Forbes: Did DCG profit from North Korean hacker money laundering activities?

Foresight News
2024-11-01 23:12:53
Collection
DCG has obtained approximately $430,000 in funding from the mixer Railgun since June last year. Investigations have shown that Railgun may be involved in illegal money laundering activities linked to the North Korean hacker group Lazarus Group.

Author: Javier Paz, Forbes Magazine Reporter

Compiled by: Luffy, Foresight News

In the world of cryptocurrency, privacy is a significant issue. For those who want to hide certain things, there exists a tool known as cryptocurrency mixers that can help asset owners conceal their identities. The way mixers work is simple: they mix the deposited cryptocurrencies into a pool of funds, severing the link to the original crypto wallet, making it impossible for people to know the original source of the funds. In 2022, the most "notorious" mixer, Tornado Cash, was placed on the U.S. Treasury's sanctions blacklist due to its alleged involvement in laundering billions of dollars for criminals, including a hacking group from North Korea.

U.S. law enforcement agencies have stated that a North Korean hacking group known as the Lazarus Group has been using mixers like Blender.io, Tornado Cash, Railgun, and Sinbad.io to launder stolen cryptocurrencies. The following image shows that mixers have been used to launder $700 million in stolen funds from blockchain applications such as the online game Axie Infinity, wallet software Atomic Wallet, and the cross-chain bridge Harmony Bridge. Harmony Bridge is a tool that allows users to transfer token assets from one blockchain, Harmony, to other blockchain networks like Ethereum. According to The Wall Street Journal, Lazarus has stolen over $3 billion worth of cryptocurrency in total.

The following chart lists some incidents of hacking (in red) and mixing (in green) that are suspected of money laundering in chronological order. The green numbers do not always equal the red numbers, as the funds stolen by hackers do not always equal the funds laundered, and some funds may have been laundered more than once.

Lazarus Group Cryptocurrency Hacking Incidents, Data Source: FBI, U.S. Treasury, Compiled by Forbes Magazine

The Harmony Bridge hack is notable because, unlike the other mixers mentioned above, U.S. law enforcement has not yet sanctioned Railgun. The Treasury did not respond to requests for comment regarding Railgun. However, new information suggests that the Digital Currency Group (DCG), which manages a fund with $25 billion in cryptocurrency, may have profited from laundering through Railgun. Forbes conducted a two-month investigation supported by data provided by blockchain intelligence firm ChainArgos, revealing that DCG received $436,906 from Railgun from June 2023 to the present. This amount accounts for 18% of Railgun's total spending of $2.4 million during this period. According to cryptocurrency forensics firm Elliptic, the mixer Railgun may have participated in laundering activities of up to $60 million for the Lazarus Group in 2023. A spokesperson for DCG declined to comment on the matter. Forbes has repeatedly sought comments from Railgun but has not received any responses.

Harmony Hacking Incident

In June 2022, according to the FBI, the North Korean hacking group Lazarus Group stole $100 million worth of cryptocurrency from Harmony's blockchain cross-chain bridge, including Ethereum, USDC, WBTC, and 11 other tokens. The hackers executed the attack by exploiting a cloud storage program password leaked by a cross-chain bridge administrator, then used the program to steal the private keys that protect customer asset transfers, resulting in a massive theft. Elliptic stated, "After the stolen funds sat idle for seven months, between January 11 and 14, 2023, 41,647 ETH was sent to Railgun's relay contract through 71 accounts." The exit strategy of Lazarus Group through Railgun was also traced back to "184 intermediary accounts, which then deposited into 19 deposit addresses across multiple centralized cryptocurrency exchanges, primarily flowing to Huobi, Binance, and OKX."

On April 16, 2024, the UK-based Railgun denied the alleged mixing activities, stating, "This is not true; this is false reporting." Nevertheless, the usage and fees of Railgun significantly increased in early 2023. Historically, the amount of mixing handled by Railgun ranged from 1 to 5 ETH per day. On January 13, 2023, the mixing volume surged to 41,000 ETH, coinciding with the suspected money laundering activities, and Railgun's mixing volume has not reached that level since.

DCG's Investment in Railgun

In January 2022, DCG invested $10 million in Railgun and received 5 million RAIL (the native token of the Railgun network). Based on recent prices, DCG's investment in RAIL is now worth $3.9 million, down over 60%. DCG staked these tokens, effectively using them as collateral for the protocol, which allowed it to gain rights to vote on significant business decisions for the protocol's future and to receive a portion of the network fees paid by users. DCG's RAIL tokens are stored in five separate Ethereum wallets:

  • 0x5348b77cF55B90147CbB6a938e0058DD25cbF0CA
  • 0x3decD5DA4bC6489dfe1e73d0469c59f281ED8811
  • 0x54Aa22EaCB1da8Ee635Ab0E94C8DA77F49916b4E
  • 0x02698237DDC5Cf63660DA2cfD10934C911433724
  • 0xE82f012dd671f94094d0c33D9E8c99330D1D2B79

Additionally, DCG donated $7.1 million worth of the stablecoin DAI, which is pegged to the dollar, to Railgun's protocol treasury for typical business purposes. "It is rare for large investors to send funds to a completely decentralized DAO treasury without requiring any management keys or becoming part of a multi-signature team," said Edward Fricker, a lawyer who consulted on the transaction for Railgun, in a statement at the time.

