A minimum of $21.8 billion in illicit or high-risk crypto has flowed via crosschain swaps, up from $7 billion in 2023, in accordance with estimates by UK-based blockchain analytics agency Elliptic. Elliptic attributes 12% of these actions to North Korea.
Crosschain swaps had been as soon as a distinct segment exercise reserved for superior merchants and decentralized finance (DeFi) customers, however they’ve developed right into a core element of cash laundering. Illicit actors now not merely ship crypto via mixers or dump tokens on a single decentralized trade (DEX). These days, the funds transfer round a number of blockchains to frustrate investigators and evade detection.
This swift 211% improve, from $7 billion to $21.8 billion, displays the rising use of blockchain bridges, DEXs and coin swap providers, in addition to the increasing variety of blockchains.
“Once you look again, let’s say a decade in the past, the first cryptocurrencies and blockchains on the market had been Bitcoin and Ethereum and some others,” Arda Akartuna, Elliptic’s APAC lead crypto menace researcher, informed Cointelegraph.
“It’s an more and more multichain ecosystem… that simply widens the out there belongings and the out there obfuscation channels open to criminals.”
Bridges are crosschain laundering highways
A single bridge transaction may mirror strange person habits, however patterns of structured or multi-hop exercise are crimson flags for coordinated efforts to interrupt the onchain path, Elliptic stated in its 2025 crosschain crime report printed on Wednesday.
Structured chain-hopping includes splitting funds and distributing them concurrently throughout a number of blockchains. Multi-hop chain-hopping is the act of shifting belongings from one chain to a different repeatedly. Each strategies are inefficient by design, and include excessive charges with a view to confuse investigators.
These strategies are more and more widespread in high-stakes laundering operations. In a single early 2025 case, hackers suspected to be linked to North Korea stole $75 million from an unnamed trade and bridged the funds in sequence from Bitcoin to Ethereum, then to Arbitrum, Base and eventually Tron — using each structured and multi-hop techniques.
Associated: From Sony to Bybit: How Lazarus Group grew to become crypto’s supervillain
These patterns are now not restricted to state actors or large-scale thefts. In a separate case involving a $200,000 fraud within the UK, the now-convicted offender cut up funds throughout 90 completely different belongings on a number of chains to fund on-line playing.
Akartuna defined:
“This isn’t simply high-level exercise reserved for main hackers. You’ve bought smaller-scale criminals utilizing chain hopping to launder funds — folks funding playing habits or petty frauds. That’s how mainstream this tactic has develop into.”
Elliptic estimates that round a 3rd of blockchain investigations now contain tracing flows throughout at the least three completely different networks.
Crosschain laundering begins in DeFi
DEXs are sometimes considered as clear and traceable as they function on blockchains. Nevertheless, they’re more and more getting used as entry factors within the crypto laundering cycle, particularly when low-liquidity tokens are concerned.
DEXs are platforms the place such belongings will be swapped for extra broadly accepted tokens like USDt (USDT) or Ether (ETH) with out counting on centralized platforms which will implement Know Your Buyer (KYC) guidelines.
A case research by Elliptic in its 2025 crosschain crime report analyzed the Could 2025 exploit on Cetus — a serious liquidity supplier on the Sui blockchain — that enabled attackers to empty over $200 million in tokens. The attacker initially used a DEX to swap USDT to USDC, which Elliptic suspects was presumably to reap the benefits of decrease bridging prices.
Associated: Twice fortunate? Cetus’ restoration plan on Sui mirrors a Solana blueprint
These stablecoins had been then bridged to Ethereum, the place a DEX aggregator was used once more to transform the USDC into ETH. Centralized stablecoins like USDt and USDC have features that enable their issuers to freeze funds. Ether, which is the native asset of the Ethereum blockchain, doesn’t inherently have that performance.
Criminals additionally exploit the open design of DEX aggregators and automatic market makers (AMMs) to route transactions in ways in which scale back slippage and keep away from detection. For example, laundering flows usually cross via a number of obscure buying and selling pairs earlier than settling in a liquid token. In lots of circumstances, these swaps are carried out in small batches or by way of good contracts to keep away from triggering Anti-Cash Laundering (AML) alarms.
Although DEXs aren’t inherently crosschain, the excellence is turning into much less clear in newer providers as in addition they provide native cross-asset swaps, Elliptic stated.
Coin swap websites star in crosschain laundering
Coin swap providers function extra like underground foreign money changers. They permit customers to anonymously trade belongings throughout completely different blockchains with minimal friction, no registration, and sometimes no significant anti-money laundering (AML) checks. Because of this, these providers have develop into a go-to instrument for a variety of illicit actors, significantly these working in darknet markets, ransomware networks and on-line carding fraud.
These platforms are distinct from bridges and DEXs in that they operate as centralized intermediaries however intentionally function in opaque or permissive jurisdictions. Many promote immediately on darknet boards and Telegram channels, usually promising to just accept “soiled BTC” or emphasizing their non-cooperation with regulation enforcement.
Some even provide providers like armed money pickups, cash counting, or “treasure” money drops, the place bodily foreign money is buried in pre-agreed places in trade for crypto.
Elliptic reported that round 25% of illicit and high-risk flows via coin swap providers are linked to on-line playing, particularly platforms missing mainstream licenses. Many of those websites, significantly these tied to Russian-speaking and Southeast Asian operators, are additionally linked to scams equivalent to pig butchering and narcotics trafficking, making a closed loop of high-risk funds being recycled between illicit playing and laundering networks.
The cat-and-mouse instruments chasing crosschain laundering
Chain-hopping, as soon as a fringe tactic, is now routine. Laundering strategies that when relied on mixers or easy swaps have developed into complicated sequences that span a number of chains, tokens and platforms — usually structured to waste analysts’ time or break automated tracing.
Within the $75 million case Elliptic linked to North Korea, funds moved via 5 blockchains in speedy succession. Comparable patterns are exhibiting up in smaller frauds as properly, suggesting that complexity itself has develop into the technique.
Tracing these actions nonetheless is dependent upon visibility — and a rising set of instruments. Platforms like Elliptic Investigator, Chainalysis Storyline and TRM Forensics are constructed to automate and visualize crosschain evaluation, whereas centralized stablecoin issuers reserve the power to freeze flagged belongings.
“It doesn’t matter in the event that they’ve tried to do it over 5 completely different blockchains or simply as soon as — we’re capable of observe these funds robotically via our investigation instruments. One thing that’s actually guide and may take a number of hours, now you can do in mere clicks and minutes as a result of it’s all automated,” stated Akartuna.
It is an uneven match, however the infrastructure for preventing crypto crime is adapting, too.
Journal: Inside a 30,000 cellphone bot farm stealing crypto airdrops from actual customers