Wretched hive of villainy shut down
German police have seized servers powering the infamous darknet marketplace Hydra and confiscated the equivalent of $25 million in bitcoin as part of a US-led crackdown on cybercrime and money laundering.
The Russian-language darknet forum offered a venue for the trade in illicit goods and services, including illegal drugs, stolen financial information, fraudulent identification documents (passports and driving licences), and money laundering and mixing services.
These latter so-called ‘cash-out’ services made the cybercrime marketplace a particularly useful resource for ransomware peddlers.
Numerous vendors also sold hacking tools and malicious hacking services through Hydra. The online marketplace made money by charging a commission on sales.
Alongside the sanctions that led to the seizure of servers, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) identified more than 100 virtual currency wallets associated with illicit transactions.
Hydra accounted for an estimated 80% of all darknet market-related cryptocurrency transactions last year, according to a US Department of Justice (DoJ) statement on the enforcement action.
Hydra’s revenue had risen dramatically from under $10 million in 2016, to over $1.3 billion in 2020, according to US Treasury estimates.
“Hydra offered an in-house mixing service to launder and then process vendors’ withdrawals,” the DoJ statement explains.
“Mixing services allowed customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin.”
Hydra Market’s alleged administrator and kingpin – 30-year-old Russian resident Dmitry Olegovich Pavlov – has been charged with conspiracy to distribute drugs and money laundering offences.
The US Drug Enforcement Agency’s Miami Field Division, the FBI, Internal Revenue Service Criminal Investigation, US Postal Inspection Service, and Homeland Security investigated the case. The takedown was carried out by the German Federal Criminal Police.
Threat intelligence experts praised the takedown as a big win for law enforcement in the fight against cybercrime, while cautioning that other similar markets are likely to fill the void left by Hydra’s demise.
Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, told The Daily Swig: “While the takedown represents significant progress, it is realistically possible that the administrators and users of Hydra will establish a new or rebranded version of the Hydra marketplace, or simply move to an alternate service.
“While there were no arrests made, the seizure of Hydra's infrastructure will undoubtedly generate new leads that lead to further operations targeting administrators and users of the service.”
In addition to the action against Hydra Market, sanctions have been imposed on virtual currency exchange Garantex.
Garantex, founded in late 2019 and originally registered in Estonia, is blamed for handling nearly $6 million from Russian ransomware-as-a-service gang Conti as well as $2.6 million from Hydra, according to a US Treasury statement on the enforcement action.
The operation lost its license to operate in Estonia in February 2022 over alleged connections between “Garantex and wallets used for criminal activity”.
The exchange operates primarily out of Moscow and St Petersburg, but the tightened sanctions against it will nonetheless further impede its ability to function as a business.