DCG has received approximately $430,000 in funding from the mixer Railgun since June of last year. Investigations indicate that Railgun may be involved in illegal money laundering activities linked to the North Korean hacker group Lazarus Group.
Written by: Javier Paz, Forbes Magazine Reporter
Translated by: Luffy, Foresight News
In the world of cryptocurrency, privacy is a significant issue. For those who wish to hide certain activities, there exists a tool known as a cryptocurrency mixer that helps asset owners conceal their identities. The basic operation of a mixer is to combine deposited cryptocurrencies into a pool of funds, severing the link to the original cryptocurrency wallet, making it impossible to trace the original source of the funds. In 2022, the most "notorious" mixer, Tornado Cash, was sanctioned by the U.S. Treasury due to its alleged involvement in laundering billions of dollars for criminals, including a hacker organization from North Korea.
U.S. law enforcement agencies state that a North Korean hacker group known as Lazarus Group has been using mixers such as Blender.io, Tornado Cash, Railgun, and Sinbad.io to launder stolen cryptocurrencies. The following chart shows that mixers have been used to launder $700 million in stolen funds from blockchain applications, such as the online game Axie Infinity, wallet software Atomic Wallet, and the cross-chain bridge Harmony Bridge. Harmony Bridge is a tool that allows users to transfer token assets from one blockchain, Harmony, to other blockchain networks like Ethereum. According to The Wall Street Journal, Lazarus has stolen over $3 billion worth of cryptocurrency in total.
The chart below lists some incidents of hacking (in red) and mixing (in green) suspected of money laundering in chronological order. The green numbers do not always equal the red numbers, as the funds stolen by hackers do not always equal the laundered funds, and some funds may have been laundered more than once.
Lazarus Group cryptocurrency hacking incidents, data source: FBI, U.S. Treasury, compiled by Forbes Magazine
The Harmony Bridge hack is notable because, unlike the other mixers mentioned above, U.S. law enforcement has not yet sanctioned Railgun. The Treasury did not respond to requests for comment regarding Railgun. However, new information suggests that the Digital Currency Group (DCG), which manages a fund with $25 billion in cryptocurrency, may have profited from money laundering through Railgun. Forbes conducted a two-month investigation supported by data from blockchain intelligence firm ChainArgos, revealing that DCG has received $436,906 from Railgun from June 2023 to the present. This figure accounts for 18% of Railgun's total expenditures of $2.4 million during this period. According to cryptocurrency forensics firm Elliptic, the mixer Railgun may have participated in laundering up to $60 million for the Lazarus Group in 2023. A spokesperson for DCG declined to comment on the matter. Forbes has repeatedly sought comments from Railgun but has not received a response.
Harmony Hack Incident
In June 2022, according to the FBI, the North Korean hacker group Lazarus Group stole $100 million worth of cryptocurrency from Harmony's blockchain cross-chain bridge, including Ethereum, USDC, WBTC, and 11 other tokens. The hackers executed the attack by exploiting a cloud storage program password leaked by a cross-chain bridge administrator, then used that program to steal the private keys protecting customer asset transfers, resulting in a massive theft. Elliptic stated, "After the stolen funds sat idle for seven months, between January 11 and 14, 2023, 41,647 ETH was sent to Railgun's relay contract through 71 accounts." The exit strategy used by Lazarus Group through Railgun was traced back to "184 intermediary accounts, which then deposited into multiple centralized cryptocurrency exchanges, primarily flowing to Huobi, Binance, and OKX."
On April 16, 2024, Railgun, based in the UK, denied the alleged mixing activities, stating, "This is not true; this is false reporting." Nevertheless, the usage and fees of Railgun saw a significant increase in early 2023. Historically, the amount of cryptocurrency mixed by Railgun ranged from 1 to 5 ETH per day. On January 13, 2023, the mixing volume surged to 41,000 ETH, coinciding with the suspected money laundering activities, and Railgun's mixing volume has not reached that level since.
DCG's Investment in Railgun
In January 2022, DCG invested $10 million in Railgun and received 5 million RAIL (the native token of the Railgun network). Based on recent prices, DCG's investment in RAIL is now worth $3.9 million, a decline of over 60%. DCG staked these tokens, which means DCG used the tokens as collateral for the protocol, granting it the right to vote on significant business decisions for the protocol's future and to receive a portion of the network fees paid by users. DCG's RAIL tokens are stored in five separate Ethereum wallets:
- 0x5348b77cF55B90147CbB6a938e0058DD25cbF0CA
- 0x3decD5DA4bC6489dfe1e73d0469c59f281ED8811
- 0x54Aa22EaCB1da8Ee635Ab0E94C8DA77F49916b4E
- 0x02698237DDC5Cf63660DA2cfD10934C911433724
- 0xE82f012dd671f94094d0c33D9E8c99330D1D2B79
Additionally, DCG donated $7.1 million worth of DAI stablecoins to Railgun's protocol treasury, which is pegged to the value of the U.S. dollar for general business purposes. "It is rare for large investors to send funds to a completely decentralized DAO treasury to support a project without requesting any management keys or becoming part of a multi-signature team," said Edward Fricker, a lawyer who consulted for Railgun on the transaction, in a statement at the time.
