$5 million in stolen funds are “automatically returned”, why can the coin mixer Railgun become an anti-money laundering DeFi protocol?

Ethereum co-founder Vitalik, who has always supported Railgun, posted on social media to explain how Railgun successfully avoided handling funds obtained through crime this time.

Author: Ashley

Can the hacker's stolen money be forced to return?

On February 12, the lending protocol zkLend on Starknet was hacked, resulting in a loss of nearly $5 million. However, the hacker did not expect that after mixing the money into Railgun, the last step before laundering the money would be restricted by Railgun's protocol policy and forced to return it.

After the incident, zkLend suspended withdrawal services to ensure the safety of the remaining funds, and sent a message to the community stating that the team is actively tracking the hacker's identity and the flow of funds with multiple partners, promising to remain transparent and eventually release a detailed investigation and analysis report. In addition, zkLend also proposed to the hacker that he could keep 10% of the funds as a white hat bounty and transfer the remaining 90% (3,300 ETH) back to zklend's Ethereum address. After receiving the transfer, it will agree to waive any and all liability related to the attack.

As of press time, no hacker has responded to this proposal. zkLend posted on social media that it has submitted an incident report to the Hong Kong police, the FBI and the Department of Homeland Security, and will initiate legal proceedings.

$5 million in stolen funds are “automatically returned”, why can the coin mixer Railgun become an anti-money laundering DeFi protocol?

On February 13, Ethereum co-founder Vitalik, who has always supported Railgun, posted a message on social media specifically explaining how Railgun successfully avoided handling funds obtained through crime this time.

$5 million in stolen funds are “automatically returned”, why can the coin mixer Railgun become an anti-money laundering DeFi protocol?

After Vitalik posted the article, the market reacted very sensitively to the news, and Railgun rose accordingly. According to market data, as of press time, Railgun rose 7.00% in the past 24 hours, and the trading volume increased by 162.31%.

$5 million in stolen funds are “automatically returned”, why can the coin mixer Railgun become an anti-money laundering DeFi protocol?

How does Railgun do anti-money laundering on the chain?

When talking about Railgun, a policy agreement that is clearly aimed at anti-money laundering, we have to mention Tornado Cash, the leading project in currency mixing services.

Tornado Cash and Railgun are both in the privacy track and are the first projects to provide currency mixing services. Its privacy protection features make it a tool for hackers and criminals to launder and hide funds. It has attracted the attention of governments and regulators around the world, especially the US Treasury Department's Office of Foreign Assets Control (OFAC).

In August 2022, the U.S. Treasury Department imposed sanctions on Tornado Cash, saying that the service had laundered more than $7 billion in the past three years and helped the North Korean state-run hacker group Lazarus Group evade U.S. penalties. In May 2024, Alexey Pertsev, one of the founders and core developer of Tornado Cash, was sentenced to 5 years and 4 months in prison.

Tornado Cash has become a handy tool for hackers and money launderers because it has no anti-money laundering function. The heavy blow from the regulators has sounded the alarm for the entire privacy track. With Tornado Cash as a precedent, Railgun, as the second leader in the privacy track, naturally has to learn from the lesson, and the direction of improvement is very clear: anti-money laundering.

Railgun has adopted a stricter anti-money laundering strategy, focusing on strengthening compliance while protecting privacy. The core of this strategy is to ensure that the platform can both maintain the privacy of users and effectively respond to regulatory requirements to prevent funds from being used for illegal activities. The following are the specific measures taken by Railgun:

$5 million in stolen funds are “automatically returned”, why can the coin mixer Railgun become an anti-money laundering DeFi protocol?

In the first step, Railgun did not focus all its attention on optimizing the code, but cleverly compiled a blacklist from regulators, compliance platforms, etc. The blacklist covers transaction data related to illegal activities such as money laundering, fraud, and sanctions violations. With these criminal records, there are targets for precise strikes.

In the second step, after any user makes a deposit, there will be a 1-hour detection period during which various algorithms will analyze whether the deposit may be from the blacklist. The entire process is completely encrypted, and only the conclusion of "whether it is associated" is output. Sensitive information such as user addresses, transaction history or balances will not be disclosed, which can technically ensure that user privacy is not violated.

In the third step, users can use zero-knowledge proof (ZKP) to withdraw privately after 1 hour. In addition, Railgun’s internal protocol policy also stipulates that once a suspected blacklist address attempts to mix coins, the funds of the suspicious address will be forcibly returned.

Finally, Railgun proactively complies with regulations. All proofs generated by user wallets can be provided to exchanges or regulators, and these third-party institutions confirm the validity of the proofs through verification algorithms without obtaining user fund flows, wallet activity details, or identity data. This mechanism not only meets the needs of external institutions to review transaction compliance, but also completely avoids the risk of user privacy leakage, achieving "self-proven innocence without trust."

It is this combination of privacy protection, compliance mechanisms, and risk control strategies that constitutes the last barrier to intercept attackers from laundering money in this zkLend incident.

$5 million in stolen funds are “automatically returned”, why can the coin mixer Railgun become an anti-money laundering DeFi protocol?

The founder of SlowMist also said: "This is a good privacy solution."

Privacy track, where is the future going?

While Railgun is building a moat for compliance, U.S. regulatory policies seem to be loosening.

On November 27 last year, the U.S. Fifth Circuit Court ruled that the U.S. Treasury Department’s sanctions on Tornado Cash smart contracts were illegal. This is a historic victory for cryptocurrencies and all those who care about defending freedom. The founder of Uniswap called it “immutable smart contracts defeating the Treasury Department in court.”

Will this ruling give rise to more and more projects in the privacy sector that claim “code is not guilty” but actually encourage crime?

In any case, in the current environment where encryption regulation is becoming increasingly clear after Trump took office, Railgun, which combines privacy and compliance, should set an example for the development of this track.

Share to:

Author: 区块律动BlockBeats

This article represents the views of PANews columnist and does not represent PANews' position or legal liability.

The article and opinions do not constitute investment advice

Image source: 区块律动BlockBeats. Please contact the author for removal if there is infringement.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
3 hour ago
3 hour ago
6 hour ago
7 hour ago
8 hour ago
8 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读