North Korean and Russian hackers are using the RenBridge to funnel more than $170m worth of crypto.
The RenBridge, a cross-chain bridge, has accounted for at least $540mil in laundered cryptocurrencies since 2020, says crypto asset risk management firm Elliptic.
A key technology to solving issues of blockchain interoperability, cross-chain bridges act as a decentralised highway between blockchains, allowing investors to discreetly move funds between different protocols.
Established in 2017, by Taiyang Zhang and Loong Wang, the Ren is a cross-chain bridge-building project, facilitating crypto-to-crypto transfers such as Ethereum to bitcoin through its RenVM and RenBridge solutions.
Despite the positive innovation stemming from cross-chains, they also provide "unregulated alternatives" that are "embraced by criminals", Elliptic's report suggests.
According to their analysis, the RenBridge has been used by criminals for crypto asset theft, fraud and ransomware, with more than $267m cryptos laundered from DeFi exchanges via the RenBridge over the past two years.
Notable exploits using the RenBridge include $33.8m stolen from Japanese crypto exchange Liquid by North Korean hackers in August 2021. Data from Chainalysis suggests that $1bn of crypto thefts can be traced back to North Korea.
Other heists associated with the RenBridge include $145m stolen by the Conti and Ryuk cybergroups, two gangs operating under the Russian Wizard Spider organisation.
(Monthly volume of proceeds of crime transferred between Bitcoin and Ethereum using Ren Bridge (Figures are lower-bounds. Data from Elliptic Nexus)
Elliptic's report comes a week after the Nomad cross-chain hack that wiped $200m from the cross-bridge platform. Like the RenBridge, Nomad functions as a pathway between blockchains such as the Ethereum, Avalanche and Moonbeam (GLMR) platforms.
The Nomad hack represented the seventh major coss-chain hack this year, with 4 out of the top crypto heists of all time occurring on cross-chain bridges.
In February, the Wormhole bridge that connects the Ethereum and Solana ecosystems experienced a $320m heist. A month later blockchain gaming firm Axie Infinity went down as its Ronin cross-chain bridge was bereft of $622m in a hack.
(Elliptic: Cross-chain bridge hacks)
Like any bridge, cross-chains are weakest at their centre.
As Arda Akartuna, a threat analyst at Elliptic tells AltFi: "Cross-chain bridges are active on a wide number of different blockchains and there is a lot of liquidity in between either side of them [bridge connection points]".
This makes cross-chain bridges a "lucrative" enterprise for cybercriminals since there is a "huge" amount of funds stored in the smart contracts that represent the cryptos transferred from one blockchain to another, Akartuna explains.
From a regulators perspective, cross-chain bridges are more "difficult to find for auditors", Akartuna adds.
Cross-chain bridges cater to DeFi entities, making the identities, nature of transactions and destinations of funds difficult to trace. Central to tracing difficulties is the 'chain-hopping' phenomenon that manifests on cross-chains, where criminals can swap funds across different cryptos to obscure their fund trails.
In light of Elliptic's launch of its Holistic Screening solution for cross-chain compliance, which is designed to achieve new standards for crypto compliance, Elliptic's co-founder and chief scientist Tom Robinson said: "Individual crypto assets and blockchains are no longer isolated systems, and have become a part of a larger interconnected crypto economy.
Through Elliptic's Holistic Screening, illicit activities on cross-chains can be tracked, helping compliance teams and regulators deal with the ongoing attacks by cybercriminals on weaknesses within blockchains.
Ren have not responded to a request for comment.