Perhaps the most prominent feature of the cryptoasset sector today is that it has become a “multi-chain” ecosystem, where users can seamlessly move funds across the blockchain.
After the launch of Bitcoin in 2009, cryptoassets existed as separate environments. Users of the asset transacted on the Bitcoin blockchain – or public transaction ledger – while users of Ethereum, Tether, Litecoin, Polkadot and other popular digital assets transacted in restricted universes restricted to activity on their own blockchains.
Thousands of cryptoassets have been developed within a decade of Bitcoin’s launch, resulting in thousands of different ecosystems. The inability to seamlessly move funds from one blockchain to another has limited the potential for successful services in the crypto sector.
This has changed dramatically in the last two to three years. New technological innovations allow users of cryptoassets to quickly and efficiently transfer value over the blockchain. The result is an increasingly complex and rich ecosystem of cryptoassets that is better prepared to absorb an increasing number of users.
However, this new multi-chain world also presents financial crime risks. Criminal actors can rapidly move crypto-assets across blockchains to support their money laundering schemes (a typology known as “chain-hopping”). According to Elliptic’s research, to date illegal actors have laundered more than $4 billion through services that facilitate transfers between chains.
The explosion of cross-crime presents new challenges for detecting illicit activity in cryptocurrencies. Compliance officers must understand this new landscape, the risks involved and how to respond to them.
A brave new world with more chains
The emergence of a multi-chain ecosystem is greatly facilitated by new decentralized finance (DeFi) platforms.
Decentralized exchanges (DEX) are one of the primary mechanisms for users to exchange assets. DEXs allow users to trade cryptoassets without relying on a central intermediary to hold funds or manage an order book. They do this using smart contracts or self-executing protocols that facilitate swaps.
Trading on DEXs has exploded recently. The largest DEX – Uniswap – facilitates around $1 billion in daily trading, which rivals the trading volume of some of the world’s largest centralized exchanges such as Coinbase and Kraken. By allowing users to exchange a wide range of tokens – including stablecoins like Tether and USDC for cryptoassets like Ethereum – DEXs provide essential liquidity to fuel the development of the crypto economy.
Cross chain bridges are another important innovation. Bridges work as advertised: they allow users of cryptoassets originating from one blockchain to seamlessly move funds to another blockchain. For example, using a popular service known as RenBridge, Bitcoin users can transfer their funds directly to the Ethereum blockchain, giving them access to products and services – such as non-fungible tokens (NFTs) – built on top of Ethereum.
Before services like RenBridge, a bitcoin user had to open an account with a centralized cryptoasset exchange service and provide know-your-customer (KYC) information to satisfy anti-money laundering (AML) requirements – a process that often took several days. Only after that the user could exchange his Bitcoin for Ether at the rate determined by the exchange. With RenBridge, however, a Bitcoin user can transfer funds directly to the Ethereum blockchain without opening an account with a regulated firm.
This improvement greatly improves the user experience, but also offers opportunities for illegal actors, who may look to services such as DEXs and bridges to disguise the illicit origin of their funds. To date, cybercriminals have sent more than $1 billion via DEX, and RenBridge alone has been used to launder more than $540 million in cryptoassets.
A bridge over troubled crypto waters
Two recent high-profile cases help illustrate these risks.
One was to hack Ronin Bridge – the cross-service that it works as part of Axie Infinity a blockchain-based video game network. In March 2022, hackers from a North Korean cybercrime group used Ronin Bridge to siphon off cryptoassets, including the USDC stablecoin, totaling $540 million.
After stealing the funds, the Lazarus group converted USDC to Ether on DEXs. From there, Lazarus Group transferred the new “pure” ETH it received to Tornado Cash, a crypto mixer that hides user funds and was sanctioned by the US Treasury Department on August 8.
The second case was related to the laundering of proceeds from ransomware. In the second half of 2021, a Russian cybercrime gang using the Conti ransomware strain generated more than $25.5 million in bitcoin revenue from its victims in just four months.
Earlier in 2022, Conti launched a series of ransomware attacks against the Costa Rican government, leading to a state of emergency in the country. In total, the Conti gang laundered more than $53 million in Bitcoin through RenBridge, which allowed them to transfer their ill-gotten funds to the Ethereum blockchain.
Exploitation of cross-chain services has attracted regulatory scrutiny. The US Treasury’s Office of Foreign Assets Control (OFAC) has added to its sanctions list several Ethereum addresses used by the Lazarus group to launder funds from the Ronin Bridge hack.
“Illegitimate actors often engage in the practice of ‘chain hopping’ to disguise the origin of their funds,” according to a ransomware report released in June 2021 by the US Treasury’s Financial Crimes Enforcement Network (FinCEN).
In June of this year, the Financial Action Task Force explained in a report on cryptoassets that: “DeFi protocols can be used to perform chain hopping, which can make it difficult to trace transactions.”
Fortunately, new technical capabilities are giving compliance teams insight into detecting and managing these risks. It is already standard practice for compliance teams to use block analysis solutions to screen crypto wallets and transactions for indications of illicit financial risks.
However, the first generation of blockchain analytics tools only offered a view of activity on a per-asset basis. The compliance team had to undertake separate checks to identify the risks associated with each individual cryptoasset it managed and could only gain insight into cross-chain flows through painstaking manual investigations.
Recently, a second-generation blockchain analytics tool was developed that provides a multi-asset view of risks allowing compliance teams to conduct a “holistic review”. With this new feature, a compliance analyst can review a wallet in a crypto-asset such as Ether and immediately gain insight into any exposure of the wallet to funds transferred through services such as DEXs and bridges.
This creates significant efficiency gains by eliminating the intensive manual work once required to identify these risks, while ensuring that firms maintain strong defenses against cross-chain laundering.
The final frontier
Compliance teams should take steps now to manage cross-chain risks. First, they should perform a risk assessment of their exposure across multiple chains. This should include an understanding of how their customers and products are exposed to risks from the flow of funds across multiple chains.
Second, compliance staff should receive training on cross-chain typologies and red flags so that they are equipped to file Suspicious Activity Reports (SARs) on this activity. Finally, compliance teams should have access to blockchain analytics capabilities that enable holistic screening, ensuring they have the ability to efficiently and in real-time detect cross-chain activity.
As always, bad guys will look for new methods to launder their ill-gotten gains, but when it comes to multi-chain crime, the law-abiding community has an opportunity to gain the upper hand.
Originally published by Thomson Reuters © Thomson Reuters.
Compliance Cross-Chain Global