Forbes: Did DCG profit from the illegal activities of North Korean hackers?

Original author: Javier Paz, Forbes magazine reporter

原文翻譯：魯夫、前瞻新聞

In the world of 加密貨幣currency, privacy is a major issue. For those who want to hide something, there is a tool called a cryptocurrency mixer that can help asset owners hide their identities. The working principle of a mixer is simply to mix the deposited cryptocurrency into a pool of funds, cut off its connection with the original crypto wallet, and then people cannot know the original source of the funds. In 2022, the most notorious mixer, Tornado Cash, was added to the sanctions blacklist by the US Treasury Department because the mixer was suspected of laundering billions of dollars for criminals, including a hacker group from North Korea.

U.S. law enforcement says a North Korean hacking group called Lazarus Group has been using mixers like Blender.io, Tornado Cash, R人工智慧lgun, and Sinbad.io to launder stolen cryptocurrencies. The chart below shows that mixers have been used to launder $700 million in stolen funds from blockchain applications such as the online game Axie Infinity, the wallet software Atomic Wallet, and the cross-chain bridge Harmony Bridge. Harmony Bridge is a tool that allows users to transfer token assets from Harmony One blockchain to other blockchain networks such as Ethereum. According to the Wall Street Journal, Lazarus has stolen more than $3 billion worth of cryptocurrency in total.

The chart below lists some of the cases where hackers (red) and mixers (green) were involved in money laundering in chronological order. The green numbers are not always equal to the red numbers because the funds stolen by hackers are not always equal to the funds laundered, and some funds may be used for money laundering more than once.

Lazarus Group cryptocurrency hacking incident, data source: FBI, US Treasury, compiled by Forbes magazine

What makes the Harmony Bridge hack unique is that unlike the other mixers mentioned above, Railgun has not yet been sanctioned by U.S. law enforcement. The Treasury Department did not respond to a request for comment on the Railgun issue. However, there is new information that Digital Currency Group (DCG), the 公司 behind Grayscale, a $25 billion cryptocurrency fund manager, may have profited from money laundering through Railgun. A two-month investigation by Forbes, backed by data from blockchain intelligence firm ChainArgos, showed that DCG received $436,906 from Railgun from June 2023 to date. This figure represents 18% of the $2.4 million Railgun spent during this period. According to crypto forensics firm Elliptic, mixer Railgun may have been involved in up to $60 million of money laundering by the Lazarus Group in 2023. A DCG spokesperson declined to comment on the matter. Forbes reached out to Railgun for comment multiple times but did not receive a response.

Harmony hack

In June 2022, according to the FBI, North Koreas hacker group Lazarus Group stole $100 million worth of cryptocurrencies from Harmonys blockchain cross-chain bridge, including Ethereum, USDC, WBTC and 11 other tokens. The hacker carried out the attack through a cloud storage program password leaked by a cross-chain bridge administrator, and then used the program to steal the private keys that protect customer asset transfers, stealing huge assets. Elliptic said: After the stolen funds sat idle for seven months, 41,647 ETH was sent to the Railgun relay contract through 71 accounts between January 11 and 14, 2023. Lazarus Groups exit strategy through Railgun was also traced to 184 intermediary accounts, and then used 19 deposit addresses to deposit into multiple centralized cryptocurrency exchanges, mainly to Huobi, Binance and OKX.

On April 16, 2024, UK-based Railgun denied the alleged mixing, stating, This is not true, this is false reporting. Despite this, Railgun usage and fees increased significantly in early 2023. Historically, Railgun has processed between 1 and 5 ETH per day. On January 13, 2023, mixing volume surged to 41,000 ETH, coinciding with the suspected money laundering, and Railgun has never mixed at this level since then.

DCG’s investment in Railgun

In January 2022, DCG invested $10 million in Railgun and received 5 million RAIL (the native token of the Railgun network). Based on recent pr冰s, DCGs investment in RAIL is now worth $3.9 million, down more than 60%. DCG staked these tokens, which is equivalent to DCG using the tokens as collateral for the protocol, so that it can vote on important future business decisions of the protocol and receive a portion of the network fees paid by users. DCGs RAIL tokens are stored in five separate Ethereum wallets:

• 0x5348b77cF55B90147CbB6a938e0058DD25cbF0CA

• 0x3decD5DA4bC6489dfe1e73d0469c59f281ED8811

• 0x54Aa22EaCB1da8Ee635Ab0E94C8DA77F49916b4E

• 0x02698237DDC5Cf63660DA2cfD10934C911433724

• 0xE82f012dd671f94094d0c33D9E8c99330D1D2B79

In addition, DCG donated $7.1 million worth of DAI, a stablecoin whose value is pegged to the price of the U.S. dollar and used for general business purposes, to Railgun’s protocol treasury. “It is rare for a large investor to send funds to a fully decentralized DAO treasury to support a project without requiring any management of keys or being part of a multi-signature team,” Edward Fricker, an attorney who advised Railgun on the transaction, said in a statement at the time.

Based on data from ChainArgos and Elliptic, Forbes calculated that the $60 million in transactions allegedly laundered by the North Korean hacking group would have required at least $260,000 in fees, which could have been drawn from Railgun’s fee pool as of January 21, 2023. However, DCG did not claim its share of Railgun’s fees until June 2023. During this period, 26 other wallet addresses also claimed fees from Railgun.

Did DCG deliberately wait five months to ask for fees in order to distance itself from the alleged illegal activity? DCG did not respond to Forbes. ChainArgos CEO Jonathan Reiter said: Law enforcement would certainly not be satisfied if they only had to wait a few weeks to legally receive fees for the money laundered by the mixer.

But it doesn’t matter. Railgun’s code automatically ties accumulated fees to a staked address or a recipient address. “There is strong evidence that DCG benefited from the alleged money laundering in January 2023,” said Matthew Sampson, co-founder of blockchain analysis firm Gray Wolf. “The Railgun smart contract specifies who should receive rewards, and the reward tokens for that period are reserved for DCG and can be claimed at any time.”

The chart below shows the most recent fee rewards paid by Railgun to the DCG wallet. Not all of mixer fee income comes from alleged money laundering.

Railgun’s rewards to DCG. Source: Ethereum and Arkham data compiled by Forbes

The rewards obtained from the RAIL staked in the above five wallets are delegated to the address 0xFED429FB7d243380B25bC11B10561D5A27f42D8E, through which the specific address information of DCG receiving Railgun rewards can be queried. Each receiving address received reward tokens in the form of three tokens, namely the stablecoin DAI (49%), the governance token RAIL (30%), and a wrapped ETH (WETH, 21%). 1 stablecoin is equivalent to 1 unit of a specific fiat currency, in this case the US dollar. RAIL governance tokens allow holders to obtain voting rights on protocol proposals, similar to proxy voting in traditional stock companies. WETH is a wrapped ETH with a value equal to ETH, which enables it to be transferred across multiple blockchain protocols without being limited to its native Ethereum protocol.

DeFi Compliance Challenges

DCGs alleged involvement in the Railgun money laundering incident is just one example of how decentralized finance (DeFi) applications in cryptocurrencies, which mimic the functions of banks on the blockchain, are struggling to balance privacy tools and the need to keep bad actors out of their systems. The creators of these platforms often say that they are decentralized and therefore not controlled by anyone and do not restrict anyone. However, this explanation is rarely accepted by law enforcement officials, especially in the United States.

According to the Bank Secrecy Act Responsibility Guide published by U.S. authorities in October 2021, “members of the virtual currency industry are responsible for ensuring that they do not directly or indirectly engage in transactions prohibited by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctions, such as transactions with blocked persons or property, or engaging in prohibited trade or investment-related transactions.” A spokesperson for the IRS Criminal Investigation Division told Forbes, referring specifically to DeFi projects, “These platforms require ongoing maintenance and 發展 to keep up with technology and deter criminals, which requires the companies behind DeFi platforms to monitor what happens on the platform and ensure compliance with laws and regulations.”

Violations of the Bank Secrecy Act are often difficult to detect, in part because the U.S. government is understaffed. “Financial Crimes Enforcement Agency has been under-resourced for years, with at most 10 people overseeing thousands of money services businesses, including cryptocurrency exchanges, some of which move trillions of dollars a year,” said Amanda Wick, a former Justice Department regulator and principal at Incite Consulting.

“The government is short-staffed, and crime is rising,” added Victor Fang, CEO and co-founder of blockchain analytics firm Anchain, who works closely with the IRS Criminal Investigation team that tracks financial crime. “Law enforcement has 50,000 cases pending in the U.S. alone, so how on earth are they going to use Chainalysis or other data vendors to help with that? It’s impossible to do.”

Railgun appears to be developing a technical solution to improve its compliance. In May 2023, Railgun partnered with Chainway Labs, the creator of Proof of Innocence, to launch new features to make it more compliant with regulatory requirements. Also known as a privacy pool, the Proof of Innocence solution allows users to choose whether to provide cryptographic proof that the users tokens did not come from a sanctioned wallet. The idea is that the good guys provide evidence and the bad guys stay away from it. The problem is that it would be easy for bad guys to create a large number of new unsanctioned wallets, layered apart from their illegal activities, to cope with such a solution.

“There can’t be a permissionless compliance system; otherwise, you’ll always be one step behind when it comes to blacklisting or trying to catch the bad guys,” said Patrick Tan, general counsel at ChainArgos.

This article is sourced from the internet: Forbes: Did DCG profit from the illegal activities of North Korean hackers?

Related: Crypto market bulls and bears debate: End of cycle or on the verge of a big rise?

Original author: Thesis Fox Original translation: Vernacular Blockchain Are we on the verge of another major rally in the crypto market? Or has the cycle already ended? This is a hotly debated topic at the moment, and there are very strong arguments on both sides. Considering that many people have invested their life savings in the crypto market, the stakes are extremely high. This post will summarize the bull and bear arguments for the crypto market over the next 6-12 months and attempt to give some perspective on the strength of each argument. Let’s dive in. 1. Bullish view 1) The US macroeconomic situation is improving Inflation has fallen below 3% (see Figure 1), the Fed is poised to start cutting rates, corporate earnings are strong, especially in the tech…