CryptaCount
EN
EnglishENDeutschDEEspañolESFrançaisFRItalianoIT日本語JA한국어KONederlandsNLPolskiPLPortuguêsPT
Log in Start Free

Cross-Chain Bridge AML Risk: $540M Laundered Through RenBridge

CryptaCount Editorial · · 5 min read
AML / KYC / LICENSING Cross-Chain Bridge AML Risk: $540MLaundered Through RenBridge

A single cross-chain bridge, RenBridge, has facilitated the laundering of at least $540 million in criminal proceeds since 2020, according to analysis published by blockchain intelligence firm Elliptic. The findings expose a structural gap in existing AML frameworks and carry direct implications for compliance teams, auditors, and CFOs at any firm with digital asset exposure.

What Cross-Chain Bridges Actually Do

The mechanics behind chain-hopping

Cross-chain bridges allow cryptoassets to move between separate blockchain networks without passing through a centralized intermediary such as a regulated exchange. Billions of dollars in assets have moved between Bitcoin, Ethereum, and other networks using bridge services. For legitimate users, bridges unlock liquidity and interoperability across the DeFi ecosystem.

For bad actors, the same mechanics serve a different purpose. Moving funds across chains, a technique commonly called "chain-hopping," breaks the traceability chain that on-chain investigators rely on. Until recently, chain-hopping required anonymity-friendly exchanges. As those platforms came under heavier AML regulation and customer identification requirements, decentralized bridges filled the gap.

Why decentralization complicates enforcement

Unlike a centralized exchange, a decentralized bridge has no single legal entity to regulate. Transactions are validated by a distributed network of pseudonymous participants, making it difficult for law enforcement to issue a subpoena or compel records. The Financial Action Task Force (FATF) has flagged chain-hopping in its guidance on virtual asset risks, but the regulatory architecture to address it directly does not yet exist in most jurisdictions.

What the RenBridge Data Shows

Scale of criminal flows

Elliptic's analysis identifies RenBridge as the primary cross-chain vehicle for laundering proceeds from theft, fraud, and ransomware. The headline figure of at least $540 million since 2020 breaks down across several distinct criminal categories.

Cryptoassets stolen from exchanges and DeFi protocols account for at least $267.2 million of that total. This figure includes $33.8 million taken from Japanese exchange Liquid in a 2021 attack that investigators have linked to North Korean state-sponsored actors. More recently, within hours of the $156 million exploit of the Nomad bridge, funds were already moving through RenBridge. At least $2.4 million from that single incident had already cleared through the bridge at the time of Elliptic's reporting.

Ransomware groups as active users

Over $153 million in ransomware payments has been laundered through RenBridge, making it a documented tool for organized cybercrime groups. Two groups are specifically quantified in the research. The Conti group, which conducted a ransomware attack against the Costa Rican government serious enough to prompt a national emergency declaration, laundered over $53 million through the bridge. The Ryuk group, responsible for attacks on hundreds of hospitals and schools over four years, laundered over $92 million, with activity continuing at the time of publication.

Why This Matters for Compliance Teams

Tracing across chains is now a baseline expectation

For firms using crypto accounting software or digital asset accounting software to book and reconcile on-chain transactions, the RenBridge findings illustrate a critical limitation: wallet-level screening at a single point in time does not capture cross-chain provenance. A wallet that appears clean on one network may hold assets that originated from criminal activity on another, routed through a bridge that left no centralized record.

This matters for auditors performing substantive testing on client crypto holdings, for CFOs approving treasury positions in DeFi protocols, and for compliance officers setting risk-scoring parameters. The blockchain analytics data quality checks your firm should be running need to explicitly account for cross-chain tracing capability, not just single-chain address screening.

Regulatory exposure under existing frameworks

Even without a bridge-specific regulatory regime, firms face exposure under existing rules. In the US, the Bank Secrecy Act and OFAC sanctions obligations apply regardless of how funds move between chains. A firm that receives, holds, or accounts for assets traceable to a sanctioned actor, whether through a bridge or any other route, carries the same liability. OFAC SDN cryptocurrency address obligations for compliance teams do not have a cross-chain carve-out.

