In a significant shift, cybercriminals have drastically reduced their reliance on crypto mixers in favor of cross-chain bridges over the past year, according to blockchain forensics firm Elliptic. This evolving trend underscores cybercriminals’ adaptability and the challenges law enforcement agencies face in tracking illicit activities in the cryptocurrency space.
Elliptic’s data for June and July reveals a remarkable reversal compared to the first half of 2022, with nearly all stolen cryptocurrencies being laundered through cross-chain bridges. This shift is attributed to the phenomenon known as “crime displacement,” where criminals transition to new methods when their existing tactics face increased scrutiny and policing.
However, what is noteworthy is that the shift to cross-chain bridges has occurred more rapidly than initially projected by Elliptic. The ratio of laundered funds passing through mixers versus cross-chain bridges shifted dramatically between July and September 2022. This shift corresponds to the U.S. Office of Foreign Asset Control’s sanctions against Tornado Cash in August 2022, which prompted many cybercriminals, including the North Korean-backed Lazarus Group, to migrate to Avalanche Bridge.
The same Avalanche bridge was recently implicated in facilitating the movement of stolen funds related to Stake’s $41 million exploit on September 4, according to blockchain security firm CertiK.
Crypto mixers experienced a brief resurgence between November 2022 and January 2023, mainly due to the shutdown of RenBridge. RenBridge ceased operations in December following the bankruptcy of its financer, Alameda Research, resulting in a loss of an estimated $500 million in laundered funds facilitated throughout its existence.
However, the resurgence of crypto mixers was short-lived as cybercriminals swiftly returned to cross-chain bridges, and their usage surpassed previous levels. Elliptic points out that criminals may prefer cross-chain bridges due to the difficulty faced by blockchain forensic firms in tracking illicit activities across different blockchain networks in a scalable manner.
“Criminals are aware that legacy blockchain analytics solutions do not have the means to trace illicit blockchain activity across blockchains or tokens in a programmatic or scalable manner,” noted Elliptic.
Additionally, many of the stolen tokens are only exchangeable through cross-chain bridges, and most decentralized finance (DeFi) services associated with these tokens do not require identity verification. This combination makes cross-chain bridges attractive for money laundering and illicit fund movement.
Elliptic estimates that a staggering $4 billion in illicit or high-risk cryptocurrencies have been laundered through cross-chain bridges since 2020. This trend highlights the need for continued efforts to enhance cryptocurrency regulation and bolster blockchain forensics capabilities to combat cybercrime effectively in the evolving digital landscape.