Name
Vitalik Buterin praises compliance-focused privacy project Railgun for preventing zKLend attacker from laundering stolen funds
Publish date
12:00am, Thursday, February 13, 2025
Referenced by
Vitalik Buterin recognized privacy-focused Railgun project
Crypto news
News story
However, unlike most so-called “mixers,” Railgun has implemented a system called “Private Proofs of Innocence” designed to block illicit funds from entering the privacy pool. When deposited into Railgun, tokens are automatically screened against a list of known malicious addresses. If found to have a suspicious provenance, the tokens will not be allowed to enter the protocol’s privacy set and can only be withdrawn to the original address. It appears that is precisely what happened on Railgun. On Feb. 12, an attacker began exploiting an unknown “rounding error bug” on the Starknet-based money-market protocol zkLend that allowed him to withdraw 3,600 ETH (worth around $9.5 million at the time). After inflating his balance by repeatedly depositing and withdrawing wstETH by manipulating the “lending_accumulator,” the attacker bridged his assets to the Ethereum mainchain and moved them to Railgun. Because all of this so far was visible onchain, the zKLend team contacted the hacker in an attempt to get him to send back the majority of the funds and keep 10% as a “white hat” reward. “We are actively tracking the funds and pursuing the identification of the hacker, in collaboration with @StarkWareLtd, the @StarknetFndn, @zeroshadow_io (formerly @chainalysis Incident Response), Binance Security Team, and @HypernativeLabs,” the team posted.
Crypto news
Quote
Railgun is a protocol that enables users to conduct anonymous transactions on Ethereum by using zero-knowledge proofs and liquidity pools to hide details about the sender, recipient and transaction amount. However, unlike most so-called “mixers,” Railgun has implemented a system called “Private Proofs of Innocence” designed to block illicit funds from entering the privacy pool. When deposited into Railgun, tokens are automatically screened against a list of known malicious addresses.
Crypto news
Quote