August 25, 2022
In 2018, in response to the blockchain ecosystem’s progression past the mono-chain era of Bitcoin, TRM Labs introduced cross-chain analytics, which for the first time allowed investigators to trace flows of funds not just within blockchains but across blockchains. Now, as rapid chain-hopping through bridges and other automated services has gained popularity among licit and illicit actors alike, TRM has launched TRM Phoenix to help investigators keep pace as they work to track down stolen and hacked funds and proceeds of other financial crimes.
TRM Phoenix enables automated tracing through more than a dozen of the most popular bridges and cross-chain services. With the recent expansion, TRM has the largest bridge coverage for automated cross-chain tracing. Set against the backdrop of TRM’s industry-leading blockchain coverage — 23 in total — and native multi-chain architecture, the addition of Phoenix makes TRM the preferred tracing tool for investigators of sophisticated cryptocurrency-related crime.
Chain-hopping: one of the fastest-growing money laundering typologies
Cross-chain bridges, which enable the transfer of assets from one blockchain to another, are viewed as an essential innovation in web3; they allow previously isolated blockchains to share information with each other, driving critical interoperability.
But the explosive growth of cross-chain bridges and other similar services in 2022 has made cross-chain transfers much faster, easier, and more anonymous. According to open sources, the use of cross-chain bridges experienced an 89% growth surge during the end of 2021, and currently, more than $9 billion dollars worth of cryptocurrency is locked in the liquidity of Ethereum bridges alone.
Threat actors have capitalized on this shift by doubling down on chain-hopping as an obfuscation technique when converting proceeds of financial crime into “clean” crypto assets. TRM analysis shows that in the first eight months of 2022, more than $1.2 billion of illicit cryptocurrency moving via cross-chain bridges.
Chain-hopping can make it harder for services like exchanges to detect that incoming funds from a depositor are tied to an exploit or other illicit activity, which they would normally freeze or report to law enforcement.
Previously, moving funds across blockchains was primarily executed through the use of custodial token swap services, traditional exchanges, and trading services. Investigators attempting to follow the money had some success tracing cross-chain flows manually in these scenarios, but the advent of bridges and other automated, anonymized services — which often deploy complex code on unfamiliar protocols — posed challenges for even the most experienced crypto investigators.
TRM Phoenix automates cross-chain tracing to meet speed and frequency of cross-chain activity
Recognizing that the threat landscape was changing, TRM Labs leveraged its native cross-chain architecture to transform how investigators trace across blockchains and provide the industry’s most robust solution to the challenges posed by bridges and cross-chain services.
TRM Phoenix provides automated tracing through more than a dozen of the most popular bridges and services, empowering investigators to recast tedious, multi-chain investigations into single-graph investigations that are faster and more accurate.
“Hitting a bridge in an investigation used to result in either a complete dead-end or weeks of digging through bridge explorers and protocols— often only to get to a partial answer,” said Jennifer Vander Veer, formerly a special agent with the FBI, now a product strategist at TRM Labs. “Phoenix provides a revolutionary alternative by allowing investigators to immediately follow pre-traced flows through bridges and visualize the activity on all chains in a single graph solution.”
For example, in November 2021, decentralized finance protocol bZx announced that one of their developers was the victim of a phishing attack, enabling the attacker to gain control of the developer’s wallet and bZx’s Binance Smart Chain and Polygon deployment protocol. The attacker drained approximately $55 million from wallets on the Binance Smart Chain, Polygon, and Avalanche blockchains before bZx was able to take action. After gaining control of the funds on those chains, the attacker used at least four cross-chain bridges to move the stolen cryptocurrency to the Ethereum blockchain.
In this case, TRM Phoenix enabled investigators to trace through bridges in the click of a button and to visualize the movement of funds from one blockchain to another in a single, seamless graph.
The ability to trace cross-chain flows in a matter of minutes — versus the days and weeks required by manual cross-chain tracing techniques — is key for investigators because it greatly improves the chances that stolen funds can be traced to and frozen by an intermediary before being cashed out.
The feature is available to all users of TRM Forensics and is actively being deployed by law enforcement customers and by TRM’s Incident Response team, which was recently retained by Nomad and Slope Finance to assist with funds recovery efforts following exploits that resulted in the loss of funds totaling $190 million and $4.1 million, respectively.
TRM is continuously adding bridges and services to the Phoenix portfolio, providing the largest coverage for automated cross-chain tracing. As the use of cross-chain laundering techniques like chain-hopping evolves, TRM will continue to:
- Enable investigators to conduct rapid, automated cross-chain tracing, improving the chances that the funds will be frozen or recovered.
- Provide compliance analysts an integrated, consolidated view of cross-chain exposure on their platforms to avoid the blindspots of viewing isolated risk from singular chains.
- Equip regulators to better understand latent risks across blockchains and to pursue effective safeguards in the ecosystem.
About TRM Labs
TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses, and public agencies detect, investigate, and manage crypto-related fraud and financial crime. TRM's risk management platform includes solutions for transaction monitoring and wallet screening, entity risk scoring - including VASP due diligence - and source and destination of funds tracing. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.