Cross-Chain Laundering Escalates: Hackers Convert Tens of Thousands of ETH into BTC via THORChain

DeFiTHORChaincrypto securityAMLKYTblockchain analysis

Hackers Are Upgrading Their Laundering Techniques

On-chain data shows that crypto hackers are increasingly using cross-chain protocols like THORChain to move stolen assets from Ethereum to Bitcoin.

In one case, the KelpDAO-related attacker converted 75,700 ETH into BTC in a single day. Another Balancer exploit attacker has also been actively converting ETH into BTC.

Why Is Cross-Chain Becoming a Laundering Path?

Traditional laundering relies on mixers or address fragmentation on a single chain. Cross-chain protocols introduce a new layer of complexity by enabling direct asset movement between blockchains.

Key characteristics include:

  • Rapid asset conversion across chains
  • Reduced traceability in intermediate steps
  • Increased complexity in transaction graphs

This significantly challenges existing compliance systems.

Why THORChain Is Being Used

THORChain is a decentralized liquidity protocol that enables cross-chain swaps without custodial intermediaries. While this improves capital efficiency, it also creates opportunities for misuse.

In multiple cases, attackers have used THORChain to quickly convert ETH into BTC to reduce traceability.

Hackers Are Optimizing Asset Structures

Rather than simply moving funds, attackers are increasingly optimizing asset composition:

  • ETH → BTC to reduce smart contract traceability
  • Fragmented holdings → consolidated liquid assets
  • On-chain exposure → harder-to-freeze asset forms

This reflects a more sophisticated financial strategy behind crypto crime.

How KYT Addresses Cross-Chain Risks

In a cross-chain environment, traditional single-chain monitoring is insufficient. Critical risks often emerge at chain transition points.

Trustformer KYT enables:

  • Cross-chain fund path reconstruction
  • Multi-chain address correlation
  • High-risk flow tracking
  • Cluster-based hacker fund identification

This restores visibility across fragmented blockchain ecosystems.

DeFi Infrastructure Enters a Risk Reassessment Phase

Protocols like THORChain improve liquidity but also introduce regulatory challenges. When assets move freely across chains, traditional AML models lose effectiveness.

As a result, DeFi infrastructure may face increasing scrutiny, particularly around cross-chain liquidity and compliance visibility.

About Trustformer

Trustformer is a leading blockchain security and compliance technology company specializing in providing professional risk management and compliance solutions for the global cryptocurrency ecosystem. We have developed the cutting-edge Trustformer KYT (Know Your Transaction) platform, which integrates artificial intelligence, blockchain analytics, and regulatory technology to deliver comprehensive, accurate real-time transaction monitoring, risk assessment, and suspicious activity reporting services.

With deep industry expertise and technological innovation, Trustformer is dedicated to helping Virtual Asset Service Providers (VASPs), crypto financial institutions, and investors build a safer and more transparent crypto financial environment. We believe that driving compliance and trust through technology can contribute to the thriving growth of the global digital economy.