ThetaRay CEO: Cross-Chain Gaps Are Crypto's AML Blind Spot

Cross-chain compliance gaps at blockchain bridges represent the most dangerous anti-money laundering blind spot in crypto today, according to ThetaRay CEO Brad Levy. The warning arrives as AML enforcement fines in the sector have already exceeded $900 million in the first half of 2025, and regulators are tightening rules for stablecoin issuers under the GENIUS Act.

Levy describes the problem as the Cross-Chain Compliance Gap: the moment assets move from Ethereum to a Layer 2 or alternative chain, transaction data fragments at the crossing point. Legacy bank AML systems and blockchain analytics tools each see only their own side. Neither sees the bridge.

How Bridges Reset Financial History for Illicit Actors

Levy describes L2s and blockchain bridges as reset buttons. Funds crossing from Ethereum to a Layer 2 or from one chain to another lose their financial history at each hop. By the time a legacy bank flags a fiat withdrawal as suspicious, the money has already moved through multiple chains.

TRM Labs has documented that most illicit actors in 2026 move assets through bridges and privacy tools within minutes. The structural problem: retail bank AML sees fiat, blockchain analytics tools see the crypto side, and neither sees the bridge.

“Somewhere between where Ethereum ends and an L2 or alternative chain begins, the data becomes fragmented as the money moves through blockchain bridges,” Levy said.

“Criminals understand that a retail bank’s AML system isn’t talking to a Solana explorer in real time,” he added. “They reset their financial history by leveraging the complexity of L2s and bridges.”

The Mechanism That Makes Bridges Dangerous

Traditional rule-based systems flag large fiat withdrawals or deposits above a threshold. They cannot correlate those with on-chain activity across multiple chains. Blockchain analytics tools can trace crypto transactions but have no visibility into the fiat side. The bridge sits in the middle, unmonitored by either system.

Levy argues that this gap is the primary enabler for illicit actors in 2026. The fragmentation is structural, not a bug that a software patch can fix. It requires a new monitoring architecture that follows the individual, not the transaction rail.

The £134,000 Case Study: Why Rule-Based Systems Miss the Pattern

ThetaRay recently flagged a UK retail customer declared as a packer, an occupation not associated with high-volume financial activity. The system found she had received over £134,000 from nearly 40 counterparties, including nine companies with no previous history. She then executed regular crypto purchases multiple times a month, often on consecutive days.

“While traditional rule-based systems would have classified these as isolated transfers, our AI connected the dots and flagged them as an unlicensed crypto exchange or illicit investment portal,” Levy said.

The case illustrates how cross-chain compliance gaps allow illicit flows to persist. The customer’s fiat inflows appeared fragmented. The pattern of crypto purchases and the number of counterparties pointed to a structured operation. A legacy system would have missed the connection because it never saw the crypto purchases as linked to the fiat inflows.

GENIUS Act and $900M in Fines: The Regulatory Trajectory

Crypto.news has reported on AML becoming the dominant enforcement axis in crypto in 2026, with fines exceeding $900 million in the first half of 2025 alone. CertiK research shows AML enforcement overtook securities classification as the primary risk axis for crypto businesses in 2026.

The US Treasury has proposed AML rules for stablecoin issuers under the GENIUS Act, treating payment stablecoin operators as financial institutions under the Bank Secrecy Act. Levy sees the direction as unambiguous.

“If there are any blind spots between fiat and crypto over the next year, they will be viewed as governance failures,” he said.