Upbit Hacker Outsmarts Railgun Security, Launders $36M in Stolen Crypto Through Mixer
Another day, another crypto heist—except this one's got a twist that'll make security experts sweat.
The $36 Million Escape
Remember that Upbit exploit? The hacker just pulled a Houdini, slipping straight through Railgun's much-touted privacy checks. We're talking about a digital ghost moving stolen funds through mixing protocols while compliance systems watch helplessly.
Security Theater Exposed
Railgun's supposed safeguards got bypassed like a turnstile jumper in a crowded subway. The protocol designed to prevent exactly this kind of movement? Rendered about as useful as a screen door on a submarine.
Regulatory Nightmare Fuel
This isn't just another hack—it's a masterclass in laundering. The perpetrator mixed the stolen cryptocurrency through privacy pools, leaving investigators chasing digital shadows. Meanwhile, compliance departments everywhere are suddenly very interested in updating their resumes.
Because nothing says 'financial innovation' like watching $36 million vanish while regulators pretend they saw it coming.
Railgun lacked the latest information on the hackers’ wallets
Railgun’s approach is to test each user’s wallets against constantly updated databases for bad actors. In this case, the hacker’s full list of addresses was very recent. Additionally, the exploit went through multiple direct DEX swaps and some of the funds were shifted to new wallets. The data available to Railgun was therefore outdated, and the hacker’s latest wallet passed the test.
The last intercepted wallet laundered a total of 410 ETH. The new address was created just hours after the hack, and briefly used as an intermediary. The rapid change in wallets additionally avoided Railgun’s filters.
Railgun used for DeFi activity
Railgun gained popularity during the recent revival of the privacy narrative. Railgun grew its asset pool, with $95M in value locked as of November 2025. The increased value signals a growing interest, as the mixer achieved $1.31M in fees for Q3.
The usage of mixers grew in the past year. Tornado Cash, previously seeing only baseline activity, increased its value locked to a new peak. The mixer holds over 32K ETH, following multiple high-profile exploits.
Tornado Cash posted a record number of ETH in its reserves after an increased demand for privacy. | Source: Dune Analytics
The native RAIL token also rose by over 200% for the past three months, trading at $3.26. Railgun reflected the success of Zcash and other privacy tokens, while also being promoted by Vitalik Buterin.
Railgun is not a go-to tool for hackers and exploiters. Rather, it has been a general privacy tool for regular transactions. crypto influencers and high-profile individuals aim for privacy, as even transaction data can lead to tracking or even price swings.
However, Railgun usage can also be tracked. Additionally, hacker addresses can use tools to test which wallets WOULD be flagged by Railgun. This would allow hackers to keep hiding the proceeds of exploits, most of which are untraceable.
If you're reading this, you’re already ahead. Stay there with our newsletter.
