A major underground platform mainly catering to Russian criminals has gone offline after a raid by the German police. The Hydra darknet market was delisted by the Central Office for Combating Cybercrime (ZIT) and the German Federal Criminal Police Office (BKA); Agencies estimate its annual turnover was $1.35 billion, which would have made it the world’s largest darknet market before the raid.
Hydra darknet market out of business after “long investigation”
The Hydra darknet market was a central platform for criminals to sell illegal drugs and offer money laundering services, most of these services operating from Russia. It had about 17 million users and 19,000 registered seller accounts before the bust. Investigators believe the Hydra darknet market has withdrawn more than $5 billion in cryptocurrencies since its inception in 2015.
While more traditional crime was the focus of the platform, the Hydra darknet market also smuggled in cybercrime to some degree: the site had sections for selling stolen files as well as hosting advertisements for hackers and fraudsters seeking work. Transactions on the site were intercepted by a bitcoin bank mixing service, possibly even confiscated by the authorities.
German police were able to seize 543 bitcoins from the accumulated profits of the Hydra darknet market, an amount equivalent to approximately $25 million. Those who attempt to visit the site now get a BKA page indicating that the site’s infrastructure has been confiscated. Although the site seems to have been completely taken over by the authorities, there is no information from the investigating agencies about the identity of its operators so far. One appears to have been charged by the US Department of Justice (DOJ) with conspiracy to distribute narcotics and engaging in money laundering.
The agencies declined to say how long the investigation into the removal of the Hydra darknet market lasted, but indicated it was “prolonged.” He also indicated that this has continued, most likely as the seized hardware and accounts have been scrutinized for further leads.
A potentially devastating blow to organized crime in Eastern Europe
Drug trafficking in Russia and bordering Eastern European countries relied largely on the Hydra darknet market, with criminal cartels arranging pickup at geotagged locations via the site. At this point those operations have faced significant disruption, not to mention that whatever clues officials can find from the confiscated Hydra infrastructure could lead to individual players.
This operation has also disrupted the favorite money laundering operation of many cybercriminals in the region. Hydra darknet market services typically either exchange cryptocurrencies for rubles, or arrange for geotagged dropoff of various forms of cash, similar to the way drug sales work.
The Foreign Asset Control Department of the US Treasury Office has announced that it has banned Russian cryptocurrency exchange Garantex, which has links to the Hydra darknet market. It reports that it is investigating more than 100 Garantex accounts doing business through Hydra related to facilitating ransomware payments. Garantex was founded in Estonia in 2019, but operates primarily out of offices in Moscow’s Federation Tower, a location that has become notorious for being the headquarters of various cybercrime operations. The company had a license to deal in virtual currencies taken over by Estonia in February this year after an investigation by the country’s financial intelligence unit determined that wallets hosted by it were engaging in criminal activity.
The Hydra bust follows the 2021 Europol operation that shut down the Darkmarket site and led to the arrest of about 150 associates, some of whom were operating through a web hosting service called CyberBunker that was based in Germany. Like the Hydra darknet market, the darkmarket primarily serves to facilitate the sale of illicit drugs but operates throughout Western countries. This included a major US operation headquartered in Houston. The site was quite small by comparison, however, with only about half a million users and 2,400 vendors working through it.
The raid essentially eliminated Amazon of underground markets, but history has shown that another would arise to meet the demand for these various illegal services. It dates to the Silk Road and Agora in mid-2010, followed by Alphabe and Hansa, just before Hydra took the crown. As a new central market is created, history also shows that there will be plenty of exit scams targeting hapless criminals who use it. In some cases these markets lasted for a few weeks before the under-users pulled the rug.
Chris Olsen, CEO of The Media Trust, gives some perspective on the size of this market and the imperative to build a site that rivals Hydra in size (possibly involving some of its former operators who manage to evade arrest): “The shutdown is a small victory for Hydra for cybersecurity, but a victory nonetheless. Attackers targeting consumers for credit card details and other personally identifiable information (PII) may risk discovery and arrest. without using it directly; therefore, they sell this information on darknet markets instead. Without them, the incidence of cybercrime would undoubtedly decrease. Unfortunately, Hydra would cause a small drop in the global cybercrime bucket. represents, which will cost organizations (and therefore consumers) approximately $10.5 trillion per year by 2025. Cyber actors complete the pipeline from web and mobile-based phishing attacks to darknet markets, which we will not name. , and new ones are opening all the time. Really – Y Whatever the past precedent is to be known – Hydra operators will likely see further resurgence of their digital assets under new identities and domains in the near future.”