red 
Detecting illegal activity while watching crypto movements has always been complex, but as assets and the blockchain become more interconnected, this problem has become even more difficult to solve. However, with the release of our new Holistic upgrade, Elliptic users can track asset swaps with ease.
Thanks to decentralized exchanges (DEX), cross-chain bridges and increasingly sophisticated protocols, value can move freely across different assets and blocks without the need for a centralized intermediary. This has numerous benefits for the entire financial landscape, including:
- Securing deeper liquidity to unlock new use cases for DeFi;
- More interoperability and standardization between ecosystem and protocol;
- A better general user experience.
However, as with all innovations, there are opportunities that bad actors will try to exploit, as asset swaps often work without having to undergo the traditional KYC process (and in many cases, AML checks).
It is difficult for traditional blockchain analytics to understand changes in networks because they can only pass through one network at a time. Elliptic’s new holistic tracking upgrade can track assets through the bridge to their final destination.
At Elliptic, we spotted this trend early and developed solutions to protect our customers from cross-chain risks – Holistic Review and Investigations. By turning multiple different blockchains into a single, unified and queryable graph, we are able to see connections that would otherwise be invisible if the networks remained separate.
Ultimately, this technology has helped our clients uncover billions of dollars linked to illegal actors, take proactive and preventative actions to ensure their protection, and gather evidence for prosecution. Today we are excited to introduce an upgrade to our holistic technology.
How does it work
With Holistic Screening and Investigations, customers have already been able to track entities such as bridges and DEXs, however, the most sophisticated actors are finding ways to disguise their movements, often involving more complex address changes.
The most exciting aspect of this new upgrade is that our tools do all the hard work for you. Where available, if cross-chain or cross-asset substitution is detected, we will create a connection between inputs and outputs using a “virtual” flow and highlight it on the chart for further analysis.
By upgrading our tracking methodology, we are now able to reliably find these links and easily detect them in our screening and investigation tools. To do this, we developed a a virtual value transfer event (VVTE) which simplifies all the basic value transfer events between an input/output address and a connecting entity into a single asset flow.
As part of the investigation, we visually distinguish these “virtual flows” from other transactions, using the blue arrow, as shown above. This makes it much faster and easier for investigators to track asset movements on the blockchain, as they no longer have to manually track VTEs through asset switching entities.
However, we didn’t just stop at influencing manual intervention. Reviews conducted with Elliptic on wallets and transactions will now – where available – follow through entity swaps to show the link to the original actor, ensuring the most accurate risk assessment can be delivered at scale.
Example: Lazarus
In this chart, we can see the laundering strategy adopted by the North Korean state-sponsored hacker Lazarus Group. They execute multiple transactions in an attempt to disguise their activity, including using cross-chain bridges to move funds from Ethereum to the Binance Smart Chain.
Asset change is visually represented on the graph using a virtual flow in blue, streamlining multiple on-chain transactions sent through the bridge and allowing investigators to efficiently identify funds entering and exiting the protocol.
Example: FTX Exploiter
_Edit.png?width=640&height=808&name=image%20(12)_Edit.png)
This investigation illustrates the removal of funds from FTX as a result of exploitation in 2022. The operator waited almost a year before transferring part of the funds to the cross chain bridge.
They used the bridge to transfer $10M+ from Ethereum to Bitcoin, depositing the funds into fresh Bitcoin addresses, before eventually ending up on Sinbad mixer, which is an OFAC sanctioned entity, with the intent to mix funds to further the money laundering process.
As shown, with Elliptic’s enhanced tracking, it becomes trivial for an investigator to track the movement of funds through bridges.
Cross-screening and investigations
Asset swapping and bridging are just one way that bad actors may be using cryptocurrencies to obfuscate compliance checks and evade investigators, and it’s clear that traditional siled approaches to individual assets are exacerbating the problem.
If investigators or compliance professionals want to be able to truly understand the flow of funds, they need a tool that can identify when these structures are being used and that can match addresses on both sides of the entity. Through our investment in creating the industry’s only unified cryptoasset identity graph, Elliptic has created the only way to determine exposure to illicit activity through these exchanges.
For more information on holistic screening and investigations visit our site here.
