This article is from: AnChain.AI
Compiled by | Odaily Planet Daily (@OdailyChina)
In January 2023, the FBI accused the North Korean hacking group Lazarus Group of using the privacy protocol Railgun for money laundering, involving an amount of approximately 41,000 ETH (worth over $60 million at that time), which was stolen by the group in a 2022 attack on the Harmony Horizon Bridge. AnChain.AI was the primary security company responding to this case. As of the writing of this article, the total value of the involved ETH has exceeded $120 million.
Since its establishment in 2022, Railgun has facilitated over $2 billion in cryptocurrency transactions, with WETH accounting for 76% of the total transaction volume. This scale of transactions highlights Railgun's growing utility in on-chain privacy services.
Railgun presents unique challenges for cryptocurrency-related investigations, especially in tracking illicit activities. This article will delve deep into the fundamental concepts of Railgun, its internal workings, innovative privacy mechanisms, and how cutting-edge solutions trusted by global regulators can more effectively combat money laundering activities.
What is Railgun?
Railgun utilizes smart contracts and zero-knowledge proof (ZKP) technology to replace traditional cryptocurrency mixing tools, becoming a next-generation privacy service. Unlike mixers that require funds to be pooled off-chain to obscure transactions, Railgun can integrate privacy features directly into on-chain transactions, helping users remain anonymous during DeFi activities.
Railgun operates on Ethereum and other EVM-compatible networks, using zk-SNARKs to facilitate privacy-centric on-chain transactions. zk-SNARKs allow users to prove the validity of transactions without revealing any sensitive information. This approach eliminates the need for third-party layers or bridges that typically pose privacy risks or operational complexities, achieving seamless integration with DeFi applications.
How does Railgun achieve transaction privacy? According to Railgun, it only takes 4 simple steps:
Create: Set up your non-custodial RAILGUN wallet using a privacy 0 zk address;
Shield: Transfer any ERC-20 tokens or NFTs to the 0 zk address to achieve shielding;
Transact: Once shielded, tokens, balances, and transactions will be encrypted.
Use: Transfer assets between 0 zk addresses to use DeFi anonymously.
However, while these steps may seem simple, the challenges posed by Railgun become more pronounced when we take a closer look at its internal workings.
What are zk-SNARKs?
Railgun is essentially a smart contract DApp that uses zero-knowledge proofs, specifically zk-SNARKs, to ensure transaction privacy.
Zero-knowledge proofs are a cryptographic technique that allows one party (the prover) to convince another party (the verifier) that they know some information without revealing the actual information. zk-SNARKs (zero-knowledge succinct non-interactive arguments of knowledge) are a specific form of zero-knowledge proof focused on 'non-interactive,' meaning that no back-and-forth communication is needed between the prover and the verifier.
In Railgun's privacy system, zk-SNARKs allow smart contracts to act as verifiers. When a user wants to make a transaction, zk-SNARKs enable the user to prove that their actions (i.e., transferring tokens or interacting with DeFi protocols) comply with the rules without disclosing any sensitive details.
The technical process of Railgun involves several key components:
Trusted setup: Use elliptic curves to generate the cryptographic parameters needed for proof creation and verification, establishing a public parameter system. These parameters will be used to ensure that subsequent proofs can be verified.
Circuit: In the Railgun protocol, 'witnesses' (private data such as a user's token balance or transactions) are used in cryptographic 'circuits.' Circuits define conditions that must be met (such as valid transaction amounts or sufficient balances). Provers can compute solutions (proofs) based on 'witnesses' and 'circuits.'
Proof generation: Generate a concise and cryptographically valid proof that the user knows a 'witness' that satisfies the conditions of the 'circuit' without revealing the 'witness' itself.
Verification: Submit the proof to the network, using public parameters from the trusted setup step for verification. The verification process can be computed efficiently, allowing for real-time on-chain verification.
The magic of zk-SNARKs lies in their efficiency—capable of generating small, easily verifiable proofs, which is particularly suited for blockchains that have strong demands for speed and privacy. This allows the Railgun system to utilize cryptographic 'circuits' to handle different types of transactions, each defined by specific input (UTXO) and output amounts. These 'circuits' can manage various transactions, from multiple sends to privacy NFT shielding. Railgun has 54 different 'circuits' that can handle various transaction combinations, and the system automatically routes transactions to optimize gas and save costs. This flexible design also allows Railgun to support various token standards, including ERC-20, ERC-721, and ERC-1155, enabling Railgun to efficiently handle multiple transaction types.
Unveiling the veil of Railgun smart contracts
The role of smart contracts in cryptocurrency tracking
The rise of smart contracts and Railgun fundamentally alters the way cryptocurrencies are tracked. The challenges are mainly twofold.
Technical complexity: Railgun's privacy design and ZKP technology can obscure transaction details, making it difficult to link deposits and withdrawals without specialized tools.
