Audit log

Every state-changing event for Railgun: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-14 06:02:37Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 419,628,936

   sig

   3sYvsxJtcNhL…wdPZeArVcopyexplorer ↗

   hash

   8M6JBS6QnwyM…QPGKruKQcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (33033 B) ▸

   {"actor":"system:backfill","investigation_id":"9d720b2d-db11-4ac1-8444-de2d1b0fd473","kind":"publish","page_slug":"railgun","published_at":"2026-05-14T06:02:37.475Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Railgun","sections":[{"content":"Railgun is a DeFi privacy system launched in January 2021, with open-source code released in July 2021 by a group of contributors described as 'mostly doxxed.' The protocol is deployed on Ethereum, BNB Smart Chain (BSC), Polygon, and Arbitrum. It uses zk-SNARK cryptography — specifically the Groth16 proving system also used in Zcash's early shielded transactions — to allow users to shield assets into private balances and interact with DeFi applications without exposing transaction details on-chain. Railgun is structured around non-custodial '0zk' wallets and a UTXO-based Merkle tree system for tracing ownership and balances cryptographically. Unlike bridge-based privacy solutions, Railgun operates entirely as on-chain smart contract logic without a separate layer-2 validator set or cross-chain bridge exposure. Multiple independent security audits were conducted: ABDK (July 2021), Trail of Bits (February 2022), and Zokyo (April and September 2022). The September 2022 Zokyo audit reported zero critical issues and rated testable code coverage at 100%, above the industry standard of 95%. An open bug bounty program of up to $250,000 is maintained on the open-source codebase.","heading":"Protocol Overview and Technology","severity":"low","sources":[{"credibility":2,"name":"RAILGUN Privacy System Wiki — Railgun Docs","type":"official","url":"https://docs.railgun.org/wiki/learn/privacy-system"},{"credibility":2,"name":"Zokyo Smart Contract Audit — September 2022","type":"research","url":"https://assets.railgun.org/docs/audits/2022-09-14%20Zokyo.pdf"},{"credibility":2,"name":"What Is RAILGUN? DeFi Privacy Protocol Explained — Gate Learn","type":"news_article","url":"https://www.gate.com/learn/articles/railgun-a-defi-privacy-protocol-praised-by-vitalik/2615"},{"credibility":2,"name":"Railgun Overview — RAILGUN Privacy Infrastructure for DeFi (Messari)","type":"research","url":"https://messari.io/report/railgun-privacy-infrastructure-for-defi"}]},{"content":"Railgun is governed by the RAILGUN Decentralized Autonomous Organization (DAO) using the RAIL token. RAIL holders must stake tokens to gain voting rights; stakers who interact with the governance contract at least once are designated 'Active Governors' and receive a share of DAO revenue derived from 0.25% deposit and withdrawal fees. There is no registered corporate entity behind Railgun. The project describes itself as having no VC investors or equity holders. Known contributors include: Alan Scott (co-founder and primary public-facing advocate), Emmanuel Goldstein (founder and development leader — a pseudonym referencing a character from George Orwell's '1984'), Kieran Mesquita (chief scientist), Dr. Andrey Kravchenko (security lead), and Hisham Galal Ph.D. (cryptographer). The pseudonymous nature of at least one founder — using a known fictional name — is a governance transparency concern common to many DeFi protocols. On-chain governance changes to the smart contracts require passing a formal proposal through the DAO. A total of 50 million RAIL tokens are allocated to the DAO treasury, locked and unminted, releasable only through governance vote.","heading":"Governance, Team, and Decentralization","severity":"medium","sources":[{"credibility":2,"name":"Decentralized Governance — Railgun Docs","type":"official","url":"https://docs.railgun.org/wiki/rail-token/protocol-governance"},{"credibility":2,"name":"RAILGUN Governance, Staking and Voting Guide — Medium (Railgun Project)","type":"official","url":"https://medium.com/@Railgun_Project/railgun-governance-and-staking-guide-eb31a4be3400"},{"credibility":3,"name":"All You Need To Know About Alan Scott, The Co-Founder of Railgun","type":"news_article","url":"https://usethebitcoin.com/crypto-personalities/all-you-need-to-know-about-alan-scott-the-co-founder-of-railgun/"},{"credibility":2,"name":"Exclusive: Interview with Emmanuel Goldstein, DeFi Scientist and Founder of Railgun — Crypto.news","type":"news_article","url":"https://crypto.news/exclusive-interview-emmanuel-goldstein-defi-scientist-founder-railgun/"},{"credibility":3,"name":"Exclusive