On April 5, German authorities announced the takedown of the Hydra marketplace, the world’s largest darknet market trading in illicit drugs, cyberattack tools, forged documents and stolen data. The criminal operation, with about 17 million customer accounts, raked in billions in bitcoin before getting shut down.

On its website, the Federal Criminal Police Office (BKA) stated it had secured and closed Hydra’s server infrastructure. Bitcoins amounting to about $25 million were seized, which were attributed to the Hydra marketplace.

At the same time, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra. This was a coordinated effort involving multiple U.S. federal authorities and the German Federal Criminal Police.

What Is Hydra?

According to the U.S. Department of the Treasury, Hydra was launched in 2015. It is the most prominent Russian darknet market and the largest darknet market in the world. Hydra trades in Ransomware-as-a-Service, breach services and software, stolen personal information, counterfeit currency, stolen virtual currency and illicit drugs. Following a sale, Hydra’s vendors anonymously distributed illicit goods to physical locations. After Hydra received payment, typically in cryptocurrency, buyers would receive location coordinates.

The Treasury press release states, “According to blockchain researchers, approximately 86% of the illicit bitcoin received directly by Russian virtual currency exchanges in 2019 came from Hydra. Before today’s action, Hydra’s revenue had risen dramatically from under $10 million in 2016 to over $1.3 billion in 2020. This growth in profit is enabled by Hydra’s association with Russian illicit finance.”

Affiliated Virtual Currency Exchanges Sanctioned

In addition to sanctioning Hydra, OFAC found over 100 virtual currency addresses used to conduct illicit transactions. These addresses are also connected with the Hydra gang.

For example, look at Garantex, a virtual currency exchange founded in 2019 and first registered in Estonia. The Treasury states that known Garantex transactions show over $100 million connected with illicit actors and darknet markets. These transactions include nearly $6 million from the Russian Ransomware-as-a-Service gang Conti and about $2.6 million from Hydra.

Massive Takedown

According to BKA, the Hydra network amassed 17 million customer accounts and over 19,000 registered sellers. In 2020, the group had a global turnover of $1.34 billion. Enforcement agencies noted that Hydra affiliates made the investigation extra challenging. For example, Bitcoin Bank Mixer hid digital transactions provided by the platform.

Mixers scramble up bitcoin in private pools before dividing them up among their recipients. Mixing coins together makes it much more difficult to trace transactions. Analysts may only see that someone sent coins to the mixer while the final recipient and amounts remain obscured.

Now that Hydra has closed, visitors will only find a takedown banner.

Takedown banner. Source: BKA 

Prosecution Underway

Prosecutors are now charging Hydra operators and administrators with running a criminal trading platform, participating in the unauthorized purchase and sale of narcotics and commercial money laundering.

More from Risk Management

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

What Does a Network Security Engineer Do?

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling this complex security infrastructure is the network security engineer. In a nutshell, the network security engineer is the person who is responsible for the design and implementation of the organization’s security system, ensuring there are no gaps or vulnerabilities for…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

What is Reverse Tabnabbing and What Can You Do to Stop It?

Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. After hijacking an inactive tab and redirecting it to malicious URLs, an attacker can perform a phishing attack and execute scripts. With reverse tabnabbing, on the other hand, attackers can actually rewrite the source page after a victim clicks a malicious link. Usually, this means replacing a source page with a phishing site before the victim navigates back to that original tab. Here, the redirection…