Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform
Image: The Record
Daryna Antoniuk August 11, 2022

Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform

Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform

Hackers and cryptocurrency thieves are turning to so-called cross-chain platforms to launder money and avoid attempts by law enforcement to trace and freeze their illicit proceeds. One such platform called RenBridge has been used to launder at least $540 million in cryptocurrency over the last three years, according to new research published this week. 

RenBridge is part of a relatively new crop of services that allows people to move assets seamlessly between different blockchain networks — for example, converting Bitcoin to the Ethereum blockchain. 

Some cross-chain bridges are used legitimately to help newer cryptocurrencies compete with more popular digital assets. But the platforms have also become an attractive tool for cybercriminals, who have moved away from more centralized and regulated cryptocurrency exchanges that are increasingly being asked to identify customers and provide information to law enforcement.

The services have been used by some of the most notorious cybercrime groups, according to research published this week by blockchain analysis company Elliptic. Conti, which is known for a far-reaching attack on Costa Rica’s government, laundered over $53 million through RenBridge, while Ryuk laundered over $92 million with transfers still ongoing.

It has also been used to launder at least $267 million in cryptocurrency assets stolen from exchanges and decentralized finance services over the last two years, Elliptic said. That includes $33.8 million stolen from Japanese crypto exchange Liquid, which lost a total of $97 million in an attack last August that has been linked to North Korea.

Sometimes stolen funds came from other cross-chain networks, including Nomad, which lost more than $156 million in cryptocurrency earlier this month after hackers discovered a vulnerability in a recent update on the platform. At least $2.4 million in stolen cryptocurrency from Nomad have been sent through RenBridge, according to Elliptic.

RenBridge did not respond to a request for comment.

Money laundering machine

Criminals and hackers have long abused the decentralized and unregulated nature of cryptocurrencies, allowing them to launder $8.6 billion in cryptocurrency last year, according to Chainalysis. 

And although cryptocurrencies offer some anonymity to cybercriminals, they’re not untraceable. Hackers have had to make use of a variety of tools to hide the source of stolen digital assets.

Earlier this month, for example, the U.S. sanctioned the Tornado Cash mixer for allegedly helping launder the proceeds of cybercrimes, including nearly half a billion dollars stolen by the North Korean state-sponsored Lazarus Group.

Elliptic’s research highlights the less-discussed threat posed by cross-chain networks enabling users to hide the source of stolen funds by moving them easily across blockchain networks.

“Blockchain bridges such as RenBridge pose a challenge to regulators, since there is no central service provider that facilitates these cross-chain transactions,” researchers wrote. “The Financial Action Task Force (FATF) recently called-out money laundering through “chain hopping” in its latest report on virtual asset risks, but it remains to be seen how this type of activity could be regulated.”

Daryna Antoniuk is a freelance reporter for The Record based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.