Interview With Kieran Mesquita, Chief Scientist At Railgun.org — CoinGenius","type":"news_article","url":"https://coingenius.news/exclusive-interview-with-kieran-mesquita-chief-scientist-at-railgun-org/"}]},{"content":"On January 24, 2023, the FBI issued a public statement confirming that the North Korean state-sponsored hacking collective known as the Lazarus Group (also designated APT38) was responsible for the $100 million theft from Harmony's Horizon Bridge in June 2022. The FBI stated that on January 13, 2023, North Korean cyber actors used Railgun to launder over $60 million worth of Ethereum (approximately 41,000 ETH) stolen during that heist. A portion of the laundered funds was subsequently converted to Bitcoin and sent to multiple virtual asset service providers. Binance and Huobi reportedly froze accounts associated with the laundering attempt in coordination with law enforcement. Blockchain analytics firm Elliptic separately reported that the Lazarus Group switched to Railgun after Tornado Cash was sanctioned by the U.S. Treasury in August 2022. Elliptic also noted that because Harmony Bridge funds constituted such a substantial share of the Ethereum passing through Railgun at the time, the mixing was rendered less effective. The FBI's public statement is a Tier 1 source and constitutes the most significant documented allegation against the protocol. Railgun disputed these allegations (see Railgun's Response section).","heading":"FBI Allegation: Lazarus Group Use in Harmony Bridge Laundering","severity":"critical","sources":[{"credibility":1,"name":"FBI Press Release: FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft","type":"regulatory","url":"https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft"},{"credibility":2,"name":"FBI Confirms North Korea's Lazarus Group as Hackers Behind $100 Million Harmony Horizon Bridge Theft — Elliptic","type":"research","url":"https://www.elliptic.co/blog/analysis/fbi-confirms-north-korea-s-lazarus-group-as-hackers-behind-100-million-harmony-horizon-bridge-theft"},{"credibility":1,"name":"North Korea-linked hackers behind $100 million crypto heist, FBI says — CNBC","type":"news_article","url":"https://www.cnbc.com/2023/01/24/north-korea-linked-hackers-behind-100-million-crypto-heist-fbi-says.html"},{"credibility":2,"name":"Railgun Demystified: The Billion-Dollar ZKP Cryptocurrency Investigation Challenge — AnChain.AI","type":"research","url":"https://www.anchain.ai/blog/railgun-demystified"}]},{"content":"Following the FBI statement, Railgun issued a strong denial. The protocol stated that any suggestion that sanctioned individuals, governments, or entities — including North Korea — had used Railgun lacked evidentiary support and was based on speculation. Railgun's co-founder Alan Scott specifically stated that the Lazarus Group could not access the Railgun system due to its Private Proofs of Innocence (PPOI) mechanism. However, it is notable that the PPOI system — which Railgun credits as its primary compliance defense — was not deployed until 2024, after the January 2023 events described in the FBI statement. The protocol's earlier operation therefore lacked this safeguard at the time of the alleged Lazarus Group usage. Alan Scott has since engaged proactively with law enforcement, presenting at the FBI's Virtual Currency Symposium in Milwaukee and describing a generally positive reception. Scott acknowledged that legal actions against Tornado Cash developers (including the 2024 conviction of Alexey Pertsev for laundering $2.2 billion) have created a 'chilling effect' on privacy protocol development.","heading":"Railgun's Response and Denial of Illicit Use","severity":"high","sources":[{"credibility":2,"name":"Railgun Denies North Korea Ties as it Approaches $1B Total Volume — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/railgun-denies-north-korea-ties-as-it-approaches-1b-total-volume/"},{"credibility":2,"name":"Privacy Protocol Railgun Dismisses North Korea Laundering Claims — Yahoo Finance / CoinMarketCap","type":"news_article","url":"https://finance.yahoo.com/news/privacy-protocol-railgun-dismisses-north-052543472.html"},{"credibility":2,"name":"Why Railgun Project Co-Founder Talked to the Feds — and What's Next for Crypto Privacy — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/railgun-co-founder-talks-crypto-privacy-and-tornado-cash/"},{"credibility":2,"name":"Did North Korean Hackers Use Railgun? Protocol Fervently Denies, But Here's What the Data Shows — DailyCoin","type":"news_article","url":"https://dailycoin.com/did-north-korean-hackers-use-railgun-protocol-fervently-denies/"}]},{"content":"In May 2023, the RAILGUN