In the dark web, taking down yet another cryptocurrency-based drug black market has become almost a semi-annual routine, with plenty of competitors ready to take the place of any market enforcement that manages to go bust. But the seizure of the Russian-language dark web site Hydra could have ripple effects that go further than most: It represents a disruption not only of the largest post-Soviet hub for online drug sales, but also of a cybercriminal money laundering and withdrawal service , which has been used in victim crimes around the world.
German law enforcement announced early Tuesday morning that the German federal police, known as the BKA — in a joint operation with the FBI, DEA, IRS Criminal Investigations and Homeland Security Investigations in the U.S. — had seized Hydra’s Germany-based servers, shutting down the site and confiscating $25 million in bitcoins stored there. In doing so, they ended, by some metrics, the longest running and most crowded black market in dark web history, with 19,000 seller accounts and more than 17 million customer accounts, according to the BKA. The US Treasury simultaneously imposed new sanctions on the market and more than a hundred of its cryptocurrency addresses.
In total, Hydra has facilitated more than $5 billion in illegal cryptocurrency transactions since it launched in 2015, according to blockchain analytics firm Elliptic. The majority of these transactions, Elliptic says, were sales of illegal drugs that were strictly limited to Hydra’s target market in former Soviet states. But Hydra also played a significant and more global role for cybercriminals: it offered “mixing” services designed to launder cryptocurrency and make it harder to track, along with exchange services that allowed clients to trade the crypto proceeds of all kinds of crimes for Russians, rubles – in some cases even wads of money buried in the ground for customers to dig up later.
“It has this dual function of being a drug market and a service for cybercriminals — and particularly Russian cybercriminals,” says Jess Symington, Elliptic’s head of research. “So it’s not just affecting the drug community, it’s forcing those people to now potentially rethink how they’re going to release their funds or cash them out.”
About half of the estimated $2 billion in transactions entering Hydra cryptocurrency addresses in 2021. and early 2022, are from illegal or “risky” sources such as stolen funds, dark web markets, ransomware, online gambling, fraud, and individuals and organizations facing sanctions, according to cryptocurrency tracking firm Chainalysis. In other words, the nearly one billion dollars worth of money that flowed into Hydra during that time was not clean money used to buy drugs or other contraband offered for sale on the site, but rather dirty money that Hydra was helping to are washed and exchanged for rubles.
So far, Chainalysis has tracked just over $200 million in stolen cryptocurrency entering the site’s coffers in 2021. and 2022 It has also tracked much smaller amounts related to other crimes, with approximately $4 million from sanctioned sources, $5 million from fraud, and $4 million from ransomware. (Chainalysis saw nearly $9 million in total ransomware payments targeting Hydra over the market’s lifetime, but says that relatively small number is a conservative estimate.) Another big chunk of the site’s incoming payments during that time, nearly $310 million , were from dark-web markets — including some Hydra funds recycled back into the site — as users try to launder proceeds from selling drugs and other illegal products and services and withdrawing.
