Access Management , Fraud Management & Cybercrime
Germany Shutters Russian Darknet Marketplace HydraBundeskriminalamt Seizes 543 Bitcoins; No Arrests Made Yet
The German police say they have shuttered Russian darknet marketplace Hydra, which has been known to offer stolen credit and SIM cards, VPN access, and cryptocurrency laundering services.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The Federal Criminal Police Office of Germany, also called the Bundeskriminalamt - or BKA - also says it has seized 543 bitcoins, worth about $25 million, associated with the marketplace.
In a statement to Information Security Media Group, a BKA representative says that there were "no arrests as part of the measures carried out today." The BKA declined to comment on other queries, as it is an ongoing investigation.
Agencies involved in the investigation include the German Central Office for Combating Cybercrime - or ZIT, along with U.S. law enforcement authorities including the Federal Bureau of Investigation, the U.S. Department of Justice and the U.S. Drug Enforcement Administration.
The FBI, DOJ and DEA have not yet responded to ISMG's request for comment.
The extensive operation began in August 2021. The biggest challenge the agencies faced, according to the BKA, was tracing the funds - the darknet marketplace offered criminals on its platform crypto mixing services to obfuscate digital transactions, the statement says.
Hydra, a darknet market catering to Russian speakers, accounted for 75% of the global darknet market revenue last year, according to blockchain forensics firm Chainalysis. The company, in its report, details how cryptocurrency flowed to and from such markets last year.
Hydra, the BKA statement says, had "[a]round 17 million customer[s] and over 19,000 seller accounts registered on the marketplace. According to ZIT and BKA estimates, 'Hydra Market' was probably the illegal marketplace with the highest turnover worldwide. Its sales amounted to at least 1.23 billion euros (approximately $1.34 billion) in 2020 alone."
These findings echo a joint analysis published by research company Flashpoint and Chainalysis a year ago (see: How the Hydra Darknet Market Broke the $1 Billion Barrier).
"Hydra market activity has skyrocketed since its inception, with annual transaction volumes growing from a total of $9.4 million in 2016 to $1.37 billion in 2020," according to the report.
Seizure a 'Drop in the Ocean'
The seizure of $25 million is "a drop in the ocean" compared to Hydra's 2020 annual turnover of $1.35 billion, says Kevin Beaumont, a former Microsoft threat analyst and cybersecurity professional.
The servers were based in Germany so seizure should be interesting. They clearly only got a tiny fraction of the cryptocurrency involved as Hydra made around $2 bn in revenue last year, I guess it was moved to other wallets and such.— Kevin Beaumont (@GossiTheDog) April 5, 2022
Citing the recent takedown of DarkMarket, Raid Forums and now Hydra, Beaumont says, "It will be interesting to see where people turn up next."
Commenting on whether a decade-old enterprise with $2 billion in revenue wouldn't have backups, Beaumont says, "We'll see! [But] historically many of them struggle to meaningfully recover as they make mistakes like having backups in the same host, etc."
Shutdown a 'Significant Blow'
On the other hand, Bill Callahan, director of government and strategic affairs at the Blockchain Intelligence Group, says that this seizure and investigation, involving collaboration among multiple law enforcement agencies, is a significant blow to narcotics traffickers and other illicit actors operating in the Hydra network.
"As further evidence is developed, we will most likely see additional arrests and prosecutions in Germany and in the U.S," he tells ISMG. The intelligence developed from the electronic evidence and blockchain intelligence, he adds, will be "enormous and can identify previously unknown violators to law enforcement."
Also, global financial criminal investigations usually involve trading in the U.S. dollar or the use of a U.S. financial institution, likely bringing a co-conspirator under the legal jurisdiction of the U.S., Callahan says.
Hydra's Rules to Counter Investigation
The Flashpoint and Chainalysis report shows that the darknet marketplace had added several rules for sellers and buyers that make tracking sales and the flow of money more difficult. "Since July 2018, Hydra has imposed strict limitations on sellers, requiring that their cryptocurrency funds be withdrawn into Russian fiat currency via select regionally operated exchanges and payment services," it says.
Established in 2015 with an initial focus on narcotics sales, Hydra was able to greatly expand its operations and services after its primary competitor, the Russian Anonymous Marketplace - or RAMP - was shut down by Russian law enforcement officials in 2017. Many RAMP members migrated to Hydra, the report says.
It also says that Hydra is likely operated by at least 11 individuals, each of whom has specific responsibilities and participates on the marketplace's forums.
This is a developing story. Further updates will be published as they become available.