© 2024 AnChain.AI. All Rights Reserved | Privacy Policy
This blog dives into the Proof of Innocence protocol in Railgun. For additional context, check out our previous analysis.
What happens when a privacy protocol claims to be unhackable? In January 2023, we found out. The FBI alleged that North Korean APT38 hackers had managed to launder over $60 million (~41,000 ETH) through Railgun—a decentralized smart contract system promising "Zero-Knowledge privacy." These funds, stolen during the 2022 Harmony Bridge heist, are now worth approximately $120 million. But how could this happen in a system designed to prevent such abuse?
As Harmony's official primary incident responder, AnChain.AI identified a significant transaction that exemplifies the exploitation: Harmony hackers laundered of 897 ETH ($2.7 million) using Railgun's privacy system.
This transaction (hash: 0x90d7b2f8fb4bcfe9ee4a72b1c09fda12dbe56a962faf41e33cf954c521202fb9) raises a crucial question: How effective is Railgun's Proof of Innocence in preventing illicit activities?
Railgun has denied these allegations, stating that its protocol was not used by North Korean hackers and asserting that its safeguards, including Proof of Innocence, prevent such misuse. However, on-chain evidence directly contracts this claim (DailyCoin, Cointelegraph). This tension raises further questions about the reliability of the protocol’s safeguards.
To this point, Railgun has not faced the same level of regulatory action as Tornado Cash, which has been sanctioned by the United States OFAC (Office of Foreign Assets Control). But does this mean Railgun's privacy safeguards are more effective? The answer lies in understanding their controversial Proof of Innocence system.
Railgun's Proof of Innocence employs zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) technology, allowing users to prove their funds aren't tainted—without revealing their identity or broader transaction history. The system is designed to allow the user to prove, to a third party, that none of their transactions match a set of transactions flagged for investigation.
While this technology aims to balance user privacy with the need for accountability in decentralized finance (DeFi), it comes with inherent limitations.
While Proof of Innocence provides a robust way to demonstrate non-involvement, there are several weaknesses in the system, particularly around evasion tactics and investigative limitations.
A critical aspect of the Proof of Innocence is its reliance on external third parties to provide the list of transactions that need to be checked. This makes it somewhat dependent on:
Think of it as a game of digital hot potato: What if bad actors simply create a new wallet before using Railgun? This simple yet effective evasion tactic reveals a fundamental flaw in the system's design. Proof of Innocence only checks the current wallet's transaction history, ignoring its provenance. Despite Railgun's claims, a single transfer to a "clean" wallet can bypass their entire security framework.
Since the proof only considers the transaction history of the wallet in question, users can perform a single-hop transfer to obscure the connection to a flagged wallet. Once the funds are in the new wallet, the user can interact with Railgun, and any Proof of Innocence will show that the “clean” wallet has no involvement with the suspicious transactions—despite originating from a flagged source.
This raises concerns about how effective the proof can be if users can easily sever their ties to suspicious activity by transferring funds between wallets.
The proof only works against the set of transactions provided by third parties. If investigators are unaware of a specific transaction or overlook key transfers, the proof could give users a false sense of absolution, as they could be deemed innocent simply because the relevant transaction wasn’t part of the initial investigation. This makes the proof highly dependent on the completeness of the third party’s data.
Another vulnerability in the system is transaction timing. Even if a user moves funds through multiple wallets or intermediaries, careful timing analysis can sometimes reveal suspicious behavior. For example, if funds move from a flagged wallet to a clean wallet and are then deposited into Railgun shortly after, blockchain forensic tools could link these events and raise suspicions, even though the Proof of Innocence might technically pass.
Railgun’s Proof of Innocence, as it currently operates, does not consider provenance—the full history of the funds being transferred. More comprehensive proof would be needed to trace the flow of funds through multiple intermediaries, but this is not currently within the protocol’s scope. For now, it only checks whether the funds in the user’s wallet were involved in the flagged transactions, without tracking their origin.
In June 2024, crypto investigator ZachXBT revealed a startling truth: the notorious Lazarus Group was allegedly laundering Poloniex hack funds through Railgun's privacy pools. Railgun's response? A deflection suggesting "list providers should step up." But doesn't this response itself reveal the fundamental weakness of their approach?
While Tornado Cash faces sanctions, Railgun operates in a gray area. But for how long? Their Proof of Innocence system, while innovative, suffers from critical vulnerabilities that could be exploited by bad actors. The question isn't whether it can be bypassed—we've seen that it can—but rather, how do we balance privacy with security in decentralized finance?
Organizations seeking to protect themselves need more comprehensive solutions that address multi-hop transactions and advanced evasion tactics. AnChain.AI's CISO Auto Trace AI offers multi-hop transaction tracking and pattern recognition, enabling greater security in an evolving DeFi ecosystem.
Railgun's Proof of Innocence represents an ambitious attempt to square the circle of privacy and compliance in DeFi. But as our analysis shows, ambition doesn't equal effectiveness. The system's vulnerabilities—from single-hop evasion to limited transaction scope—reveal the challenges of building truly secure privacy protocols.
As the cryptocurrency landscape evolves, one thing becomes clear: the balance between privacy and security requires more than just technological sophistication. It demands a fundamental rethinking of how we approach privacy in decentralized finance and maintaining the balance between personal privacy and regulatory compliance.
Want to protect your organization from cryptocurrency-related threats? Explore AnChain.AI's CISO solutions for comprehensive blockchain security.
© 2024 AnChain.AI. All Rights Reserved | Privacy Policy