Did the digital currency group profit from $60 million in North Korean cryptocurrency laundering?

What’s in your wallet Barry Silbert? A Forbes investigation shows that despite alleged safeguards, Grayscale’s owner fee revenues boomed after crypto mixer Railgun saw a sudden increase in laundered money in 2023.

_{By means of}_{Javier Paz}_{Forbes staff}

In the world of cryptocurrency privacy is a big deal. For those who have something to hide, so-called cryptocurrency mixers exist to disguise the identities of owners by collecting the digital currency into pools, disconnecting them from the original crypto wallets and making it almost impossible to collect the original source of funds. In 2022, perhaps the most infamous mixer, Tornado Cash, was blacklisted by the US Treasury Department for allegedly laundering billions of dollars for criminals, including the group fronted by North Korea.

US law enforcement authorities say a North Korean hacker group known as the Lazarus Group has used mixers, among other things Blender.ioTornado Cash, Railgun and Sinbad.ioto launder stolen crypto. The graph below shows that mixers have been used to launder more than $700 million in stolen funds from blockchain-based applications such as the online game Axie Infinity, Atomic Wallet and Harmony Bridge, a tool that allows users to move tokens on the Harmony blockchain . to other major networks such as Ethereum. According to reports from the Wall Street Journal, Lazarus has stolen over $3 billion worth of crypto.

Crypto Hacks from Lazarus Group

Hacks (red) and the mixers (green) with which the proceeds were allegedly laundered. The green numbers do not always equal the red numbers, because hacked funds do not always equal laundered funds, and some funds are laundered more than once

Source: FBI, US Treasury Department data compiled by Forbes

TThe Harmony hack stands out from the others because US law enforcement authorities have not penalized Railgun, unlike the other mixers mentioned above. The Treasury Department did not respond to a request for comment on Railgun. However, new information suggests that Digital Valuta Group (DCG), owner of the $25 billion crypto fund manager Grayscale, likely profited from money laundering through Railgun. A two-month Forbes investigation, backed by data from blockchain intelligence firm ChainArgos, shows that DCG has received $436,906 in fees from Railgun from June 2023 to date. This figure represents 18% of the $2.4 million paid out by Railgun. According to Elliptic, mixer Railgun would have been involved in as much as $60 million in money laundering for the Lazarus Group in 2023.

A corporate spokesperson for DCG declined to comment for this story. Multiple requests for comment sent to Railgun went unanswered.

The Harmony Hack

According to the FBI, North Korea’s Lazarus Group stole $100 million worth of crypto, including ether, USDC, WBTC and eleven other tokens, from the blockchain bridge Harmony in June 2022. It obtained the funds by compromising the password of one of the bridge’s administrators for a cloud storage program, which it then used to steal the private keys that secured the customer’s assets in transit. “The stolen funds remained dormant for seven months, according to crypto forensics firm Elliptic, when “41,647 ETH was sent to the Railgun Relay Contract through 71 accounts between January 11 and 14, 2023.” Lazarus Group’s Railgun exit strategy was also traced to “184 suspense accounts before depositing on various exchanges using 19 deposit addresses targeting Huobi, Binance and OKX.”

On April 16, 2024, UK-based Railgun denied the alleged mix-up on X, saying: “This is not true and it is false reporting.” Still, in early 2023 there was a huge increase in Railgun usage and costs. Historically, Railgun processed mixing volumes of between 1 and 5 ether per day. The volume rose to ETH 41,000 on January 13, coinciding with the alleged money laundering, and has never been reached again.

DCG’s investment

In January 2022, DCG invested $10 million in Railgun and received 5 million RAIL (the network’s native token) in return. Based on recent prices, DCG’s investment in RAIL is now worth $3.9 million, a drop of more than 60%. DCG has staked these tokens, which is a form of placing them as collateral in the protocol so that it could vote on major business decisions about its future and receive a share of the network fees paid by users. The DCG RAIL tokens were placed in five separate Ethereum wallets:

0x5348b77cF55B90147CbB6a938e0058DD25cbF0CA

0x3decD5DA4bC6489dfe1e73d0469c59f281ED8811

0x54Aa22EaCB1da8Ee635Ab0E94C8DA77F49916b4E

0x02698237DDC5Cf63660DA2cfD10934C911433724

0xE82f012dd671f94094d0c33D9E8c99330D1D2B79

In addition, DCG donated $7.1 million worth of a stablecoin called DAI, whose value is pegged to the price of the US dollar, to Railgun’s treasury for general corporate use. “It’s very novel to have a major investor send money to a fully decentralized DAO treasury to support a project, without any admin key or multisig team,” said attorney Edward Fricker, who advised on the deal on behalf of Railgun, in a statement at the time.

