Silke Mayr Privacy remains a key concern for cryptocurrency users who wish to conceal their transactions. Cryptocurrency mixers have become popular tools for this purpose. These mixers blend digital currencies in pools, making it nearly impossible to trace the original wallets. One notable case is the 2022 blacklisting of Tornado Cash by the U.S. Treasury. Authorities accused Tornado Cash of facilitating billions in money laundering, including transactions linked to North Korean criminal entities.
North Korean Involvement with Mixers
U.S. law enforcement alleges that the North Korean hacker collective, Lazarus Group, uses mixers like Blender.io, Tornado Cash, Railgun, and Sinbad.io to launder stolen cryptocurrency. Reports suggest over $700 million from blockchain hacks has been laundered through these mixers. Targets of these attacks include Axie Infinity, Atomic Wallet, and Harmony Bridge. The Wall Street Journal reports that Lazarus Group has stolen more than $3 billion in cryptocurrency.
The U.S. Treasury has sanctioned several mixers, but Railgun remains unsanctioned. Recent investigations link Digital Currency Group (DCG) to Railgun’s activities. Forbes, with data from blockchain analytics firm ChainArgos, revealed that DCG received $436,906 in fees from Railgun between June 2023 and now. This amount accounts for 18% of the $2.4 million total fees paid out by the mixer. Elliptic estimates that Railgun may have laundered up to $60 million for Lazarus Group in 2023.
The Harmony Hack
In June 2022, Lazarus Group reportedly stole $100 million in cryptocurrency from Harmony’s blockchain bridge. The hackers compromised an administrator’s cloud storage password to access private keys safeguarding client assets. According to Elliptic, the stolen funds remained untouched for seven months. Between January 11 and 14, 2023, approximately 41,647 ETH was funneled into the Railgun Relay Contract through 71 separate accounts. The funds passed through 184 intermediary accounts before being deposited into exchanges like Huobi, Binance, and OKX.
On April 16, 2024, Railgun denied allegations of its involvement in laundering. Despite this, Railgun’s usage surged in early 2023. Previously handling 1 to 5 Ether daily, the platform processed 41,000 Ether on January 13, coinciding with the suspected laundering.
DCG’s Investment in Railgun
In January 2022, DCG invested $10 million in Railgun, acquiring 5 million RAIL tokens. The value of these tokens later dropped to about $3.9 million. DCG staked its tokens, enabling it to vote on key decisions and receive a share of network fees. The staked tokens were distributed across five Ethereum wallets.
DCG also contributed $7.1 million in DAI, a stablecoin, to Railgun’s treasury to support operations. This investment is one of the few instances of a major investor supporting a decentralized autonomous organization (DAO) without direct oversight.
Forbes estimates that North Korean laundering activities generated a fee pool of at least $260,000 by January 21, 2023. DCG did not claim its share until June 2023, during which 26 other blockchain addresses withdrew fees from Railgun. Critics speculate that DCG delayed claiming its fees to distance itself from suspected illegal activities. However, ChainArgos CEO Jonathan Reiter remarked, “If fees derived from laundering can be deemed legal by merely delaying a claim, law enforcement would not view this favorably.”
Despite the timing, Railgun’s code automatically ties accrued fees to staked addresses. Matthew Sampson, co-founder of Gray Wolf, stated, “There is clear evidence that DCG claimed rewards from the alleged laundering incident of January 2023.”
Challenges in Compliance
DCG’s involvement highlights the difficulties decentralized finance (DeFi) platforms face in balancing privacy with compliance. Many DeFi proponents argue that their platforms’ decentralized nature limits their responsibility for criminal activity. However, regulators, particularly in the U.S., often reject this argument.
U.S. authorities’ guidance on the Bank Secrecy Act requires virtual currency sector participants to avoid transactions with sanctioned individuals. A representative from the IRS Criminal Investigation unit noted that DeFi platforms need continuous development and oversight to combat criminal activity effectively.
Due to resource constraints, violations frequently go undetected. Amanda Wick, a former regulator, emphasized that the Financial Crimes Enforcement Network is understaffed, overseeing thousands of money services businesses, including crypto exchanges.
Railgun has made efforts to improve its regulatory standing. In May 2023, it partnered with Chainway Labs to develop “Proof of Innocence.” This system allows users to prove cryptographically that their tokens do not originate from sanctioned wallets. However, bad actors can create unsanctioned wallets to bypass this safeguard.
Patrick Tan, General Counsel at ChainArgos, commented, “A permissionless system cannot be compliant; you will always lag behind in identifying and banning bad actors.”