DAO adopted Chainway's 'Proof of Innocence' tool, and by 2024 Private Proofs of Innocence (PPOI) was integrated as a mandatory requirement for all transactions. PPOI uses zero-knowledge cryptography to allow users to prove cryptographically that their funds did not originate from wallets associated with sanctioned entities, hacks, or exploits — without revealing the specific origin or balance. The mechanism works as follows: (1) a data source assesses transaction origins and generates an exclusion list of flagged deposits; (2) deposits not on the exclusion list are added to a PPOI accumulator; (3) when a user shields funds, a ZK proof must be generated demonstrating the deposit is within the accumulator and therefore not flagged. If a deposit cannot generate a valid PPOI, it is rejected by the protocol and returned to the originating address. Railgun contributor Alan Scott stated that if an address appears on the OFAC Specially Designated Nationals list, it will not receive privacy benefits from the protocol. The PPOI system was demonstrated in practice when Railgun blocked a $9.5 million laundering attempt by the zkLend attacker in February 2025 — returned funds sat flagged in the attacker's address — and again in July 2024 when it rejected a 174 ETH (~$530,000) laundering attempt by the Inferno Drainer phishing group.","heading":"Private Proofs of Innocence: Compliance Mechanism","severity":"low","sources":[{"credibility":2,"name":"Privacy Project Railgun DAO Adopts Chainway's 'Proof of Innocence' Tool — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2023/05/08/privacy-project-railgun-dao-adopts-chainways-proof-of-innocence-tool"},{"credibility":2,"name":"RAILGUN Reveals 'Private Proof of Innocence' Tool — Blockworks","type":"news_article","url":"https://blockworks.co/news/defi-privacy-zero-knowledge-proofs"},{"credibility":2,"name":"Vitalik Buterin Praises Compliance-Focused Privacy Project Railgun for Preventing zkLend Attacker from Laundering Stolen Funds — The Block","type":"news_article","url":"https://www.theblock.co/post/340807/vitalik-buterin-praises-compliance-focused-privacy-project-railgun-for-preventing-zklend-attacker-from-laundering-stolen-funds"},{"credibility":2,"name":"Inferno Drainer Fails Attempt to Launder ETH — Railgun — Cointelegraph","type":"news_article","url":"https://cointelegraph.com/news/inferno-drainer-fails-attempt-launder-eth-railgun"},{"credibility":2,"name":"Crypto Privacy Software Refuses Money Stolen in $9.5M Hack — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/crypto-privacy-software-refuses-money-stolen-in-95m-hack/"}]},{"content":"Despite implementation of the PPOI system, blockchain analytics firms have documented ongoing alleged criminal use of Railgun. Blockchain security company MistTrack has characterized Railgun as the 'official/unofficial money laundering tool' for crypto drainer groups, noting that criminal usage increased markedly from April 2024 onward. AnChain.AI published a technical analysis titled 'Railgun Demystified' describing how a single Railgun transaction can contain 31 distinct smart contract events, many of which evade detection by conventional investigative tools, posing significant challenges for law enforcement. On-chain analytics firm Nefture Security published an analysis in 2023 comparing Railgun to Tornado Cash as a rival destination for illicit funds. The effectiveness of PPOI against sophisticated state actors or well-prepared criminal groups remains debated, as the system relies on public exclusion lists that may lag behind newly identified malicious addresses.","heading":"Continued Alleged Criminal Use Despite Compliance Features","severity":"high","sources":[{"credibility":2,"name":"Railgun Demystified: The Billion-Dollar ZKP Cryptocurrency Investigation Challenge — AnChain.AI","type":"research","url":"https://www.anchain.ai/blog/railgun-demystified"},{"credibility":2,"name":"RailGun: A Rival for Tornado Cash's Criminal Money Laundering Haven? — Nefture Security / Coinmonks","type":"research","url":"https://medium.com/coinmonks/railgun-a-rival-for-tornado-cashs-criminal-money-laundering-haven-ff4ccb3f3fc6"},{"credibility":2,"name":"Vitalik Buterin Praises RailGun, But North Korean Hackers Use It — BeInCrypto / Elliptic","type":"news_article","url":"https://beincrypto.com/elliptic-north-korea-railgun/"},{"credibility":2,"name":"Railgun Blocks Inferno Drainer's Attempt to Launder Stolen Funds Worth 174 ETH — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/railgun-blocks-inferno-drainers-attempt-to-launder-stolen-funds-worth-174-eth/"}]},{"content":"As of May 2026, Railgun has not been sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC), unlike