Based on data from ChainArgos and Elliptic, Forbes calculates that the alleged North Korean laundering of $60 million created a compensation pool of at least $260,000 that was available for withdrawal from Railgun as of January 21, 2023. However, DCG waited until June 2023 to claim its share of the Railgun reimbursements. delay time 26 other blockchain addresses claimed reimbursements from Railgun.

Did DCG wait five months to claim its fees in an attempt to distance itself from alleged illegal activities? DCG did not respond to Forbes. ChainArgos CEO Jonathan Reiter said: “If pooling fees from money laundering was legal by simply waiting a few weeks, law enforcement would not be impressed.”

But it wouldn’t have made any difference. Railgun’s code automatically links accrued fees to a deployed address or recipient. “There is compelling evidence that DCG claimed rewards for the alleged January 2023 money laundering incident,” said Matthew Sampson, co-founder of blockchain analytics firm Gray Wolf. “Railgun’s smart contract specifies who is owed a reward and the tokens for that period were reserved for DCG regardless of when they were claimed.”

Railgun rewards for DCG

The chart below shows recent fees paid by Railgun to DCG wallets. Not all income from the mixer fee comes from alleged money laundering.

Source: Ethereum and Arkham data compiled by Forbes

TThe rewards due to the deployed RAIL in the five wallets above are delegated to the address (0xFED429FB7d243380B25bC11B10561D5A27f42D8E), which illustrates the links to DCG receiving Railgun rewards. The reward tokens were received by each recipient in the form of three tokens, stablecoin DAI (49%), governance token RAIL (30%) and also wrapped ETH (WETH, 21%). A stablecoin is equal to one unit of selected fiat currencies, in this case the US dollar. The RAIL Governance Token allows holders to vote on proposals for each token held, similar to proxy voting in the equity world. WETH is an ETH that is ‘wrapped’. This allows it to move across multiple blockchain protocols and not be limited to the native Ethereum protocol.

DEFI Compliance

DCG’s involvement in this episode is an example of how decentralized finance (DeFi) applications in crypto, which mirror banking functions on a blockchain, are struggling to balance privacy tools with the need to keep bad actors off their systems. A common accusation from the makers of these platforms is that they are decentralized, and therefore beyond everyone’s control. However, this statement rarely reaches law enforcement officials, especially in the US

According to the US authorities’ In the guidelines on Bank Secrecy Act responsibilities, published in October 2021, “members of the virtual currency industry are responsible for ensuring that they do not, directly or indirectly, engage in transactions prohibited by the sanctions of the Treasury Department’s Office of Foreign Assets Control (OFAC), such as dealing with blocked persons or property, or engaging in prohibited trade or investment-related transactions.” Referring specifically to DeFi projects, a spokesperson for the Internal Revenue Service’s Criminal Investigation unit said Forbes that “these platforms require constant maintenance and development to keep pace with technology and keep criminals at bay, and that requires the company behind the DeFi platform to monitor what is happening on the platform and ensure that the law – and regulations are complied with.”

Violations of the Bank Secrecy Act often go undetected, in part because the U.S. government is understaffed. “FinCEN has been under-resourced for years and may have at most 10 people responsible for thousands of money services businesses, including crypto exchanges, some of which move trillions of dollars a year,” said Amanda Wick, a former supervisor at the department. of Justice and client at Incite Consulting.

“The (government) is short-staffed and crime is on the rise,” said Victor Fang, CEO and co-founder of blockchain analytics Anchain, which works closely with the Internal Revenue Service’s Criminal Investigations Team that tracks financial crime. “There are 50,000 cases in the US alone, they’re in law enforcement agencies, so how exactly are they going to use Chainalysis or other vendors manually? It’s impossible.”

It appears that Railgun is working on a technological solution to improve compliance. In May 2023, Railgun partnered with Chainway Labs, creator of “Proof of Innocence,” to usher in new functionality that could help it better comply with regulations. The Proof of Innocence solution, also known as Privacy Pools, allows users to choose whether or not to provide cryptographic proof that user tokens do not come from sanctioned wallets. The good people provide that evidence, the bad guys stay away, or so the thinking goes. The problem is that bad guys easily create a large number of new unapproved wallets, with layers separate from their illegal activities, to outsmart these types of solutions.

Patrick Tan, General Counsel of ChainArgos, says: “You can’t have a permissionless, compliant system – you’re always behind the times when it comes to blacklisting or trying to catch the bad guys.”