German authorities, with the assistance of the US Justice Department, reported on April 4th that they had dismantled Hydra Market, a dark web marketplace used for the buying and selling of illegal goods and services.
What was Hydra Market?
Founded in 2015, Hydra Market was the largest Russian-language illicit marketplace on the dark web with 19,000 seller accounts and over 17 million customer accounts.
Users were able to browse Hydra by accessing it via a dark web browser such as Tor. While the majority of the transactions on the platform involved the buying and selling of illegal drugs, Hydra also provided the means by which to sell stolen credentials, data, documents and more.
Most of Hydra’s economy was based on cryptocurrency and Russian rubles.
According to the US Justice Department, “in 2021, Hydra accounted for an estimated 80% of all darknet market-related cryptocurrency transactions, and since 2015, the marketplace has received approximately $5.2 billion in cryptocurrency.”
Hydra Market sellers also offered a “dead-drop” service in which users could submit cryptocurrency in exchange for rubles that would be physically placed somewhere or even buried. Users would receive a notification telling them where their money could be found, allowing the transaction to be performed with almost no digital footprint.
Hydra was a key piece of online infrastructure used to launder money for some of Russia’s biggest, most threatening ransomware gangs including Ryuk and Conti. It provided sales and services across a number of different countries.
How was Hydra taken down?
The German Federal Police, known as the BKA, announced that they participated in collaboration with the FBI, the DEA, IRS Criminal Investigations and Homeland Security Investigations in the US to seize servers based in Germany that were being used by Hydra.
The result of the seizure, which included $25.1 million in bitcoin, saw Hydra Market taken offline and its homepage replaced with an image of handcuffs signifying its demise at the hands of German law enforcement.
The US treasury also placed sanctions on the market and on over one hundred of the cryptocurrency addresses associated with it.
What impact will Hydra Market’s absence have on cybercrime?
The abrupt closure of Hydra Market is likely to cause a degree of disruption in the cybercrime community, at least in the short term.
Without the financial services that the platform offered, those looking to launder money or obscure their footsteps when it comes to moving cryptocurrency will have to find other means with which to do so.
As the platform’s mythological name suggests, Hydra Market is believed to be operated by at least 11 different administrators whose locations are unknown.
No arrests have been publicly announced following the seizure of Hydra’s servers, leaving many to assume that the platform is likely to return, especially if its original operators remain unscathed.
However, second chances on the dark web have a history of disappointing success. A second version of Hydra Market will likely lack the authenticity of the first one due to it having been dismantled.
A lack of arrests might also lead former users of the platform to suspect that the site’s admin team had been compromised by law enforcement and may now be keeping an eye on the market’s buyers, sellers and overall activities.
One thing is for certain. A vacuum of this magnitude does not remain unfilled for long. While Hydra may have been the king of Russian language dark web enterprises, it is far from the only option.
As customers and sellers alike migrate to other platforms, it remains to be seen if one will be favored or if all other sites enjoy an influx of activity due to Hydra’s absence.
Already, sellers from Hydra have been moving to Telegram to keep business alive, although much of the chatter online among dark web buyers and sellers is reportedly more fatalistic than expected considering how resilient black markets tend to be.
In spite of Hydra Market being a major player when it comes to international cybercrime, and the Russian drug trade in particular, Russia continues to remain a place in which enterprises of this nature can be generally run with impunity as far as the law is concerned.
As is the case with ransomware gangs like Conti, the Russian government seems to take a hands off approach to criminal organizations so long as they cause disruption among political rivals.
That is, of course, until it becomes more politically convenient to simply give them up as was the case with the recent dismantling of REvil.
US Treasury Secretary Janet Yellen said that the takedown of Hydra Market telegraphs “a message today to criminals that you cannot hide on the darknet or their forums, and you cannot hide in Russia or anywhere else in the world. In coordination with allies and partners, like Germany and Estonia, we will continue to disrupt these networks.”
While her words ring true with regard to criminal behavior carrying the risk of consequences doled out by federal authorities, they also imply the fact that cybercriminals and the law will continue to engage in a game of international whack-a-mole indefinitely.
For as long as countries like Russia provide a safe haven for criminals to lob attacks with little fear of retribution, Hydra’s disappearance, whether temporary or permanent, will likely be just another cost of doing business when it comes to the growing and profitable world of cybercrime.
- Hydra takedown merely shifts cyber criminal problem elsewhere by Alex Scroxton, 6 April 2022, ComputerWeekly
- $25 million confiscated by German authorities in takedown of Hydra dark web marketplace by Jonathan Greig, 5 April 2022, The Record
- German Police Take Down Hydra Market, a Major Dark Web Marketplace by Michael Kan, 5 April 2022, PCMag
- Hydra Market – Wikipedia
- Shutdown of Russia’s Hydra Market Disrupts a Crypto-Crime ATM by Andy Greenburg, 5 April 2022, WIRED