Tornado Cash, which was sanctioned in August 2022. However, the protocol has been the subject of ongoing regulatory scrutiny. CoinMarketCap published commentary in early 2023 questioning whether Railgun could be 'next on OFAC's crypto sanctions hit list.' In November 2024, a Fifth Circuit Court ruling held that OFAC's sanctions on Tornado Cash's immutable smart contracts exceeded its statutory authority under the International Emergency Economic Powers Act (IEEPA), a development that may reduce — but does not eliminate — the risk of similar action against Railgun's smart contracts. The EU has discussed banning crypto mixers and privacy tokens as part of anti-money laundering reform packages. The DOJ's April 2025 guidance de-emphasizing 'regulation by prosecution' in digital assets suggests a reduced near-term federal criminal prosecution risk in the United States, though this policy guidance is not legally binding and could change. No SEC, CFTC, or DOJ enforcement action against Railgun, its DAO, or its named contributors has been publicly disclosed as of the investigation date.","heading":"Regulatory Status and Sanctions Risk","severity":"high","sources":[{"credibility":2,"name":"Is Crypto Privacy Project Railgun Next on OFAC's Crypto Sanctions Hit List? — CoinMarketCap","type":"news_article","url":"https://coinmarketcap.com/academy/article/is-crypto-privacy-project-railgun-next-on-ofac-s-crypto-sanctions-hit-list"},{"credibility":2,"name":"Crypto Mixers and Privacy Protocols: The Sanctions Compliance Implications — Elliptic","type":"research","url":"https://www.elliptic.co/blog/analysis/crypto-mixers-and-privacy-protocols-the-sanctions-compliance-implications"},{"credibility":2,"name":"Railgun Privacy Protocol Surpasses $1B in Volume Amid Crackdown on Crypto Mixers — The Defiant","type":"news_article","url":"https://thedefiant.io/news/regulation/railgun-privacy-protocol-surpasses-usd1b-in-volume-amid-crackdown-on-crypto-mixers"},{"credibility":2,"name":"Upholding North Korea Sanctions in the Age of Decentralised Finance — RUSI","type":"research","url":"https://static.rusi.org/north-korea-sanctions-and-cryptomixers-op-march-2024.pdf"}]},{"content":"Ethereum co-founder Vitalik Buterin has publicly supported and used Railgun on multiple occasions, lending the protocol significant reputational credibility within the Ethereum ecosystem. Buterin has transferred as much as 400 ETH through the protocol in a single instance, and 300,000 USD in another documented transfer, both as a functional demonstration and to achieve transactional confidentiality. In February 2025, Buterin praised Railgun's response to the zkLend exploit, writing: 'This is a solid demonstration of Railgun's privacy pools mechanism working in practice, allowing Railgun to avoid serving proceeds of crime without using any snooping / backdoors.' Buterin co-authored a research paper in 2023 on 'Privacy Pools' exploring how curated privacy sets can screen out bad actors while preserving user anonymity — a concept aligned with Railgun's PPOI approach. His public advocacy has been credited with driving significant price increases in the RAIL token; one endorsement was followed by a reported 255% price surge. Buterin has also called privacy a 'first-class priority' for Ethereum, reinforcing the broader narrative of Railgun as legitimate infrastructure.","heading":"Vitalik Buterin Endorsements and Legitimate Use Narrative","severity":"low","sources":[{"credibility":2,"name":"Vitalik Buterin Endorses Privacy-Centric DeFi Protocol RailGun — BeInCrypto","type":"news_article","url":"https://beincrypto.com/vitalik-buterin-privacy-centric-defi-railgun/"},{"credibility":2,"name":"Vitalik Buterin Transfers $300,000 to Privacy Protocol Railgun (Again) — The Block","type":"news_article","url":"https://www.theblock.co/post/295971/vitalik-buterin-transfers-300000-to-privacy-protocol-railgun-again"},{"credibility":2,"name":"Vitalik Buterin Praises Compliance-Focused Privacy Project Railgun for Preventing zkLend Attacker from Laundering Stolen Funds — The Block","type":"news_article","url":"https://www.theblock.co/post/340807/vitalik-buterin-praises-compliance-focused-privacy-project-railgun-for-preventing-zklend-attacker-from-laundering-stolen-funds"},{"credibility":2,"name":"Railgun Token Soars as Vitalik Calls Privacy a 'First-Class Priority' for Ethereum — The Defiant","type":"news_article","url":"https://thedefiant.io/news/defi/railgun-token-soars-as-vitalik-calls-privacy-a-first-class-priority-for-ethereum"}]},{"content":"RAIL is the native governance token of the Railgun protocol. As of early 2026, the token's all-time high price was approximately $5.59, reached in November 2025. The token's market capitalization was approximately $82 million as of available data, ranking around #329 on CoinGecko. The token experienced a 181% price increase in 2024 (from ~$0.39 to ~$1.09), driven in part by Vitalik Buterin's public endorsements and growing protocol volume. RAIL is traded on decentralized exchanges such as Uniswap and is listed on several centralized exchanges. The total protocol volume exceeded $4 billion as of 2025, with approximately $1.7 billion attributable to 2024 transactions and $1.6 billion attributable to 2025 transactions as of reporting. WETH (wrapped Ethereum) comprises approximately 76% of total transaction volume. The fee structure charges 0.25% on deposits and withdrawals, with revenue distributed to active governance stakers.","heading":"RAIL Token and Market Profile","severity":"medium","sources":[{"credibility":2,"name":"Railgun Price Today, RAIL to USD Live Price, Marketcap and Chart — CoinMarketCap","type":"other","url":"https://coinmarketcap.com/currencies/railgun/"},{"credibility":2,"name":"Railgun Hits Record $4bn in Volume as Privacy Demand Surges — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/railgun-sees-record-shielded-transaction-volume/"},{"credibility":2,"name":"RAILGUN 2024 — A Year in Review — Medium (Railgun Project)","type":"official","url":"https://medium.com/@Railgun_Project/railgun-2024-a-year-in-review-fb93e6420172"}]},{"content":"Blockchain analytics firm AnChain.AI published an analysis highlighting the forensic challenges Railgun poses for investigators. A single Railgun transaction can generate 31 or more distinct smart contract events, many of which are not captured by conventional blockchain exploration tools. The ZK-SNARK architecture obscures the link between deposits and withdrawals, with AnChain.AI identifying five probabilistic investigative heuristics: entry/exit point tracking, timing correlation analysis, off-chain event linkage, address clustering, and governance interaction monitoring. The wrapped nature of assets (predominantly WETH) and the cross-chain capability across Ethereum, BSC, Polygon, and Arbitrum further complicate fund-tracing. These characteristics make Railgun substantially harder to investigate than non-privacy DeFi protocols, though the PPOI system is intended to limit the utility of the protocol for documented bad actors.","heading":"On-Chain Forensic Challenges","severity":"medium","sources":[{"credibility":2,"name":"Railgun Demystified: The Billion-Dollar ZKP Cryptocurrency Investigation Challenge — AnChain.AI","type":"research","url":"https://www.anchain.ai/blog/railgun-demystified"}]}],"sources_used":[{"credibility":1,"name":"FBI Press Release: FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft","type":"regulatory","url":"https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft"},{"credibility":1,"name":"North Korea-Linked Hackers Behind $100 Million Crypto Heist, FBI Says — CNBC","type":"news_article","url":"https://www.cnbc.com/2023/01/24/north-korea-linked-hackers-behind-100-million-crypto-heist-fbi-says.html"},{"credibility":2,"name":"FBI Confirms North Korea's Lazarus Group as Hackers Behind $100 Million Harmony Horizon Bridge Theft — Elliptic","type":"research","url":"https://www.elliptic.co/blog/analysis/fbi-confirms-north-korea-s-lazarus-group-as-hackers-behind-100-million-harmony-horizon-bridge-theft"},{"credibility":2,"name":"Privacy Project Railgun DAO Adopts Chainway's 'Proof of Innocence' Tool — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2023/05/08/privacy-project-railgun-dao-adopts-chainways-proof-of-innocence-tool"},{"credibility":2,"name":"Vitalik Buterin Praises Compliance-Focused Privacy Project Railgun for Preventing zkLend Attacker from Laundering Stolen Funds — The Block","type":"news_article","url":"https://www.theblock.co/post/340807/vitalik-buterin-praises-compliance-focused-privacy-project-railgun-for-preventing-zklend-attacker-from-laundering-stolen-funds"},{"credibility":2,"name":"Vitalik Buterin Transfers $300,000 to Privacy Protocol Railgun (Again) — The Block","type":"news_article","url":"https://www.theblock.co/post/295971/vitalik-buterin-transfers-300000-to-privacy-protocol-railgun-again"},{"credibility":2,"name":"Why Railgun Project Co-Founder Talked to the Feds — and What's Next for Crypto Privacy — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/railgun-co-founder-talks-crypto-privacy-and-tornado-cash/"},{"credibility":2,"name":"Railgun Hits Record $4bn in Volume as Privacy Demand Surges — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/railgun-sees-record-shielded-transaction-volume/"},{"credibility":2,"name":"Railgun Demystified: The Billion-Dollar ZKP Cryptocurrency Investigation Challenge — AnChain.AI","type":"research","url":"https://www.anchain.ai/blog/railgun-demystified"},{"credibility":2,"name":"Inferno Drainer Fails Attempt to Launder ETH — Railgun — Cointelegraph","type":"news_article","url":"https://cointelegraph.com/news/inferno-drainer-fails-attempt-launder-eth-railgun"},{"credibility":2,"name":"Crypto Privacy Software Refuses Money Stolen in $9.5M Hack — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/crypto-privacy-software-refuses-money-stolen-in-95m-hack/"},{"credibility":2,"name":"Railgun Privacy Protocol Surpasses $1B in Volume Amid Crackdown on Crypto Mixers — The Defiant","type":"news_article","url":"https://thedefiant.io/news/regulation/railgun-privacy-protocol-surpasses-usd1b-in-volume-amid-crackdown-on-crypto-mixers"},{"credibility":2,"name":"Is Crypto Privacy Project Railgun Next on OFAC's Crypto Sanctions Hit List? — CoinMarketCap","type":"news_article","url":"https://coinmarketcap.com/academy/article/is-crypto-privacy-project-railgun-next-on-ofac-s-crypto-sanctions-hit-list"},{"credibility":2,"name":"Railgun Denies North Korea Ties as it Approaches $1B Total Volume — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/railgun-denies-north-korea-ties-as-it-approaches-1b-total-volume/"},{"credibility":2,"name":"RAILGUN Reveals 'Private Proof of Innocence' Tool — Blockworks","type":"news_article","url":"https://blockworks.co/news/defi-privacy-zero-knowledge-proofs"},{"credibility":2,"name":"Upholding North Korea Sanctions in the Age of Decentralised Finance — RUSI","type":"research","url":"https://static.rusi.org/north-korea-sanctions-and-cryptomixers-op-march-2024.pdf"},{"credibility":2,"name":"RailGun: A Rival for Tornado Cash's Criminal Money Laundering Haven? — Nefture Security / Coinmonks","type":"research","url":"https://medium.com/coinmonks/railgun-a-rival-for-tornado-cashs-criminal-money-laundering-haven-ff4ccb3f3fc6"},{"credibility":2,"name":"Zokyo Smart Contract Audit — September 2022","type":"research","url":"https://assets.railgun.org/docs/audits/2022-09-14%20Zokyo.pdf"},{"credibility":2,"name":"Decentralized Governance — Railgun Docs","type":"official","url":"https://docs.railgun.org/wiki/rail-token/protocol-governance"},{"credibility":2,"name":"RAILGUN Privacy System Wiki — Railgun Docs","type":"official","url":"https://docs.railgun.org/wiki/learn/privacy-system"},{"credibility":2,"name":"Crypto Mixers and Privacy Protocols: The Sanctions Compliance Implications — Elliptic","type":"research","url":"https://www.elliptic.co/blog/analysis/crypto-mixers-and-privacy-protocols-the-sanctions-compliance-implications"},{"credibility":2,"name":"Railgun Price Today, RAIL to USD Live Price, Marketcap and Chart — CoinMarketCap","type":"other","url":"https://coinmarketcap.com/currencies/railgun/"},{"credibility":2,"name":"Railgun Token Soars as Vitalik Calls Privacy a 'First-Class Priority' for Ethereum — The Defiant","type":"news_article","url":"https://thedefiant.io/news/defi/railgun-token-soars-as-vitalik-calls-privacy-a-first-class-priority-for-ethereum"},{"credibility":2,"name":"RAILGUN 2024 — A Year in Review — Medium (Railgun Project)","type":"official","url":"https://medium.com/@Railgun_Project/railgun-2024-a-year-in-review-fb93e6420172"},{"credibility":3,"name":"All You Need To Know About Alan Scott, The Co-Founder of Railgun","type":"news_article","url":"https://usethebitcoin.com/crypto-personalities/all-you-need-to-know-about-alan-scott-the-co-founder-of-railgun/"}],"summary":"Railgun is a zero-knowledge (ZK) privacy protocol deployed on Ethereum and multiple EVM-compatible chains that allows users to interact with DeFi applications privately. The protocol gained significant notoriety in January 2023 when the FBI alleged that North Korea's Lazarus Group used it to launder over $60 million stolen from the Harmony Horizon Bridge, though Railgun disputed these claims. The project distinguishes itself from sanctioned mixer Tornado Cash through a compliance feature called Private Proofs of Innocence, has received public endorsements from Ethereum co-founder Vitalik Buterin, and has accumulated over $4 billion in total transaction volume as of 2025.","timeline":[{"date":"2021-01-01","event":"Railgun project founded.","source":"Gate Learn / Messari","source_url":"https://www.gate.com/learn/articles/railgun-a-defi-privacy-protocol-praised-by-vitalik/2615"},{"date":"2021-07-01","event":"Railgun open-source code released by a group of mostly doxxed contributors; protocol launches on-chain privacy for Ethereum, BNB Smart Chain, and Polygon.","source":"Railgun Docs / Bitcoin Insider","source_url":"https://www.bitcoininsider.org/article/161644/railgun-launches-worlds-first-chain-privacy-system-ethereum"},{"date":"2022-02-01","event":"Trail of Bits security audit completed.","source":"Railgun Documentation","source_url":"https://docs.railgun.org/wiki"},{"date":"2022-06-24","event":"Harmony Horizon Bridge hacked for approximately $100 million by the Lazarus Group (North Korea), according to later FBI confirmation.","source":"FBI Press Release","source_url":"https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft"},{"date":"2022-08-08","event":"U.S. Treasury OFAC sanctions Tornado Cash, driving state-sponsored and other privacy-seeking actors toward alternative protocols including Railgun.","source":"Elliptic Blog","source_url":"https://www.elliptic.co/blog/analysis/fbi-confirms-north-korea-s-lazarus-group-as-hackers-behind-100-million-harmony-horizon-bridge-theft"},{"date":"2022-09-14","event":"Zokyo completes smart contract audit of Railgun; finds zero critical issues.","source":"Zokyo Audit Report","source_url":"https://assets.railgun.org/docs/audits/2022-09-14%20Zokyo.pdf"},{"date":"2023-01-13","event":"FBI later states that on this date, North Korean cyber actors used Railgun to launder over $60 million worth of ETH (approximately 41,000 ETH) stolen in the Harmony Bridge hack. Binance and Huobi froze associated accounts.","source":"FBI Press Release","source_url":"https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft"},{"date":"2023-01-24","event":"FBI publicly confirms Lazarus Group as responsible for Harmony hack and names Railgun in connection with laundering.","source":"FBI Press Release / CNBC","source_url":"https://www.cnbc.com/2023/01/24/north-korea-linked-hackers-behind-100-million-crypto-heist-fbi-says.html"},{"date":"2023-05-08","event":"Railgun DAO adopts Chainway's 'Proof of Innocence' tool as a compliance mechanism.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2023/05/08/privacy-project-railgun-dao-adopts-chainways-proof-of-innocence-tool"},{"date":"2024-04-01","event":"MistTrack reports a notable increase in crypto drainer groups using Railgun for money laundering from approximately this date.","source":"Cointelegraph","source_url":"https://cointelegraph.com/news/inferno-drainer-fails-attempt-launder-eth-railgun"},{"date":"2024-07-10","event":"Railgun's Private Proofs of Innocence system blocks Inferno Drainer's attempt to launder approximately 174 ETH (~$530,000); funds returned to attacker's original address.","source":"Cointelegraph / CryptoPotato","source_url":"https://cointelegraph.com/news/inferno-drainer-fails-attempt-launder-eth-railgun"},{"date":"2024-10-01","event":"Railgun's all-time shielded transaction volume hits $2 billion milestone.","source":"DL News","source_url":"https://www.dlnews.com/articles/defi/railgun-sees-record-shielded-transaction-volume/"},{"date":"2024-11-01","event":"Fifth Circuit Court rules OFAC's sanctions on Tornado Cash's immutable smart contracts exceeded statutory authority, a legal development potentially relevant to Railgun's sanctions exposure.","source":"Mooloo.net regulatory analysis","source_url":"https://mooloo.net/articles/regulatory-risk/tornado-cash-and-crypto-mixers-privacy-legality-and-risk-in-2025/"},{"date":"2025-02-12","event":"zkLend DeFi protocol exploited for approximately $9.5 million on Starknet. Attacker bridges funds to Ethereum and attempts to wash through Railgun.","source":"The Block / DL News","source_url":"https://www.theblock.co/post/340807/vitalik-buterin-praises-compliance-focused-privacy-project-railgun-for-preventing-zklend-attacker-from-laundering-stolen-funds"},{"date":"2025-02-14","event":"Vitalik Buterin publicly praises Railgun for blocking the zkLend attacker's laundering attempt, calling it 'a solid demonstration of Railgun's privacy pools mechanism working in practice.'","source":"The Block","source_url":"https://www.theblock.co/post/340807/vitalik-buterin-praises-compliance-focused-privacy-project-railgun-for-preventing-zklend-attacker-from-laundering-stolen-funds"},{"date":"2025-11-07","event":"RAIL token reaches all-time high price of approximately $5.59.","source":"CoinMarketCap","source_url":"https://coinmarketcap.com/currencies/railgun/"},{"date":"2026-01-01","event":"Railgun total all-time transaction volume exceeds $4 billion, with approximately $1.6 billion attributed to 2025 transactions.","source":"DL News","source_url":"https://www.dlnews.com/articles/defi/railgun-sees-record-shielded-transaction-volume/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 8f39b8fd-7b79-4afb-a26d-53b92ccf3eb7copy
2. #2reviewby reviewerreviewer

