Dismantling the Largest Russian Selling Platform on the Dark Web and Confiscating 23 Billion Euros

In a major blow to the cryptocurrencies that have been booming in the past weeks, especially after the exacerbation of European and American sanctions on the Russian financial system.

The US Treasury has sanctioned a cryptocurrency exchange operating in Moscow and St Petersburg, Russia, and sanctioned Russia's largest marketplace for selling on the darknet.

Following in the footsteps of the United States, which announced decisions against the largest illegal Russian selling platform, German law enforcement authorities announced a similar decision.

The dark web is a hidden part of the Internet that can only be accessed through certain programs and is not found by the usual search engines.

 

World's Largest Illegal Marketplace

With Russia clamping down on all sectors, German and American authorities announced on April 05 that they had dismantled the largest global darknet selling platform called Hydra Market, which has been operating in Russian since 2015.

The servers of the world's largest darknet market have been confiscated and 543 bitcoins worth more than 23 million euros have been confiscated, the Frankfurt Public Prosecutor’s Office and the Federal Criminal Police Office said in a joint statement.

German police say 17 million customers and more than 19,000 seller accounts have registered with the shopping site used for criminal activities and money laundering, which is currently showing a notice that it is under police confiscation.

It is noteworthy that the Hydra market provided nearly 86% of the illicit bitcoins received directly by Russian crypto exchanges in 2019, according to several reports.

In turn, Kim Groer, head of research at Chainalysis, told Bloomberg: “Hydra dominates the market, because Ukraine and Russia are the largest users of cryptocurrency in the world.”

Hydra served Russian-speaking markets, selling drugs, stolen credit card data, counterfeit currency, forged documents and illegal digital services, such as shuffling bitcoin, which cybercriminals use to launder stolen digital currencies or for extortion, and to hide the identities of those involved using the Tor crypto network.

Hydra also specializes in the so-called Dead Drop, where drug distributors place the substances in public places, and then inform customers of the pick-up location, so that the two parties do not come into contact with each other.

Investigations into the Russian sales platform began in 2021, but the identities of the operators and those responsible for the platform are still unclear, with resellers located in Russia, Ukraine, Belarus, Kazakhstan and neighboring countries.

German police added that the Russian platform's 'Bitcoin Bank Mixer', a service to hide digital transactions, made investigations particularly difficult.

 

Criminal Activities and Money Laundering

On April 05, the US Department of Justice said that Hydra Market, which was considered the world's largest and oldest darknet market for illegal goods and services, had been confiscated and shut down by German authorities in coordination with US law enforcement.

In turn, US Attorney General Merrick Garland indicated that their work was not done yet, pledging to continue working to dismantle all such platforms on the dark web.

The US Treasury has also imposed economic sanctions on Hydra, as well as the Garantex virtual currency exchange.

In addition, more than 100 addresses have been identified of people who received money as part of cryptocurrency transactions conducted through Hydra, and they were used to carry out illegal transactions.

Federal prosecutors in San Francisco have also filed criminal gang money and drug laundering criminal charges against 30-year-old Russia-based Dmitry Olegovich Pavlov, who has been described as the alleged site operator.

According to US Treasury Secretary Janet Yellen, these measures send a message to criminals that you cannot hide on the dark web or its forums, and you cannot hide in Russia or anywhere else in the world.

Yellen also stressed the seriousness of the global threat posed by cybercrime and ransomware originating from Russia.

Such illegal vending markets have faced increasing pressure from international law enforcement after a major surge in their use during the coronavirus pandemic.

In early 2021, German police dismantled a famous dark market selling platform called Dark Market, which had nearly 500,000 users and more than 2,400 sellers worldwide.

At the time, investigators presented this platform as the widest point of purchase on the electronic black market, and after a few months this operation led to the arrest of 150 people who were buying or selling drugs or weapons around the world.

 

The Hydra DarkNet Market

Hydra platform was founded in 2015, and its sales amounted to about $9.4 million the following year, it was able to increase its sales to $1.4 billion in 2020, and it is still going on, making it the illegal market with the highest sales volume in the world, according to a report issued by Flash Point, a cybersecurity risk intelligence company, and Chainalysis, a cryptocurrency analytics firm.

As the analytics firm wrote in its 2021 Crypto Crime Report: “The first thing that stands out is that Russia receives a disproportionately large share of dark market money, which is mostly due to Hydra.”

No wonder it's the place in Moscow and other Russian cities to buy drugs that are mostly distributed as hidden treasures by the Kladmen, the young distributors who can earn thousands of dollars a month hiding orders under park benches, or burying them under trees, or installing them below mailboxes.

The report indicated that there was a significant change in the money handling practices in Hydra in 2018, as sellers had to transfer their money into Russian rubles through a specific group of local service providers to be able to withdraw them from Hydra, which angered the sellers.

The report also pointed out at the time that Hydra has protectors who enjoy influence at the head of the Russian establishment, although Russia has repeatedly denied any official link to the cyber-attacks, but the scale of Hydra's selling platform would be difficult in the absence of some form of semi-official endorsement.

Cybersecurity CPO Magazine reports that Hydra experienced impressive growth in 2018 and 2020, accounting for 75% of illegal online transactions worldwide.

Hydra has facilitated more than $5 billion in illicit cryptocurrency transactions since its launch in 2015, according to blockchain analysis firm Elliptic.

In turn, Wired magazine reported in its April 05 report that “Chainalysis has so far tracked just over $200 million in stolen cryptocurrency into the site's vaults in 2021 and 2022.”

It also tracked amounts linked to other crimes, for example: including $5 million linked to fraud, $4 million linked to ransomware, and $4 million from sanctionable sources; the total transactions of about $2 billion came from risky sources, according to the report.

Some experts speculate that Hydra may return soon despite Germany's move, and this restores access to drugs and other illegal goods and services to its customers.

Mr. Igor Bederov, founder of the Russian Internet-Rozysk cybersecurity firm, told The Moscow Times: “The managers of Hydra are already claiming that the market will be back soon and they can upload the software to another internet source with better security measures.”

According to Bederov, “Hydra did not change where or how the drug reached Russia, and opened its market to a larger number of customers.”

“Hydra does not produce drugs and does not buy drugs, it just distributes them, which stimulates purchasing power,” Bederov said.

In early 2021, criminal hackers with ties to Russia used ransomware attacks to paralyze a major US oil pipeline company (Colonial Pipeline) and one of the world's largest meat producers (GPSSA).

Because of the neighborhood ties that some of these hackers have with the government of Russian President Vladimir Putin, it has been very difficult for the United States to pursue them, which is clearly acceptable to the Russian president.

On the other hand, the Russian government has denied knowledge of or involvement in the ransomware attacks.

“However, top Russian hackers can sometimes help Russian intelligence agencies with espionage operations in exchange for their protection,” national security and forensic experts have revealed.