Blog Post

Railgun Demystified: The Billion-Dollar ZKP Cryptocurrency Investigation Challenge

November 20, 2024

In January 2023, the FBI alleged that the North Korean Lazarus Group used Railgun, a smart contract-based privacy protocol, to launder over $60 million (41,000 ETH) in Ethereum stolen during the 2022 Harmony Horizon Bridge heist. AnChain.AI served as the official primary incident responder. At the time of writing, the laundered funds are valued at approximately $120 million USD.

Since its inception in 2022, Railgun has facilitated over $2 billion in cryptocurrency transactions, with Wrapped Ethereum (WETH) accounting for 76% of the total transaction volume. This activity highlights Railgun’s growing role in blockchain privacy.

Railgun's Monthly Inbound and Outbound Transaction Volume on Ethereum

Railgun Deposit Token Transaction Distribution

Railgun poses unique challenges for cryptocurrency investigation, particularly in tracing illicit activities. This blog will dive deeper into the fundamentals and inner workings of Railgun, its innovative privacy mechanisms, and how cutting-edge solutions trusted by leading global regulators can more effectively combat money laundering.

What Is Railgun?

Railgun, leveraging smart contracts and Zero Knowledge Proof (ZKP) technology, emerged in the blockchain privacy landscape as a modern alternative to traditional cryptocurrency mixers. Unlike mixers that obscure transactions by pooling funds off-chain, Railgun directly integrates privacy features into on-chain transactions, aiming to redefine how users maintain anonymity in decentralized finance (DeFi).

Railgun operates on Ethereum and other EVM-compatible networks, employing zero-knowledge proofs (zk-SNARKs) to facilitate private, on-chain transactions. zk-SNARKs enable users to prove the validity of a transaction without revealing any sensitive information. This approach eliminates the need for third-party layers or bridges often associated with privacy risks and operational complexity, offering seamless integration with decentralized finance (DeFi) applications.

How does Railgun make your transactions anonymous? According to Railgun, it only takes 4 simple steps:

Create: Setup your non-custodial RAILGUN Wallet with a private 0zk address.
Shield: Shield any ERC-20 token or NFT into a 0zk address of your choice.
Transact: Once shielded, tokens, balances, and transactions are encrypted.
Use: Transfer assets between 0zk addresses and use DeFi anonymously.

However, while these steps seem simple enough, the challenge presented by Railgun comes into sharper focus when we more closely examine its inner workings.

Screenshot of Railway, the official Railgun’s wallet app for “shielding” tokens

What is zk-SNARK?

Railgun, at its core, is a smart contract DApp that uses Zero Knowledge Proofs (ZKPs), specifically zk-SNARK, to ensure transaction privacy.

ZKPs are cryptographic techniques that allow one party (the prover) to convince another party (the verifier) that they know a form of information, without revealing the actual value. This is done through cryptographic evidence, keeping both the proof and the data hidden. zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) are a specific form of ZKP that are non-interactive, meaning no back-and-forth is required between the prover and verifier.

In Railgun’s privacy system, zk-SNARKs allow smart contracts to act as verifiers. When a user wants to make a transaction, zk-SNARKs enable the user to prove that their action (i.e. transferring tokens or interacting with a DeFi protocol) follows the rules without revealing any sensitive details, such as addresses or transaction amounts.

The technical flow involves several key components:

Trusted Setup: Generate the cryptographic parameters required for proof creation and verification, using elliptic curve cryptography to establish a system of public parameters. These parameters ensure that subsequent proofs are verifiable.
Circuits: In the Railgun protocol, a “witness” (the private data like the user's token balance or transaction) is used within a cryptographic circuit. This circuit defines the conditions that must be met (e.g., valid transaction amounts, and sufficient balances). The prover computes a solution (proof) based on this witness and circuit.
Proof Generation: A succinct, cryptographically valid proof is generated, attesting that the user knows a witness that satisfies the circuit’s conditions without revealing the witness itself.
Verification: The proof is submitted to the network, where it is verified using the public parameters from the trusted setup. Importantly, the verification process is computationally efficient, allowing for real-time validation on-chain.

The magic of zk-SNARKs lies in their efficiency - producing small, easily verifiable proofs ideal for blockchains where speed and privacy are crucial. This allows Railgun’s system to leverage cryptographic circuits to process different transaction types, each defined by specific numbers of inputs (UTXOs) and outputs. The circuits manage everything from multi-sends to private NFT shielding. With 54 distinct circuits, Railgun can handle many combinations and the system automatically routes transactions to optimize for gas and cost savings. This flexible design supports a variety of token standards, including ERC-20, ERC-721, and ERC-1155, enabling Railgun to handle diverse transaction types efficiently.

Demystify Railgun Smart Contracts

The Role of Smart Contracts in Cryptocurrency Tracing

Smart contracts and the rise of Railgun have fundamentally redefined how cryptocurrencies are traced. The challenge is twofold:

Technical Complexity: Railgun’s privacy-focused design and use of ZKP technology obscures transaction details, making it difficult to link deposits to withdrawals without specialized tools.
Legal Ambiguity: The inherent privacy of these transactions raises questions about accountability, especially when the same features used to protect user privacy are exploited by bad actors.

