RailGun, a privacy-focused cryptocurrency tool, is in the spotlight following both praise from Ethereum co-founder Vitalik Buterin and its use by North Korean hackers.
The Lazarus Group, which is allegedly linked to the North Korean government, uses Railgun to launder stolen funds.
Is RailGun a Double-Edged Sword?
Eliptic’s January 2023 report reveals that the Lazarus Group switched to using RailGun after the US Treasury imposed sanctions against Tornado Cash. This move was in response to their preferred money-laundering tool being targeted.
The group had used Tornado Cash to obfuscate their theft of over $100 million from the Harmony Horizon Bridge in June 2022. Now, the FBI has confirmed that the Lazarus Group used RailGun to launder over $60 million worth of Ethereum from that same theft.
The Lazarus Group’s exploitation of RailGun, seen as a key alternative to Tornado Cash, highlights the ongoing battle between individual privacy and preventing criminal activity within the crypto sector. This incident adds a compelling data point to the broader debate about blockchain regulation, anonymity protocols, and the risks they pose to the financial system.
Read more: Top 7 Tornado Cash Alternatives in 2024
Furthermore, Elliptic’s investigation traced the movement of the stolen Horizon Bridge funds. Despite attempts to obscure their origin, the hackers’ heavy reliance on RailGun rendered their mixing attempts less effective.
“Imagine if you threw five pennies into a jar full of 100 pennies, it would be extremely difficult for someone to determine which pennies were yours. However, if you threw 70 pennies into a jar with only 30 other pennies in it, then there would be a higher chance of linking those 70 specific pennies back to you. Mixers work in a similar way: when the anonymity set – or volume of other funds in the mixer is low – it makes the mixer less effective at concealing disproportionately large funds transfers.”
Moreover, blockchain security analysts at RailGun told BeInCrypto that if an address appears on the Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals And Blocked Persons (SDN) list, it will not receive privacy benefits from RailGun.
Essentially, RailGun employs a private Proof-of-Innocence (POI) protocol using a zero-knowledge proof system. This system verifies incoming funds against the OFAC list and catalogs known malicious entities. If the verification confirms no association with the addresses on the OFAC list, the funds are cleared for processing without privacy restrictions.
Due to this approach, the privacy-centric project has garnered attention from Vitalik Buterin, Ethereum’s co-founder, who reportedly used the platform. Buterin transferred 100 ETH, approximately $325,000, to RailGun. The transaction follows a pattern of smaller transfers to RailGun over the past six months.
“Privacy is normal. RailGun uses the privacy pools protocol, which makes it much harder for bad actors to join the pool without compromising users’ privacy,” Buterin stated.
Read more: 4 Best Bitcoin Mixers and Tumblers in 2024
Buterin’s endorsement of RailGun comes as privacy tools face increased scrutiny from regulators globally. Last week, the US Treasury Deputy Secretary highlighted malign actors’ potential misuse of privacy-enhancing technologies. In response, major exchanges like Binance and OKX have begun delisting such assets, aligning with tighter regulatory frameworks.
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