   2026-06-03 02:41:16Z
   Score: 48 → 48 (no score change)
   The Railgun investigation page is substantively accurate on its core factual claims — the FBI allegation, the Lazarus Group laundering figures, key audit findings, Vitalik Buterin's involvement, and regulatory status are all confirmed by credible sources. The most significant accuracy issues involve the characterization of PPOI as 'mandatory for all transactions,' which is contradicted by official Railgun documentation (it is optional at the protocol level), and the Alexey Pertsev laundering amount ($2.2 billion versus the more widely cited $1.2 billion). The RAIL token market cap and CoinGecko ranking figures are stale as of June 2026. A potentially material gap is the unreferenced DCG $10M investment that, if confirmed, would contradict the 'no VC investors' claim.
   anchoranchored

   chain

   ●mainnet-betaslot 423,938,172

   sig

   3CRx3bFkXsGc…NgtpSv3mcopyexplorer ↗

   hash

   FMzPoMrYwUcn…7JmrxYehcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1120 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-03T02:41:16.833Z","decision":"review","investigation_id":"9d720b2d-db11-4ac1-8444-de2d1b0fd473","new_score":48,"page_slug":"railgun","prev_score":48,"reason":"The Railgun investigation page is substantively accurate on its core factual claims — the FBI allegation, the Lazarus Group laundering figures, key audit findings, Vitalik Buterin's involvement, and regulatory status are all confirmed by credible sources. The most significant accuracy issues involve the characterization of PPOI as 'mandatory for all transactions,' which is contradicted by official Railgun documentation (it is optional at the protocol level), and the Alexey Pertsev laundering amount ($2.2 billion versus the more widely cited $1.2 billion). The RAIL token market cap and CoinGecko ranking figures are stale as of June 2026. A potentially material gap is the unreferenced DCG $10M investment that, if confirmed, would contradict the 'no VC investors' claim.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 632cc1be-fc75-4688-8d76-b56b49a19b43copy
3. #3review reviseby judgejudge

   2026-06-03 02:41:16Z
   Score: 48 → 40 (-8)
   The core factual record is strong — 24 of 34 claims confirmed, zero outright disputed claims, and critical allegations (FBI/Lazarus Group laundering, audit findings, Vitalik Buterin endorsements, regulatory status) all verified by Tier 1 and Tier 2 sources. However, two accuracy issues require revision: (1) claim_findings[21] and the high-priority coverage gap both identify that the page incorrectly describes Private Proofs of Innocence as 'a mandatory requirement for all transactions,' when official Railgun documentation states the protocol itself does not enforce PPOI — enforcement is at the wallet or relayer level only. This distinction is material for regulatory and risk analysis. (2) claim_findings[27] flags the RAIL token market cap ($82 million, CoinGecko rank ~#329) as stale — current data shows approximately $170 million and rank ~#200 as of June 2026. Additionally, the reviewer surfaces an unresolved coverage gap regarding a reported DCG $10 million strategic investment that, if confirmed, would directly contradict the page's claim of no VC investors or equity holders. These items warrant correction before the page is considered current.
   anchoranchored

   chain

   ●mainnet-betaslot 423,938,176

   sig

   27mVkU1HgviG…fgSACmUDcopyexplorer ↗

   hash

   7H5AstCoQAVe…hcBZGGE4copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1513 B) ▸

   {"actor":"judge","decided_at":"2026-06-03T02:41:16.833Z","decision":"review_revise","investigation_id":"9d720b2d-db11-4ac1-8444-de2d1b0fd473","new_score":40,"page_slug":"railgun","prev_score":48,"reason":"The core factual record is strong — 24 of 34 claims confirmed, zero outright disputed claims, and critical allegations (FBI/Lazarus Group laundering, audit findings, Vitalik Buterin endorsements, regulatory status) all verified by Tier 1 and Tier 2 sources. However, two accuracy issues require revision: (1) claim_findings[21] and the high-priority coverage gap both identify that the page incorrectly describes Private Proofs of Innocence as 'a mandatory requirement for all transactions,' when official Railgun documentation states the protocol itself does not enforce PPOI — enforcement is at the wallet or relayer level only. This distinction is material for regulatory and risk analysis. (2) claim_findings[27] flags the RAIL token market cap ($82 million, CoinGecko rank ~#329) as stale — current data shows approximately $170 million and rank ~#200 as of June 2026. Additionally, the reviewer surfaces an unresolved coverage gap regarding a reported DCG $10 million strategic investment that, if confirmed, would directly contradict the page's claim of no VC investors or equity holders. These items warrant correction before the page is considered current.","score_delta":-8,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 87a07d48-ce2c-41a0-ba2d-5c150b0b498dcopy