For serious crypto investigators, understanding smart contract mechanics is no longer optional—it’s become an essential skill.

Key Railgun Smart Contract Addresses on Ethereum Mainnet

Railgun operates through a network of specialized smart contracts. It operates through two primary smart contracts on the Ethereum mainnet:

Railgun Relay Contract:

Address: 0xfa7093cdd9ee6932b4eb2c9e1cde7ce00b1fa4b9
Description: Facilitates the relaying of transactions within the Railgun system, ensuring user interactions remain private and secure.

Railgun Smart Wallet Contract:

Address: 0xc0BEF2D373A1EfaDE8B952f33c1370E486f209Cc
Description: Manages core functionalities of the Railgun privacy system, including shielding and unshielding of assets, and processing private transactions. [Read more on Unshield ]

Note: While these addresses are specific to Ethereum, Railgun also operates on other networks like Binance Smart Chain (BSC), Polygon, and Arbitrum, each with distinct contract addresses.

Analyzing the Railgun Relay Smart Contract

Railgun’s Relay Contract, analyzed using AnChain.AI’s SCREEN smart contract evaluation platform, is broadly categorized as a Pausable Upgradeable Proxy. This architecture offers flexibility and security by allowing upgrades while maintaining operational control.

Railgun Relay Smart Contract source code analyzed by AnChain.AI

The real-world implications of this design are best understood through a case study involving sophisticated money laundering activities.

Case Study: The Harmony Bridge Hack and Railgun’s Role

Harmony hacker [address] received 897 ETH ($2.7 Million) from Railgun as part of their money laundering effort, in Jan 2023. [Transaction hash]

In January 2023, a wallet associated with the infamous Harmony Bridge hack laundered 897 ETH (approximately $2.7 million) through Railgun. While the transaction (as highlighted above) appeared straightforward, it was underpinned by 31 distinct smart contract events, many of which escaped detection by conventional investigative tools. This complexity highlights the sophistication of Railgun’s privacy mechanisms and their ability to obscure the true flow of funds.

Unveiling the Intricate Internal Transactions

The detailed “Shield” and “Unshield” (Transact) events in the Railgun smart contract transaction timeline

Traditional blockchain explorers fail to capture the granular details of Railgun’s privacy-preserving transactions. To address this challenge, SCREEN’s advanced transaction graphing and simulation capabilities help investigators break down Railgun’s internal processes, uncovering hidden flows and patterns.

For instance, the internal transaction timeline in SCREEN, as shown above, can reveal the complex patterns of fund movement, including the back-and-forth transfers, as part of Railgun’s Zero Knowledge Proof (ZKP) privacy system.

A New Challenge For Cryptocurrency Investigators

Railgun’s privacy-focused design and use of ZKP technology have created significant hurdles for cryptocurrency investigators but not impossible.

Successful investigations rely heavily on contextual factors, such as external interactions with exchanges, deposit and withdrawal activity patterns, and potential associations identified through behavioral or clustering analysis.

Key Heuristics for Investigating Railgun Transactions

Based on AnChain.AI’s extensive investigative experience, the following heuristics have been developed to probabilistically trace and analyze transactions through Railgun. Each approach targets specific aspects of Railgun’s functionality to infer potential links between deposit and withdrawal events:

1. Entry and Exit Point Heuristic

Focus: Observe funds entering (shielding) and exiting (unshielding) Railgun.
Method: Track public addresses depositing funds into Railgun and monitor withdrawal transactions to see where funds reappear on public addresses.
Limitation: Does not reveal internal transfers within Railgun but provides potential endpoints.

2. Timing Heuristic

Focus: Analyze the timing of deposits and withdrawals.
Method: Look for correlated timing between large or unique deposit and withdrawal events that may suggest links.
Limitation: Probabilistic; works best with unique timing patterns but may produce false positives.

3. Off-Chain Correlation Heuristic

Focus: Link on-chain Railgun activity with off-chain events.
Method: Compare Railgun transactions with external factors, such as exchange activities or known blockchain social interactions.
Limitation: Relies on availability and quality of off-chain data.

4. Clustering Heuristic

Focus: Identify related addresses through transaction patterns.
Method: Use clustering algorithms to find behavioral similarities in addresses interacting with Railgun, potentially identifying entities or groups.
Limitation: Privacy may reduce clustering accuracy; patterns are often complex and ambiguous.

5. Governance Interaction Heuristic

Focus: Examine Railgun governance or public wallet interactions.
Method: Analyze known governance or public addresses that may have ties to Railgun and observe their transaction behaviors.
Limitation: Only applicable if Railgun uses publicly known governance addresses.

Concluding Remarks

The challenges presented by Railgun raise a compelling question about the modern state of cryptocurrency investigations. How can investigators even begin to trace illicit funds when widely available privacy protocols thwart their most-used tools? In today’s digital asset ecosystem, understanding smart contracts is more than simply a suggestion, but a necessity. Protocols like Railgun challenge conventional approaches to blockchain tracing, highlighting the need for continued innovation in forensic technology and investigative strategies.

AnChain.AI is committed to solving this problem through technology and continues to equip leading global regulators with the technology to penetrate the smart contract layer and completely redefine the world’s cryptocurrency investigation capabilities.