In the EU, the Markets in Crypto-Assets Regulation and the forthcoming AML package place due diligence obligations on crypto-asset service providers. While bridges themselves may fall outside current CASP definitions, any CASP that receives bridged assets sits squarely within scope. The Huione Group illicit marketplace case demonstrated how layered transaction structures across multiple networks can be used to obscure criminal origin, and regulators on both sides of the Atlantic are paying attention.

For a broader look at how illicit stablecoin and cross-network flows are creating compliance pressure, see our coverage of the Huione Group illicit marketplace and USDH stablecoin AML risk.

What firms should review now

Three practical steps follow directly from this analysis. First, confirm that any blockchain analytics provider your firm relies on has cross-chain tracing capability, not just single-ledger coverage. Second, review counterparty onboarding criteria to include questions about DeFi bridge usage, particularly for institutional clients with active on-chain treasury strategies. Third, update your transaction monitoring typologies to flag large inbound transfers from known bridge contract addresses, even where the receiving wallet shows no prior risk flags.

Firms using crypto bookkeeping software that integrates with blockchain data feeds should verify that cross-chain attribution is part of the data pipeline, as a gap there can produce clean-looking books that do not reflect real-world provenance risk.

The Broader Regulatory Trajectory

FATF guidance has identified chain-hopping as a risk vector, but formal regulatory requirements targeting bridges specifically remain limited. What is clear is that the direction of travel points toward greater scrutiny of the DeFi layer, not less. Regulators in the US, EU, and UK have each signaled interest in extending AML obligations further into decentralized infrastructure.

For compliance functions, the practical implication is straightforward: do not wait for bridge-specific rules before extending tracing and due diligence to cross-chain flows. The underlying obligations, whether under OFAC, BSA, MiCA, or national AML transpositions, already reach the assets regardless of the route they traveled.

Source: Elliptic

GLOBALUSEU#defi#wrapped_tokensEnforcementAML/KYC & Licensing

FAQ

What is a cross-chain bridge and why does it create AML risk?

A cross-chain bridge is a protocol that moves cryptoassets between separate blockchain networks without routing them through a centralized exchange. Because there is no central operator to compel, issue records to, or regulate directly, bridges can be used to obscure the origin of funds, a technique regulators call chain-hopping. The resulting break in the on-chain audit trail creates a tracing gap that standard single-chain screening tools may miss entirely.

Does my firm have AML exposure if a client's funds passed through a cross-chain bridge?

Potentially, yes. Existing obligations under frameworks such as the Bank Secrecy Act in the US, AMLD6 in the EU, and equivalent national regimes do not exempt assets because they were transferred via a bridge. If funds received or held by your firm are traceable to sanctioned parties or criminal activity, the compliance risk is the same regardless of how those funds moved between chains.

What should we look for when evaluating blockchain analytics providers?

The most critical question is whether the provider can trace funds across multiple blockchains in a single query, not just within a single ledger. Providers whose coverage is limited to one chain at a time will produce incomplete risk scores for any asset that has passed through a bridge. Ask specifically about cross-chain attribution methodology and how frequently bridge contract addresses are updated in the underlying dataset.

How does this affect transaction monitoring for firms using digital asset accounting software?

Digital asset accounting software that pulls on-chain data for reconciliation purposes may correctly record a transaction as settled without flagging its cross-chain provenance. Compliance teams should treat accounting records and AML screening as separate layers, ensuring that inbound transfers from bridge contract addresses are subject to additional review before being treated as clean for booking purposes.

Is there a specific regulatory rule that governs cross-chain bridges?

As of the date of this article, no jurisdiction has enacted regulation that targets decentralized cross-chain bridges as a defined regulated category. However, FATF guidance identifies chain-hopping as a virtual asset risk vector, and obligations that attach to the assets themselves, including OFAC sanctions and BSA/AML requirements, apply regardless of how those assets moved between chains. Regulatory attention to this gap is increasing across the US, EU, and UK.

Related articles

AML/KYC & Licensing
Five Crypto Financial Crime Typologies for FI Compliance Programs
AML/KYC & Licensing
Huione Guarantee: $11B USDT Marketplace and the AML Obligations It Creates
AML/KYC & Licensing
AML Compliance Risks: Mixers and Privacy Wallets in Crypto Screening
AML/KYC & Licensing
Huione Group: World's Largest Illicit Marketplace and the USDH Stablecoin Risk