At the least $21.8 billion in illicit or high-risk crypto has flowed by means of crosschain swaps, up from $7 billion in 2023, in response to estimates by UK-based blockchain analytics agency Elliptic. Elliptic attributes 12% of these actions to North Korea.
Crosschain swaps have been as soon as a distinct segment exercise reserved for superior merchants and decentralized finance (DeFi) customers, however they’ve developed right into a core element of cash laundering. Illicit actors not merely ship crypto by means of mixers or dump tokens on a single decentralized trade (DEX). These days, the funds transfer round a number of blockchains to frustrate investigators and evade detection.
This swift 211% enhance, from $7 billion to $21.8 billion, displays the rising use of blockchain bridges, DEXs and coin swap companies, in addition to the increasing variety of blockchains.
“Once you look again, let’s say a decade in the past, the first cryptocurrencies and blockchains on the market have been Bitcoin and Ethereum and some others,” Arda Akartuna, Elliptic’s APAC lead crypto menace researcher, informed Cointelegraph.
“It’s an more and more multichain ecosystem… that simply widens the out there property and the out there obfuscation channels open to criminals.”
Bridges are crosschain laundering highways
A single bridge transaction would possibly replicate peculiar person conduct, however patterns of structured or multi-hop exercise are crimson flags for coordinated efforts to interrupt the onchain path, Elliptic mentioned in its 2025 crosschain crime report printed on Wednesday.
Structured chain-hopping includes splitting funds and distributing them concurrently throughout a number of blockchains. Multi-hop chain-hopping is the act of transferring property from one chain to a different repeatedly. Each strategies are inefficient by design, and include excessive charges to be able to confuse investigators.
These strategies are more and more widespread in high-stakes laundering operations. In a single early 2025 case, hackers suspected to be linked to North Korea stole $75 million from an unnamed trade and bridged the funds in sequence from Bitcoin to Ethereum, then to Arbitrum, Base and at last Tron — using each structured and multi-hop ways.
Associated: From Sony to Bybit: How Lazarus Group grew to become crypto’s supervillain
These patterns are not restricted to state actors or large-scale thefts. In a separate case involving a $200,000 fraud within the UK, the now-convicted wrongdoer cut up funds throughout 90 completely different property on a number of chains to fund on-line playing.
Akartuna defined:
“This isn’t simply high-level exercise reserved for main hackers. You’ve acquired smaller-scale criminals utilizing chain hopping to launder funds — individuals funding playing habits or petty frauds. That’s how mainstream this tactic has develop into.”
Elliptic estimates that round a 3rd of blockchain investigations now contain tracing flows throughout not less than three completely different networks.
Crosschain laundering begins in DeFi
DEXs are sometimes considered as clear and traceable as they function on blockchains. Nevertheless, they’re more and more getting used as entry factors within the crypto laundering cycle, particularly when low-liquidity tokens are concerned.
DEXs are platforms the place such property will be swapped for extra extensively accepted tokens like USDt (USDT) or Ether (ETH) with out counting on centralized platforms that will implement Know Your Buyer (KYC) guidelines.
A case research by Elliptic in its 2025 crosschain crime report analyzed the Could 2025 exploit on Cetus — a serious liquidity supplier on the Sui blockchain — that enabled attackers to empty over $200 million in tokens. The attacker initially used a DEX to swap USDT to USDC, which Elliptic suspects was probably to benefit from decrease bridging prices.
Associated: Twice fortunate? Cetus’ restoration plan on Sui mirrors a Solana blueprint
These stablecoins have been then bridged to Ethereum, the place a DEX aggregator was used once more to transform the USDC into ETH. Centralized stablecoins like USDt and USDC have capabilities that permit their issuers to freeze funds. Ether, which is the native asset of the Ethereum blockchain, doesn’t inherently have that performance.
Criminals additionally exploit the open design of DEX aggregators and automatic market makers (AMMs) to route transactions in ways in which scale back slippage and keep away from detection. As an illustration, laundering flows typically move by means of a number of obscure buying and selling pairs earlier than settling in a liquid token. In lots of instances, these swaps are carried out in small batches or by way of sensible contracts to keep away from triggering Anti-Cash Laundering (AML) alarms.
Although DEXs will not be inherently crosschain, the excellence is turning into much less clear in newer companies as additionally they supply native cross-asset swaps, Elliptic mentioned.
Coin swap websites star in crosschain laundering
Coin swap companies function extra like underground foreign money changers. They permit customers to anonymously trade property throughout completely different blockchains with minimal friction, no registration, and infrequently no significant anti-money laundering (AML) checks. Because of this, these companies have develop into a go-to software for a variety of illicit actors, notably these working in darknet markets, ransomware networks and on-line carding fraud.
These platforms are distinct from bridges and DEXs in that they perform as centralized intermediaries however intentionally function in opaque or permissive jurisdictions. Many promote instantly on darknet boards and Telegram channels, typically promising to just accept “soiled BTC” or emphasizing their non-cooperation with regulation enforcement.
Some even supply companies like armed money pickups, cash counting, or “treasure” money drops, the place bodily foreign money is buried in pre-agreed places in trade for crypto.
Elliptic reported that round 25% of illicit and high-risk flows by means of coin swap companies are linked to on-line playing, particularly platforms missing mainstream licenses. Many of those websites, notably these tied to Russian-speaking and Southeast Asian operators, are additionally linked to scams equivalent to pig butchering and narcotics trafficking, making a closed loop of high-risk funds being recycled between illicit playing and laundering networks.
The cat-and-mouse instruments chasing crosschain laundering
Chain-hopping, as soon as a fringe tactic, is now routine. Laundering strategies that when relied on mixers or easy swaps have developed into complicated sequences that span a number of chains, tokens and platforms — typically structured to waste analysts’ time or break automated tracing.
Within the $75 million case Elliptic linked to North Korea, funds moved by means of 5 blockchains in speedy succession. Related patterns are exhibiting up in smaller frauds as nicely, suggesting that complexity itself has develop into the technique.
Tracing these actions nonetheless will depend on visibility — and a rising set of instruments. Platforms like Elliptic Investigator, Chainalysis Storyline and TRM Forensics are constructed to automate and visualize crosschain evaluation, whereas centralized stablecoin issuers reserve the power to freeze flagged property.
“It doesn’t matter in the event that they’ve tried to do it over 5 completely different blockchains or simply as soon as — we’re in a position to comply with these funds mechanically by means of our investigation instruments. One thing that’s actually handbook and would possibly take a number of hours, now you can do in mere clicks and minutes as a result of it’s all automated,” mentioned Akartuna.
It is an uneven match, however the infrastructure for combating crypto crime is adapting, too.
Journal: Inside a 30,000 cellphone bot farm stealing crypto airdrops from actual customers
