Did the Digital Currency Group profit from $60 million in North Korean Crypto Money Laundering?

What’s in your wallet Barry Silbert? A Forbes investigation reveals that despite the supposed security, the owner of Grayscale’s income increased after its Railgun crypto mixer saw a sudden increase in 2023.

_{By Javier PazForbes staff}

---

To the secretive world of cryptocurrency is a big deal. For those who have something to hide, the so-called cryptocurrency mixers exist to hide the identity of the owners by manipulating the digital currency in pools, separating it from the original crypto wallets, and making it it may be difficult to identify the primary source of funding. In 2022, perhaps the most notorious combination, Tornado Cash, was blacklisted by the United States Treasury Department for allegedly laundering billions of dollars for criminals, including a leading group in North Korea.

US law enforcement officials say a North Korean-hacker outfit known as the Lazarus Group has been using mixers including Blender.io, Tornado Cash, Railgun and Sinbad.io, to steal stolen crypto currency. The chart below shows that mixers have been used to launder more than $700 million in stolen funds from blockchain-based applications such as the online game Axie Infinity, Atomic Wallet, and Harmony Bridge, an app which allows users to transfer tokens from the Harmony blockchain. on other major networks such as Ethereum. According to a report from Wall Street Journal, Lazarus stole more than $3 billion.

---

Lazarus Group Crypto Hacks

Hacks (red) and mixers (green) used to make money. The numbers in green do not always equal the numbers in red because hacked funds do not always equal laundered funds, and some funds are hacked more than once.

---

The Harmony hack stands out from the rest because the US regulatory authorities have not approved the Railgun, unlike the other mixers mentioned above. The Treasury did not respond to a request for comment about Railgun. However, new information suggests that Digital Currency Group (DCG), owner of the $25 billion crypto fund manager Grayscale, may have benefited from Railgun. A two-month Forbes investigation backed by data from blockchain intelligence firm ChainArgos shows that DCG has received $436,906 in fees from Railgun from June 2023 to date. This figure represents 18% of the $2.4 million that Railgun paid. According to Elliptic, the Railgun combination may have contributed to the fraud of about 60 million for the Lazarus Group in 2023.

A spokesperson for the DCG company declined to comment for this story. Multiple requests for comment sent to Railgun were not answered.

The Harmony Hack

In June 2022, according to the FBI, the North Korean Lazarus Group stole $100 million worth of crypto, including ether, USDC, WBTC, and 11 other tokens, from the blockchain bridge Harmony. It obtained the money by compromising the password of one of the bridge administrators in the cloud storage program, which it then used to steal the private keys that protect the clients’ assets when they travel. “The stolen funds remained dormant for seven months, said crypto forensics firm Elliptic, when “between January 11 and 14, 2023, 41,647 ETH were sent to the Relay Contract through accounts 71.” The Lazarus Group’s Railgun exit strategy was also traced to “184 accounts before depositing into various currencies using 19 deposit addresses targeting Huobi, Binance and OKX.”

On April 16, 2024, Railgun, based in the United Kingdom, denied the alleged involvement with X saying, “This is not true and a false report.” However, there was a major problem with Railgun’s usage and fees in early 2023. Historically, Railgun handled multiple combinations between 1 and 5 ether per day . Volume rose to 41,000 eth on January 13, in line with the so-called dumping, and was never reached again.

DCG investment

In January 2022, DCG invested 10 million dollars in Railgun and in return received 5 million RAIL (natural network token). Based on recent prices, DCG’s investment in RAIL is now worth $3.9 million, down more than 60%. DCG staked these tokens, which is a way of putting them as collateral in the protocol so that it can vote on important business decisions about its future and receive a share of the network’s fees. paid by users. DCG RAIL tokens were deposited into five separate ethereum wallets:

0x5348b77cF55B90147CbB6a938e0058DD25cbF0CA

0x3decD5DA4bC6489dfe1e73d0469c59f281ED8811

0x54Aa22EaCB1da8Ee635Ab0E94C8DA77F49916b4E

0x02698237DDC5Cf63660DA2cfD10934C911433724

0xE82f012dd671f94094d0c33D9E8c99330D1D2B79

In addition, DCG donated $7.1 million of a stablecoin called DAI, whose value is based on the price of the US dollar to the Railgun asset for general business use. “It is very new to have a large investor send funds to a DAO asset that supports the project, without an admin key or a multisig group,” lawyer Edward Fricker, who advised the cause of Railgun, said in a statement. at that time.