According to data from ChainArgos and Elliptic, Forbes calculated that the $60 million transaction linked to the North Korean hacker group suspected of money laundering would incur at least $260,000 in fees, which could be withdrawn from Railgun's fee pool as of January 21, 2023. However, DCG did not request its share of Railgun fees until June 2023. During this period, 26 other wallet addresses also requested fees from Railgun.
Did DCG deliberately wait five months to request fees to distance itself from the alleged illegal activities? DCG did not respond to Forbes. ChainArgos CEO Jonathan Reiter stated, "If it only takes a few weeks to legally obtain fees from a mixer for laundered proceeds, law enforcement would certainly not be pleased."
But that is not the point. Railgun's code automatically binds accumulated fees to the staking address or recipient address. Matthew Sampson, co-founder of blockchain analytics firm Gray Wolf, stated, "There is compelling evidence that DCG benefited from the alleged money laundering incident in January 2023." "Railgun's smart contract specifies who should receive rewards, and the reward tokens for that period were reserved for DCG, which can be claimed at any time."
The following chart shows the fee rewards recently paid by Railgun to DCG's wallet. The fee income from the mixer does not all come from the alleged money laundering activities.
Railgun rewards to DCG, data source: Forbes compilation of Ethereum and Arkham data
The rewards earned from the staked RAIL in the aforementioned five wallets were delegated to the address 0xFED429FB7d243380B25bC11B10561D5A27f42D8E, through which the specific address information for DCG receiving Railgun rewards can be queried. Each receiving address received reward tokens in the form of three types of tokens: stablecoin DAI (49%), governance token RAIL (30%), and a wrapped ETH (WETH, 21%). One stablecoin is equivalent to one unit of a specific fiat currency, in this case, the U.S. dollar. The RAIL governance token grants holders voting rights on protocol proposals, similar to proxy voting in traditional stock companies. WETH is a "wrapped" ETH, valued at the same as ETH, allowing it to be transferred across multiple blockchain protocols without being limited to its native Ethereum protocol.
DeFi Compliance Challenges
DCG's alleged involvement in the Railgun money laundering incident is just one example illustrating how decentralized finance (DeFi) applications in cryptocurrency—those that mimic banking functions on the blockchain—struggle to balance the need for privacy tools with the need to prevent bad actors from entering their systems. The creators of these platforms often claim that they are decentralized, thus not controlled by anyone and do not restrict anyone. However, this explanation is rarely accepted by law enforcement officials, especially in the United States.
According to the guidance on responsibilities under the Bank Secrecy Act released by U.S. authorities in October 2021, "members of the virtual currency industry are responsible for ensuring that they do not directly or indirectly engage in transactions prohibited by the U.S. Treasury's Office of Foreign Assets Control (OFAC), such as trading with frozen individuals or properties, or engaging in prohibited trade or investment-related transactions." A spokesperson from the IRS Criminal Investigation Division specifically mentioned to Forbes regarding DeFi projects, "These platforms require ongoing maintenance and development to keep up with technological advancements and to prevent criminals, which necessitates the companies behind DeFi platforms to oversee what happens on the platform and ensure compliance with laws and regulations."
Violations of the Bank Secrecy Act are often difficult to detect, partly due to the understaffing of the U.S. government. "The Financial Crimes Enforcement Network has been under-resourced for years, with at most 10 people responsible for overseeing thousands of money service businesses, including cryptocurrency exchanges, some of which transfer trillions of dollars annually," said Amanda Wick, a former regulator with the U.S. Department of Justice and head of Incite Consulting.
"The government is short-staffed, and crime rates are rising," added Victor Fang, CEO and co-founder of blockchain analytics firm Anchain, who works closely with the IRS Criminal Investigation team tracking financial crimes. "In the U.S. alone, law enforcement has 50,000 cases waiting to be processed, so how are they supposed to use Chainalysis or other data providers to help handle these cases? It's impossible."
Railgun appears to be developing a technological solution to enhance its compliance. In May 2023, Railgun partnered with Chainway Labs, the creator of "proof of innocence," to launch new features that make it more compliant with regulatory requirements. The proof of innocence solution, also known as a privacy pool, allows users to choose whether to provide cryptographic proof that their tokens do not originate from sanctioned wallets. The idea is that good actors provide evidence while bad actors stay away from it. The problem is that bad actors can easily create a large number of new, non-sanctioned wallets, layering them away from their illegal activities to circumvent such solutions.
Patrick Tan, Chief Legal Officer of ChainArgos, stated, "It is impossible to have a compliance system that is permissionless; otherwise, you will always be one step behind when it comes to blacklisting or trying to catch bad actors."
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
