The closure of the Russian Hydra market disabled the ATM for crypto-criminals

- Advertisement -

In the dark web, the liquidation of yet another black market for drugs based on cryptocurrency has become almost a half-yearly routine, and many competitors are ready to take the place of any market law enforcement officer that can be busted. But the takeover of the Russian-language dark web site Hydra could have ripple effects that go further than most: it represents a breach not only of the post-Soviet world’s largest online drug-dealing center, but also of cybercriminal money laundering. and a cash-out service that has been used in crimes with victims around the world.

- Advertisement -

Law enforcement agencies in Germany announced early Tuesday morning that the German Federal Police, known as the BKA, joint operation with the FBI, the DEA, the IRS, and the US National Security Investigations—hijacked Hydra’s servers in Germany, shut down the site, and confiscated $25 million in bitcoin stored there. According to some reports, they put an end to the longest running and overcrowded black market in darknet history with 19,000 merchant accounts and over 17 million customer accounts, according to the BKA. US Treasury at the same time imposed new sanctions on the market and more than a hundred of its cryptocurrency addresses.

- Advertisement -

Total Hydra brought in over $5 billion in illegal cryptocurrency transactions since its launch in 2015, according to analytics firm Elliptic. Most of these deals, according to Elliptic, were the sale of illegal drugs that were strictly limited to Hydra’s target market in the former Soviet republics. But Hydra also played a significant and more global role for cybercriminals: it offered “mixing” services designed to launder cryptocurrencies and make them harder to trace, along with exchange services that allowed customers to exchange crypto proceeds from all types of crimes for Russian ones. rubles, and in some cases even for wads of money buried in the ground, so that buyers then dug them up.

“It has the dual function of being a drug market and catering to cybercriminals, especially Russian cybercriminals,” says Jess Symington, head of research at Elliptic. “So it’s not just affecting the drug community, and now it’s forcing these people to potentially reconsider how they’re going to launch their funds or cash them out.”

- Advertisement -

About half of the roughly $2 billion in transactions that went through Hydra’s cryptocurrency addresses in 2021 and early 2022 came from illegal or “risky” sources such as stolen funds, darknet markets, ransomware, online gambling, scams, as well as individuals and organizations facing sanctions, according to crypto-tracking company Chainalysis. In other words, the almost billion dollars of money that Hydra entered during that time was not pure money that was used to buy drugs or other contraband available for sale on the site, but rather dirty money that Hydra helped launder and exchange. for rub.

So far, Chainalysis has traced just over $200 million worth of stolen cryptocurrencies into the site’s coffers in 2021 and 2022. She also tracked down much smaller amounts related to other crimes: roughly $4 million came from sanctioned sources, $5 million came from fraud, and $4 million. from ransomware. (Chainalysis has recorded about $9 million in total ransomware payments directed at Hydra over the market’s lifetime, but says a relatively low number is a conservative estimate.) Another large portion of the site’s incoming payments during that time, about 310 million dollars was generated from the dark web market, including some of the funds from Hydra bouncing back to the site as users attempted to launder the proceeds of drugs and other illegal goods and services and cash them out.

All of this clearly shows that Hydra was not just a Silk Road for the post-Soviet world, but also an important financial services player in a more far-reaching cybercriminal economy that has now been suddenly shut down. “I will be watching this very closely because it will really impact the ecosystem,” says Kim Grauer, director of research at Chainalysis. “This is a serious failure.”

As a withdrawal service, Hydra did not function as a regular exchange where users could exchange cryptocurrencies for traditional dollars or euros in a bank account, or vice versa. Instead, according to Russian-speaking analysts at threat intelligence company Flashpoint, the market offered services where customers could spend cryptocurrencies to buy rubles from sellers on the site, which were then sent to the buyer using payment services such as QIWI, Tinkoff or Yandex. . .Money (which has since been renamed YooMoney). Users who were looking to leave an even smaller digital footprint could also use treasure, or “hidden treasure” services, cache where the courier buries bundles of rubles bought for cryptocurrency underground. After a few hours, the service informed the buyer of the location of the hidden cash, who could then dig it up and find it.

Due to the risk of detection or theft, these secret services charged a hefty fee – up to 15 percent, according to Flashpoint – but it may have been worth the cost for paranoid users holding a cryptocurrency linked to serious crime. “Essentially, you are taking the tracking part out of the equation,” says Vlad Kuiujuklu, an analyst at Flashpoint. “Paying another couple of percent is preferable to being tracked and putting yourself in danger.”

It remains an open question whether Hydra is really disabled forever or will appear again in the near future. The German BKA, after all, did not announce any arrests during its extermination operation. True to the ambiguous title, a joint report by Flashpoint and Chainalysis last year counted no fewer than 11 administrators and operators who ran the market under pseudonyms such as Ironman, Deus, Handsome Jack, Gavred, Fatality, and Satoshi Nakamoto.

But even if Hydra operators have escaped law enforcement, they may still face suspicion from their dark web counterparts if Hydra comes online again, Elliptic’s Symington argues: Users may now fear that Hydra administrators have been compromised by law enforcement. “We saw how other markets struggled when they reappeared as a second version,” she says. “They never do as well as the original sites. And there are always questions about the credibility of the administrators’ claims.”

However, after a decade of demonstrating its resilience to law enforcement, the larger cryptocurrency black market will almost certainly stage another operation to fill the same Russian-speaking niche. Even if Hydra disappears for good, the illegal economy of the dark web will no doubt be ready to grow another head to replace it.

More Great WIRED Stories


Credit: /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox