Did North Korean Hackers Use Railgun? Protocol Fervently Denies

Railgun denies allegations that North Korean hackers used its platform for laundering crypto. Here’s what the data says.

Kim Jong Un pressing the space bar on an old computer that says ' thank you for hacking'.
Created by Kornelija Poderskytė from DailyCoin
  • Railgun denies misuse by North Korean hackers. 
  • Multiple reports suggest otherwise. 
  • The protocol came into the spotlight following an investment by Vitalik Buterin. 

Railgun, a privacy-focused protocol using zero-knowledge proofs, came into the spotlight recently, after receiving high-profile backing. Specifically, Ethereum co-founder Vitalik Buterin invested 100 ETH, or $325,000 into the protocol. 

However, this attention has prompted many observers to comment on the protocol’s alleged use by North Korean hackers. In response to these allegations, Railgun presented a strong denial, saying that any use by hackers is purely speculation. 

Railgun’s Response to Claims About North Korean Hackers

On Monday, April 15, in response to allegations that North Korean hackers, known as the Lazarus group, might have exploited Railgun’s privacy technology for illicit purposes, Railgun issued a strong denial. They emphasized the robust security of their protocol and claimed it does not allow for sanctioned parties to participate. 


“Any suggestion that sanctioned individuals, governments, or entities such as North Korea have used RAILGUN have no evidence & are based only on speculation,” the protocol stressed, according to crypto reporter Colin Wu. “From 2023, all RAILGUN transactions go through a Private Proofs of Innocence check, which verifies that transactions do not come from sanctioned or malicious activity,” they added. 

Private Proofs of Innocence is a system Railgun uses to ensure that all transactions processed through Railgun are not associated with any known malicious or sanctioned entities. According to Railgun, all transactions going into the system undergo a check against a list of transactions and wallets deemed undesirable. The protocol then generates a blinded proof, which accompanies the funds through any subsequent transactions through Railgun. 

Any external exchanges or independent parties receiving the funds can verify this proof without revealing sensitive information about the user’s identity or transaction details. 

Did North Korean Hackers Use Railgun? 

However, despite Railgun’s security measures, multiple reports suggest that hackers have used the protocol. According to crypto investigator ZachXBT, on January 16, the Lazarus group moved $63.5 million from the Harmony Bridge hack through Railgun. 

Moreover, in its January report, blockchain research firm Elliptic claimed that North Korean hackers moved to Railgun following the lawsuit against Tornado Cash. While not a crypto mixer per se, Railgun allows for the anonymization of crypto transfers. 

Unlike Tornado Cash, Railgun has systems in place to block sanctioned addresses. However, the system is not perfect. The effectiveness of its Private POI system depends heavily on the real-time updating and accuracy of the lists that identify undesirable transactions and actors.

If new wallets or transactions associated with illicit activities are not promptly added to the blocklist used by the POI system, these funds could be shielded and circulated within the Railgun system before being recognized as originating from a malicious source.

On the Flipside

  • After US authorities sanctioned Tornado Cash, the mixer saw a significant drop in volume. However, despite sanctions, Tornado Cash continues to operate on decentralized networks. 
  • The Lazarus Group has been implicated in several significant cybersecurity incidents. In addition to the $100 million Harmony Bridge hack, they also stole $625 million from the Ronin network in 2022. 

Why This Matters

The controversy behind North Korean hackers using Railgun has significant implications for crypto. For decentralized technologies to gain and retain trust, they must demonstrate effectiveness in privacy protection and robustness against misuse.

Read more about the recent Senate probe into FTX: 
Did CFTC Know About the FTX Collapse? Warren Issues Probe

Read more about tokenized assets: 
RWA’s Are On the Rise: MANTRA CEO Discusses Their Future

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

David Marsanic

David Marsanic is a journalist for DailyCoin who covers the intersection of crypto, traditional finance, and government. He focuses on institutionalized crypto entities like major cryptocurrency exchanges and Solana, breaking down complex topics into easy-to-understand writing. David's prior experience as a business journalist at various crypto and traditional news sites has enabled him to maintain a critical approach to news while adhering to high journalistic integrity standards.