Based on data from ChainArgos and Elliptic, Forbes estimates that the alleged North Korean theft of $60 million created a surplus of at least $260,000 that was available for withdrawal from Railgun as of January 21, 2023. However, DCG is waiting to claim its share of Railgun fees until June 2023. During that time. lag time 26 addresses other blockchain said payments from Railgun.

Did DCG wait five months to claim its dues in order to disassociate itself from the alleged illegality? DCG did not respond to Forbes. ChainArgos CEO Jonathan Reiter said: “If the integration fees from the cryptocurrencies are legal by waiting a few weeks, law enforcement will not be impressed”.

But it wouldn’t matter. The Railgun code automatically depends on which charges are collected at the address or receiver. “There is strong evidence that DCG received proceeds from the January 2023 money laundering incident,” says Matthew Sampson co-founder of blockchain analytics firm Gray Wolf. “The Railgun smart contract dictates who should be rewarded and the time tokens were reserved for DCG, regardless of when they were claimed.”

---

Railgun Rewards at DCG

The chart below shows the latest payouts by Railgun to DCG wallets. Not all mixers’ income comes from money laundering.

---

Tthe wages owed to RAIL placed on the above five parcels were allocated to the address [0xFED429FB7d243380B25bC11B10561D5A27f42D8E]showing DCG connections that receive Railgun rewards. Reward tokens were received by each host in the form of three tokens, stablecoin DAI (49%), government token RAIL (30%), and wrapped in ETH (WETH, 21 %). A stablecoin is equal to one unit of a designated fiat currency, in this case the US dollar. The RAIL token allows shareholders to vote on proposals for each token held, similar to global proxy voting. WETH is “bundled” ETH. This allows it to run on multiple blockchain protocols and not be limited to its native Ethereum protocol.

DEFI Compliance

DCG’s participation in this event is an example of how decentralized finance (DeFi) applications in crypto mirror banking through the blockchain struggle to balance privacy tools and the need to keep bad actors out of the system. their performance. A common rebuttal from the developers of these platforms is that they are decentralized, and therefore beyond anyone’s control. However, that explanation is rarely accepted by law enforcement officials, especially in the US

According to the US authorities’ guidance on the responsibilities of the Bank Secrecy Act released in October 2021, “members of the financial industry have a responsibility to ensure that they do not participate, directly or indirectly , in transactions prohibited by the Office of Foreign Assets Control (OFAC) sanctions, such as transactions with prohibited persons or goods, or conducting prohibited activities related to trade or investment especially with DeFi projects, a spokesperson for the Internal Revenue Service’s Criminal Investigation branch said. Forbes that “these platforms need continuous maintenance and development to keep up with technology and prevent hackers, and that requires the company behind the DeFi platform to monitor what is happening on the platform and ensure that rules and regulations are followed.”

Bank Secrecy violations often go undetected in part because the US government is understaffed. “FinCEN has been under-resourced for years and may have as many as 10 people responsible for thousands of financial services businesses, including crypto exchanges, some of which run billions of dollars a year,” says Amanda Wick, former director at the Department. of Justice and principal with Incite Consulting.

“The [government] is short on staff and crime is increasing,” added Victor Fang, CEO and co-founder of blockchain analytics Anchain, who works closely with the Internal Revenue Service’s Criminal Investigations Team tracking financial crimes , “There are 50,000 cases pending with law enforcement. [desks] in the US only how exactly are they going to use Chainalysis or other vendors manually? It will not be possible.”

It appears that Railgun is working on a technological solution to improve its compliance. In May 2023, Railgun partnered with Chainway Labs, the creator of “Proof of Innocence”, to develop a new process that would make it compliant with regulation. The Proof of Innocence solution, also called Privacy Pools, allows users to choose whether to provide privacy proof that user tokens do not come from authorized wallets. Good people testify, bad people stay away, or so the thinking goes. The problem is, bad guys create new wallets that are not easily authorized, with features of division and their illegal activities, to pass solutions like this.

ChainArgos Senior Advisor, Patrick Tan, says, “You can’t have a system that doesn’t have consistent permissions – you’re always going to be behind when it comes to posting illegals or trying to catch people who don’t.” bad.”

MORE FORBES