Authorities seized the infrastructure of the infamous marketplace, with the US Treasury sanctioning the entity together with crypto exchange Garantex.

German authorities announced the seizure of Hydra’s server infrastructure, closing the marketplace down. In addition, the authorities took over $23 million worth of Bitcoin attributed to the marketplace.

The operation was conducted in coordination with US and European law enforcement agencies. Authorities claim that the seizure will send a message to cybercriminals that there are no safe havens to hide at.

“The global threat of cybercrime and ransomware that originates in Russia, and the ability of criminal leaders to operate there with impunity, is deeply concerning to the United States. Our actions send a message today to criminals that you cannot hide on the darknet or their forums, and you cannot hide in Russia or anywhere else in the world,” US Secretary of the Treasury Janet L. Yellen said.

German-Hydra-page
Message displayed on Hydra’s website. Image by the Bundeskriminalamt.

According to the US Department of Justice (DoJ), Hydra was extremely useful for users trying to conceal their identity with money transfers. Marketplace’s vendors offered an array of money laundering and so-called “cash-out” services, which allowed Hydra users to convert their bitcoin (BTC) into various forms of currency.

“Hydra’s money laundering features were so in-demand that some users would set up shell vendor accounts for the express purpose of running money through Hydra’s bitcoin wallets as a laundering technique,” the DoJ claims.

Names behind the operation

In conjunction with the marketplace’s shutdown, the DoJ also announced criminal charges against a resident of Russia, 30-year-old Dmitry Olegovich Pavlov.

Pavlov is charged for his illicit activities in connection with the operation and administration of the servers used to run Hydra.

“As an active administrator in hosting Hydra’s servers, Pavlov allegedly conspired with the other operators of Hydra to further the site’s success by providing the critical infrastructure that allowed Hydra to operate and thrive in a competitive darknet market environment,” DoJ claims.

The authorities did not identify any other operators behind the infamous marketplace.

What is Hydra?

Hydra is among the world’s largest darknet marketplaces, with an estimated three million-strong user base and yearly revenue exceeding $1.34 billion in 2020 alone.

The marketplace is among Russia’s top places for cybercriminals, with close to 90% of all criminal bitcoins by Russian exchanges originating from Hydra.

“The successful seizure of Hydra, the world’s largest darknet marketplace, dismantled digital infrastructures enabling a wide range of criminals – including Russian cybercriminals, the cryptocurrency tumblers, and money launderers that support them […],” said FBI Director Christopher Wray.

Launched in 2015, the marketplace primarily served Russian-speaking individuals in Russia, Ukraine, Belarus, Kazakhstan, Azerbaijan, Armenia, Kyrgyzstan, Uzbekistan, Tajikistan, and Moldova. Authorities and researchers point to Russia’s Saint Petersburg as Hydra’s HQ.

The marketplace was used for all things illegal, from selling drugs to money laundering. Transactions on Hydra were done in cryptocurrencies, with the marketplace charging its users for every transaction conducted there.

The marketplace had a notorious reputation for conducting distributed denial-of-service (DDoS) attacks against any competition, thus securing its place in the underworld’s shadows.

Moscow-city-towers
Moscow’s financial district. Image by Unsplash.com.

Follow the money

Underground marketplaces serve as wallets for threat actors dealing with cybercrime. Hydra created an ecosystem allowing illicit financial dealings to fall under the radar.

The US Treasury added Hydra and crypto exchange Garantex to its sanctions list to limit access to such safe havens. Garantex created the means for ransomware gangs like Conti to guarantee themselves a steady cash flow.

“Russia is a haven for cybercriminals. Today’s action against Hydra and Garantex builds upon recent sanctions against virtual currency exchanges SUEX and CHATEX, both of which, like Garantex, operated out of Federation Tower in Moscow, Russia,” reads a statement by the Treasury.

Recent research shows that hundreds of millions of dollars worth of crypto, often obtained illegally, flow through Moscow’s financial district. It is estimated that illicit and risky addresses make up between 29% and 48% of all funds received by Moscow City crypto businesses.

More from Cybernews:

UK retailer partially shuts down following a disruptive cyberattack

Don’t let crooks cash in on conflict culture at work, study urges

‘Resilient’ gang traded card fraud for ransoms, says report

Meta accused of temporarily blocking hashtags related to the Bucha massacre

The FBI warn of the growing ransomware threat

Subscribe to our newsletter

RELATED ARTICLESMORE FROM AUTHOR