Railgun: A privacy service worth $2 billion, a ZK tool to cover up money laundering on the chain

This article comes from: AnChain.AI

Compiled by Odaily Planet Daily (@OdailyChina)

In January 2023, the FBI accused the North Korean hacker group Lazarus Group of using the privacy protocol Railgun to launder money, involving approximately 41,000 ETH (worth more than $60 million at the time), which was stolen from the Harmony Horizon Bridge attack in 2022. AnChain.AI is the main security company responding to the case. As of the time of writing, the total value of the ETH involved has exceeded $120 million.

Since its founding in 2022, Railgun has facilitated over $2 billion in cryptocurrency transactions, with WETH accounting for 76% of total volume. This volume of transactions highlights the growing utility of Railgun in on-chain privacy services.

Railgun presents unique challenges for cryptocurrency-related investigations, particularly in tracking illegal activities. This article will delve deeply into Railgun's fundamental concepts, internal workings, innovative privacy mechanisms, and how cutting-edge solutions trusted by global regulatory agencies can more effectively combat money laundering.

What is Railgun?

Railgun leverages smart contracts and zero-knowledge proof (ZKP) technology, replacing traditional cryptocurrency mixing tools, becoming a new generation of privacy service. Unlike mixers that need to pool funds off-chain to obscure transactions, Railgun integrates privacy functions directly into on-chain transactions, helping users maintain anonymity in DeFi activities.

Railgun operates on Ethereum and other EVM-compatible networks, utilizing zk-SNARKs to facilitate privacy-preserving on-chain transactions. zk-SNARKs allow users to prove the validity of transactions without disclosing any sensitive information. This approach eliminates the need for third-party layers or bridges that often pose privacy risks or operational complexities, enabling seamless integration with DeFi applications.

How does Railgun achieve transaction privacy? According to Railgun, it only takes 4 simple steps:

• Create: Set up your non-custodial RAILGUN wallet using a privacy 0 zk address;

• Shield: Transfer any ERC-20 token or NFT to this 0 zk address for shielding;

• Transact: Once shielded, tokens, balances, and transactions will be encrypted.

• Use: Transfer assets between 0 zk addresses to use DeFi anonymously.

However, while these steps may seem straightforward, the challenges posed by Railgun become more pronounced when we take a closer look at its internal operating mechanisms.

What are zk-SNARKs?

Railgun is essentially a smart contract DApp that uses zero-knowledge proofs, particularly zk-SNARKs, to ensure transaction privacy.

Zero-knowledge proof is a cryptographic technique that allows one party (the prover) to convince another party (the verifier) that they know some form of information without revealing the actual information. zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) are a specific form of zero-knowledge proof focused on 'non-interactivity', meaning no back-and-forth communication is needed between the prover and verifier.

In Railgun's privacy system, zk-SNARKs allow smart contracts to act as validators. When a user wants to make a transaction, zk-SNARKs enable the user to prove that their actions (i.e., transferring tokens or interacting with DeFi protocols) comply with the rules without disclosing any sensitive details.

Railgun's technical process involves several key components:

• Trusted Setup: Uses elliptic curves to generate cryptographic parameters needed for creating and verifying proofs to establish a public parameter system. These parameters will be used to ensure that subsequent proofs can be verified.

• Circuit: In the Railgun protocol, 'witness' (private data, such as a user's token balance or transaction) is used in cryptographic 'circuit'. The circuit defines certain conditions that must be met (such as valid transaction amounts or sufficient balances). The prover can compute a solution (proof) based on the 'witness' and the 'circuit'.

• Proof Generation: Generate a concise, cryptographically valid proof that the user knows a 'witness' satisfying the 'circuit' conditions without revealing the 'witness' itself.

• Verification: Submit the proof to the network, using the public parameters from the trusted setup step for verification. The verification process can be computed efficiently, allowing for real-time verification on-chain.

The magic of zk-SNARKs lies in their efficiency — generating smaller, easily verifiable proofs, which are particularly suitable for blockchains with strong demands for speed and privacy. This allows the Railgun system to utilize cryptographic 'circuits' to handle different types of transactions, each defined by specific inputs (UTXO) and output amounts. These 'circuits' can manage various transactions, from multi-sending to privacy NFT shielding. Railgun has 54 different 'circuits' that can handle multiple transaction combinations, with the system automatically routing transactions to optimize gas and save costs. This flexible design also allows Railgun to support various token standards, including ERC-20, ERC-721, and ERC-1155, enabling Railgun to efficiently handle a variety of transaction types.

Unveiling the veil of Railgun smart contracts

The role of smart contracts in cryptocurrency tracking

The rise of smart contracts and Railgun fundamentally changes the way cryptocurrency is tracked. The challenges primarily boil down to two points.

• Technical Complexity: Railgun's privacy design and ZKP technology can obscure transaction details, making it difficult to link deposits and withdrawals without specialized tools.

• Legal Ambiguity: The inherent privacy of the protocol raises accountability issues, particularly when features intended to protect user privacy are exploited by bad actors.

For cryptocurrency investigators, understanding smart contract mechanisms is no longer optional; it's an essential skill.

Main contract address of Railgun on the Ethereum mainnet

Railgun operates through a series of dedicated smart contract networks. It mainly has two smart contracts on the Ethereum mainnet.

Railgun Relay Contract:

• Address: 0xfa7093cdd9ee6932b4eb2c9e1cde7ce00b1fa4b9

• Description: Facilitates transaction relaying within the Railgun system, ensuring user interactions remain private and secure.

Railgun Smart Wallet Contract:

• Address: 0xc0BEF2D373A1EfaDE8B952f33c1370E486f209Cc

• Description: Manages the core functions of the Railgun privacy system, including asset shielding and unshielding, as well as how privacy transactions are handled.

It should be noted that while these addresses are specific to Ethereum, Railgun also operates on other networks like BSC, Polygon, and Arbitrum, each with its unique contract addresses.

Analyzing Railgun's relay contract

After analyzing Railgun's relay contract using AnChain.AI's SCREEN smart contract assessment platform, the contract was broadly classified as a 'Pausable Upgradeable Proxy'. This architecture allows for upgrades while maintaining operational control, thereby providing flexibility and security.

Through a case study involving complex money laundering activities, we can better understand the real-world implications of this design.

Case Study: The Harmony Bridge Attack and the Utility of Railgun

In January 2023, an address linked to the notorious Harmony Bridge hacker laundered 897 ETH (approximately $2.7 million) through Railgun. While this transaction (as emphasized above) appears simple, it was supported by 31 different smart contract events, many of which evaded detection by traditional investigative tools. This complex transfer pattern highlights the complexity of Railgun's privacy mechanisms and its ability to obscure the flow of real funds.

Unraveling the intricate insider trading

Traditional blockchain explorers fail to capture the details of Railgun privacy transactions. To address this challenge, SCREEN's advanced transaction charts and simulation capabilities help investigators break down Railgun's internal processes, revealing hidden fund flows and patterns.

As shown in the above diagram, the internal transaction timeline in SCREEN can reveal complex patterns of fund flows, including back-and-forth transfers — part of Railgun's privacy system.

New challenges in cryptocurrency investigations

Railgun's privacy design and ZKP technology application create significant obstacles for cryptocurrency investigations, but it's not impossible to overcome.

Successful investigations largely depend on contextual factors, such as external interactions with exchanges, patterns of deposit and withdrawal activities, and potential connections identified through behavioral or clustering analysis.

Exploratory solutions for investigating Railgun transactions

AnChain.AI has developed the following exploratory solutions for probabilistically tracking and analyzing transactions conducted through Railgun based on extensive investigative experience. Different methods focus on different aspects of Railgun's functionality to infer potential connections between deposit and withdrawal events.

Deposit and Withdrawal Monitoring Scheme:

• Focus: Observe the inflow (shielding) and outflow (unshielding) of funds into Railgun;

• Method: Track public addresses depositing funds into Railgun and monitor their withdrawal transactions to see where funds reappear on public addresses;

• Limitation: Cannot reveal internal transfers within Railgun but provides potential endpoints.

Time Monitoring Scheme:

• Focus: Analyze the timing of deposits and withdrawals;

• Method: Look for time relationships between large or isolated deposit and withdrawal events, which may indicate potential connections;

• Limitation: There is a certain probabilistic nature, monitoring effectiveness is best for isolated time events, but may also produce false positives;

Off-chain Association Scheme:

• Focus: Associate on-chain Railgun activities with off-chain events;

• Method: Compare Railgun transactions with external factors, such as exchange activity or known blockchain social interactions.

• Limitation: Dependent on the availability and quality of off-chain data.

Transaction Pattern Analysis Scheme:

• Focus: Identify related addresses through transaction patterns;

• Method: Use clustering algorithms to find behavioral similarities in Railgun interactive addresses, thereby identifying a specific entity or group.

• Limitation: Privacy transactions may reduce analysis accuracy, and transaction patterns are often complex and ambiguous.

Governance Interaction Scheme:

• Focus: Examine interactions of Railgun governance or public wallets;

• Method: Analyze known governance or public addresses that may be linked to Railgun and observe their transaction behaviors;

• Limitation: Only applicable when known governance addresses are used in Railgun.

Epilogue

The challenges posed by Railgun raise a common issue in conducting cryptocurrency investigations — how do they begin to track illegal funds when widely prevalent privacy protocols obstruct the most commonly used tools for investigators?

In today's digital asset ecosystem, understanding smart contracts is not just a suggestion but a necessity. Protocols like Railgun challenge traditional methods of blockchain tracking, highlighting the need for ongoing innovation in forensic technologies and investigative strategies.

AnChain.AI is committed to solving this issue through technology and continues to provide penetrating technology for leading global regulatory agencies, redefining the way cryptocurrency investigations are conducted.