Germany closes Russian darknet marketplace Hydra
Apr 06, 2022 - 03:03 AM
BERLIN, GERMANY — German police said Tuesday they have taken down Russian-language illegal darknet marketplace Hydra, the largest such network in the world, and seized bitcoins worth 23 million euros ($25 million).
Founded in 2015, Hydra sold illegal drugs but also stolen credit card data, counterfeit currency and fake identity documents, masking the identities of those involved using the Tor encryption network.
The marketplace had around 17 million customer accounts and more than 19,000 vendor accounts, according to the BKA federal police.
“The Hydra market was probably the illegal marketplace with the highest turnover worldwide”, with sales amounting to at least 1.23 billion euros in 2020 alone, the BKA said in a statement.
Investigators have taken control of Hydra’s servers in Germany and the marketplace has been “shut down”, the BKA said.
Suspects are being investigated for “operating criminal trading platforms on the internet on a commercial basis”.
Investigators do not know whether Hydra also has servers in other countries but “assume this was the main hub” of the network’s infrastructure, a spokesman for Frankfurt prosecution service’s internet crime office ZIT told AFP.
Investigations into the illegal marketplace started in August 2021 and also involved several US authorities, according to the BKA.
The “Bitcoin Bank Mixer” provided by the platform, a service for concealing digital transactions, had made investigations especially difficult, it added.
The BKA said it had published a seizure banner on the marketplace’s website.
In Washington Tuesday, the US Treasury announced sanctions on Hydra as well as Garantex, an exchange for virtual currencies that the Treasury said was used for collecting ransomware payments.
Formerly based in Estonia, Garantex operates out of Federation Tower in Moscow, it said, like two other similar exchanges already under sanctions, Suex and Chatex.
“Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets,” the Treasury said, including nearly $6 million from Russian ransomware group Conti and $2.6 million from Hydra.
The sanctions block accounts and financial activities under US jurisdiction of anyone involved in the two markets, effectively making it harder for users to obtain and transfer funds.
‘Uniquely sophisticated operations’
The secret “darknet” includes websites that can be accessed only with specific software or authorisations, ensuring anonymity for users.
Such networks have faced increased pressure from international law enforcement after a boom in usage during the coronavirus pandemic.
The United States, Russia, Ukraine and China dominate in terms of value both sent to and received from darknet markets, according to a 2021 report from blockchain forensics firm Chainalysis.
Hydra accounted for 75 percent of sales in the global darknet market in 2020, the report said.
The US Treasury said Hydra’s revenue passed $1.3 billion in 2020.
“Hydra is a big driver of Eastern Europe’s unique crypto crime landscape. Eastern Europe has one of the highest rates of cryptocurrency transaction volume associated with criminal activity,” Chainalysis said.
The marketplace had become particularly popular with users by developing creative delivery methods, the Chainalysis report added.
“Hydra has developed uniquely sophisticated operations, such as an Uber-like system for assigning drug deliveries to anonymous couriers, who drop off their packages in out-of-the-way, hidden public locations, commonly referred to as ‘drops’,” it said.
“That way, no physical exchange is made, and unlike with traditional darknet markets, vendors don’t need to risk using the postal system.”
A German-led police sting last year took down notorious darknet marketplace DarkMarket, which had nearly 500,000 users and more than 2,400 vendors worldwide.
The marketplace had offered for sale “all kinds of drugs” as well as “counterfeit money, stolen and fake credit card data, anonymous SIM cards, malware and much more”, prosecutors said.