According to data from ChainArgos and Elliptic, Forbes calculated that the $60 million transaction allegedly involved in money laundering by the North Korean hacking group would incur at least $260,000 in fees, which could be withdrawn from Railgun's fee pool as of January 21, 2023. However, DCG did not request its share of Railgun fees until June 2023. During this period, 26 other wallet addresses also requested fees from Railgun.

Did DCG deliberately wait five months to request fees to distance itself from the alleged illegal activities? DCG did not respond to Forbes. Jonathan Reiter, CEO of ChainArgos, stated, "If it only takes a few weeks to legally obtain fees from the mixer’s laundered proceeds, law enforcement would certainly not be satisfied."

But that is not the point. Railgun's code automatically binds the accumulated fees to the staking address or recipient address. Matthew Sampson, co-founder of blockchain analytics firm Gray Wolf, stated, "There is compelling evidence that DCG benefited from the alleged money laundering incident in January 2023. The Railgun smart contract specifies who should receive rewards, and the reward tokens for that period were reserved for DCG, which can be claimed at any time."

The following image shows the fee rewards that Railgun recently paid to DCG's wallet. The fee income from the mixer does not all come from the alleged money laundering activities.

Railgun Rewards to DCG, Data Source: Forbes Compiled Ethereum and Arkham Data

The rewards earned from the staked RAIL in the aforementioned five wallets are delegated to the address 0xFED429FB7d243380B25bC11B10561D5A27f42D8E, through which the specific address information for DCG receiving Railgun rewards can be queried. Each receiving address received reward tokens in three forms: stablecoin DAI (49%), governance token RAIL (30%), and a wrapped ETH (WETH, 21%). One stablecoin is equivalent to one unit of a specific fiat currency, in this case, the U.S. dollar. The RAIL governance token grants holders voting rights on protocol proposals, similar to proxy voting in traditional stock companies. WETH is a "wrapped" ETH that is worth the same as ETH, allowing it to be transferred across multiple blockchain protocols without being limited to its native Ethereum protocol.

DeFi Compliance Challenges

DCG's alleged involvement in the Railgun money laundering incident is just one example of how decentralized finance (DeFi) applications in cryptocurrency struggle to balance the need for privacy tools with the need to prevent bad actors from entering their systems. The creators of these platforms often claim that they are decentralized and therefore not controlled by anyone and do not restrict anyone. However, this explanation is rarely accepted by law enforcement, especially in the U.S.

According to the Bank Secrecy Act guidelines issued by U.S. authorities in October 2021, "Members of the virtual currency industry are responsible for ensuring that they do not directly or indirectly engage in transactions prohibited by the U.S. Treasury's Office of Foreign Assets Control (OFAC), such as trading with frozen individuals or properties or engaging in prohibited trade or investment-related transactions." A spokesperson for the IRS Criminal Investigation Division specifically mentioned to Forbes regarding DeFi projects, "These platforms require ongoing maintenance and development to keep up with technological advancements and prevent criminals, which requires the companies behind DeFi platforms to oversee what happens on the platforms and ensure compliance with laws and regulations."

Violations of the Bank Secrecy Act are often difficult to detect, partly due to the lack of resources in the U.S. government. "The Financial Crimes Enforcement Network has been under-resourced for years, with at most 10 people responsible for overseeing thousands of money service businesses, including cryptocurrency exchanges, some of which transfer trillions of dollars annually," said Amanda Wick, a former regulator with the U.S. Department of Justice and head of Incite Consulting.

"The government is short-staffed, and crime rates are rising," added Victor Fang, CEO and co-founder of blockchain analytics firm Anchain, who works closely with the IRS Criminal Investigation team tracking financial crimes. "In the U.S. alone, law enforcement has 50,000 cases waiting to be processed, so how are they supposed to use Chainalysis or other data providers to help handle these cases? It’s impossible."

Railgun appears to be developing a technological solution to enhance its compliance. In May 2023, Railgun partnered with Chainway Labs, the creator of "proof of innocence," to launch new features that make it more compliant with regulatory requirements. The proof of innocence solution, also known as a privacy pool, allows users to choose whether to provide cryptographic proof that their tokens do not come from sanctioned wallets. The idea is that good actors provide evidence while bad actors stay away from it. The problem is that bad actors can easily create a large number of new unsanctioned wallets, layering them away from their illegal activities to respond to such solutions.

Patrick Tan, General Counsel of ChainArgos, stated, "There cannot be a compliance system that is permissionless; otherwise, you will always be one step behind when trying to blacklist or catch bad actors."

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
ChainCatcher Building the Web3 world with innovators