto criminals laundered $540 million by using a service called RenBridge, new report shows. (Accessed August 11, 2022)].

According to Elliptic:

Movement of the proceeds of crime between blockchains – sometimes referred to as ‘chain-hopping’ – has long been used as a means to evade tracing, usually achieved by exchanging assets through cryptoasset exchanges that can be used anonymously. However, these exchanges are now heavily regulated in most jurisdictions, and are required to identify their customers and provide information to law enforcement investigators. Decentralized cross-chain bridges provide unregulated alternatives that are being embraced by cybercriminals. (emphasis added)

[Elliptic. Cross-chain Crime: More Than Half a Billion Dollars has Been Laundered Through a Cross-chain Bridge. (Accessed August 11, 2022). See, also Faisal, M. Hackers Utilized Cross-chain Bridge ‘RenBridge’ to Launder $540M. (Accessed August 11, 2022)].

It is very interesting as well as illuminating to read Elliptic’s findings regarding the source of these illicit funds. Elliptic asserts:

RenBridge has become particularly popular with those seeking to launder the proceeds of theft. Cryptoassets stolen from exchanges and decentralized finance (DeFi) services worth at least $267.2 million have been laundered through RenBridge over the past two years. This includes $33.8 million stolen from Japanese crypto exchange Liquid in August 2021. In total, $97 million was stolen from Liquid, in an attack that has been linked to North Korea. Sometimes, these stolen funds come from other cross-chain bridges. Just days ago, $156 million was stolen from the Nomad bridge, following the discovery of a bug that was exploited by numerous individuals. Hours later, some of the thieves were sending the stolen funds through RenBridge. So far, $2.4 million in cryptoassets stolen from Nomad have been sent through RenBridge. RenBridge is also an important facilitator for Russia-linked ransomware gangs, with over $153 million in ransom payments laundered through the service to date. The Conti cybercrime group – which recently attacked the Costa Rican government and triggered a national state of emergency – has laundered over $53 million through RenBridge. Meanwhile, Ryuk has perpetrated ransomware attacks against hundreds of hospitals and schools over the past four years and has laundered over $92 million to date, with transfers still ongoing.

[Elliptic, supra].

“Elliptic noted that blockchain bridges such as RenBridge poses a challenge to authorities trying to clamp down on individuals and groups using the emerging technology for illicit activities. ‘Blockchain bridges such as RenBridge pose a challenge to regulators since there is no central service provider that facilitates these cross-chain transactions,’ it said” [Katte, supra]. According to Tom Robinson, Elliptic’s chief scientist, “[c]ross-chain bridges are a loophole in the regulatory regime that has been painstakingly established by governments around the world, to combat crypto laundering” [Sigalos, supra].

In a June 30, 2022 Report published by the intergovernmental organization Financial Action Task Force (FATF) among other things found:

Inputs from FATF jurisdictions and open source research suggest that the DeFi markets have grown significantly over the last year. While it is not possible to determine the exact impact of the growth in DeFi on illicit financing, open source information suggests that threats from criminal misuse continue. Notable changes in the DeFi market over the last year include: […] (ii) the increase in cross-chain bridges, which is likely to impact the materiality of relevant DeFi platforms.


And more specifically, in the area of money laundering and ‘chain hopping’, FATF noted:

To combat these threats, both jurisdictions and industry in recent consultations have recognised the opportunities of blockchain analytics to help trace ransomware related money laundering. Blockchain tools have supported and informed successful enforcement cases, targeted financial sanctions, and other actions to disrupt ransomware financing. Nevertheless, industry also acknowledged that some challenges remain, particularly due to the use of privacy coins, chain-hopping via non-compliant VASPs, and unhosted wallets. In order to address these threats going forward, it is important that both jurisdictions and the private sector implement FATF’s Standards on VAs and VASPs, including the Travel Rule, to enable the private sector detect illicit actors and suspicious transactions.


“Blockchain cybersecurity firm CertiK previously noted that when bridges hold hundreds of millions of dollars of assets in escrow and multiply their possible vectors of attack by operating across two or more blockchains, they become prime targets for hackers” [Sigalos, supra].

Apparently, the heart of this issue is: “The rapid growth and evolution of the Defi sector is a cause for concern as it could cause risks to accelerate and proliferate” [Katte, supra]. Basically, it becomes the continuing trade-off between decentralization and security as the criminal element present in the system evolves as fast as the innovation occurs. But question: How much regulation is tolerable and how do you regulate a decentralized entity? Major food for thought!

How do you rate this article?




Just an ordinary casual crypto investor.


Retired, finally. I enjoy learning about crypto and sharing my discoveries. Also, I follow the News closely and enjoy discussing current events. I have no political agenda, but advance views based in reality with a slant toward real world consequences.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.