Legal ambiguity: The inherent privacy of the protocol raises accountability issues, especially when features originally intended to protect user privacy are exploited by bad actors.
For cryptocurrency investigators, understanding smart contract mechanisms is no longer optional, but an essential skill.
Main contract address for Railgun on the Ethereum mainnet
Railgun operates through a network of dedicated smart contracts. It primarily has two smart contracts on the Ethereum mainnet.
Railgun relay contract:
Address: 0xfa7093cdd9ee6932b4eb2c9e1cde7ce00b1fa4b9
Description: Facilitates transaction relays within the Railgun system, ensuring that user interactions remain private and secure.
Railgun smart wallet contract:
Address: 0xc0BEF2D373A1EfaDE8B952f33c1370E486f209Cc
Description: Core functions managing the Railgun privacy system, including the shielding and unshielding of assets, as well as how privacy transactions are handled.
It is important to note that while these addresses are specific to Ethereum, Railgun also operates on other networks such as BSC, Polygon, and Arbitrum, each with its own unique contract address.
Analyze Railgun's relay contract
After analyzing Railgun's relay contract using AnChain.AI's SCREEN smart contract evaluation platform, it was broadly classified as a 'Pausable Upgradeable Proxy.' This architecture allows for upgrades while maintaining operational control, thus providing flexibility and security.
By examining a case study involving complex money laundering activities, we can better understand the implications of this design in the real world.
Case Study: The Harmony Bridge attack and the utility of Railgun
In January 2023, an address related to the infamous Harmony Bridge hack laundered 897 ETH (approximately $2.7 million) through Railgun. Although this transaction (as emphasized above) seems straightforward, it was supported by 31 different smart contract events, many of which evaded detection by traditional investigative tools. This complex transfer pattern underscores the intricacy of Railgun's privacy mechanisms and its ability to obscure the true flow of funds.
Reveal the intricacies of insider trading
Traditional blockchain explorers cannot capture the details of Railgun privacy transactions. To address this challenge, SCREEN's advanced transaction charting and simulation capabilities help investigators break down Railgun's internal processes, revealing hidden flows of funds and patterns.
As shown in the above figure, the internal transaction timeline within SCREEN can reveal complex patterns of fund flows, including back-and-forth transfers—part of Railgun's privacy system.
New challenges in cryptocurrency investigations
Railgun's privacy design and the application of ZKP technology create significant obstacles for cryptocurrency investigations, but these are not insurmountable.
Successful investigations largely depend on contextual factors, such as external interactions with exchanges, deposit and withdrawal activity patterns, and potential associations identified through behavioral or clustering analysis.
Exploratory solutions for investigating Railgun transactions
Drawing on extensive investigative experience, AnChain.AI has developed the following exploratory solutions for probabilistic tracking and analysis of transactions conducted via Railgun. Different approaches target various aspects of Railgun's functionality to infer potential connections between deposit and withdrawal events.
Deposit and withdrawal monitoring scheme:
Focus: Observe the inflow (shielding) and outflow (unshielding) of funds into Railgun;
Method: Track public addresses depositing funds into Railgun and monitor their withdrawal transactions to see where funds reappear on public addresses;
Limitations: Cannot reveal transfers within Railgun but provides potential endpoints.
Time monitoring scheme:
Focus: Analyze the timing of deposits and withdrawals;
Method: Look for temporal relationships between large or isolated deposit and withdrawal events, which may indicate a potential relationship;
Limitations: There is a degree of probability; monitoring isolated temporal events is most effective but may also lead to false positives;
Off-chain association scheme:
Focus: Link on-chain Railgun activities with off-chain events;
Method: Compare Railgun transactions with external factors, such as exchange activities or known blockchain social interactions.
Limitations: Dependence on the availability and quality of off-chain data.
Transaction pattern analysis scheme:
Focus: Identify relevant addresses through transaction patterns;
Method: Use clustering algorithms to find behavioral similarities within Railgun interaction addresses, thereby identifying a particular entity or group.
Limitations: Privacy transactions may reduce analysis accuracy, and transaction patterns are often complex and obscure.
Governance interaction scheme:
Focus: Examine interactions with Railgun governance or public wallets;
Method: Analyze known governance or public addresses that may be linked to Railgun and observe their transaction behaviors;
Limitations: Applicable only when known governance addresses are used within Railgun.
Epilogue
The challenges posed by Railgun raise a common issue in cryptocurrency investigations today—how can investigators begin to track illicit funds when widely used privacy protocols hinder their most common tools?
In today’s digital asset ecosystem, understanding smart contracts is not just a suggestion but a necessity. Protocols like Railgun challenge traditional methods of blockchain tracking, emphasizing the need for continuous innovation in forensic technology and investigation strategies.
AnChain.AI is committed to addressing this issue through technology and continues to provide leading global regulatory agencies with technology that penetrates smart contracts, redefining the way cryptocurrency investigations are conducted.
