The United States, together with its European allies, has managed to get Hydra market shut down. Servers of this shop, a Russian-language darknet platform, were reported on Tuesday, April 5, 2022, to be seized by German authorities. The marketplace used to be a place to mainly trade illegal drugs and documents, mix cryptocurrency, and exchange bitcoins for Russian rubles.
What is Hydra?
Being a product of a merger of the two other markets 1 operating in the countries of the former USSR, Hydra has been active for more than six years. Specialists agree that it grew to be one of the world’s largest darknet drug shops and the largest cryptocurrency-operating illegal market. You could buy anything there – such was the reputation of Hydra.
Users accessed Hydra via Tor browser with onion routing. That made all operations related to the platform extremely hard to track. The name “Hydra” is an eloquent reference to the mythical Hydra of Lerna, a monster who would grow two heads for each head chopped off. Such a character served as a symbol of darknet websites as something reemerging and unkillable.
There were around 17 million registered users on Hydra when it stopped working. As many as nineteen thousand people were registered as narcotic sellers. Each drug dealer had to pay $300 to register and an extra $100 monthly. The buyers used bitcoins stored on their platform wallets. Generally, Hydra used cryptocurrency as its payment method. After the operation, police obtained 543 bitcoins from these wallets, which amounts to €42,500.
Hydra servers seized in Germany
Federal Criminal Police Office of Germany (Bundeskriminalamt, or shortly BKA) has reported on the seizure of Hydra servers on Tuesday, April 5, 20222. The operation was a result of months of preparation, starting with a tip from the American special services that Hydra trails led to Germany. For half a year, police struggled to deal with Hydra. However, the marketplace managed to evade seizure and hold its ground, despite many other illegal darknet shops being gone due to prosecution or self-elimination (with theft of the money from the platform wallets.)
BKA has discovered Hydra servers under the guardianship of one of the bullet-proof hosting companies. Such groups provide Internet hosting to their clients and ignore any claims and warnings about illegal activities of their wards. Of course, the policies of such companies may vary, and closing one’s eyes to crimes might have a moral limit. What can also be a limit is an official takedown notice. That is what happened in the case of Hydra.
The chance is high that there will be arrests among the representatives of the mentioned outsourcing company providing the servers for the criminal marketplace. However, the administrators of the seized shop are still at large. Their identities remain unknown, so as their capacities to restore the website. The struggle with illegal trade on the darknet continues, as multiple smaller markets can pop out of nowhere to replace Hydra.
Scale of the event
Hydra was a powerful organization. Its lifetime profit figures amount to 5 billion dollars. Just like drug cartels have their own armies, Hydra shop owners had their marketing specialists, security service, chemists, and, very likely, laboratories.
All narc businesses in the post-Soviet states were aware of the existence of Hydra and most likely used the market as a sales platform. Therefore, 2019 rumors about Hydra starting its own ICO were pretty believable. Although it hasn’t come to this, the planned total value of the issued tokens was 147 million dollars.
Even more important is that the Hydra platform was most likely closely connected with the Russian special services, namely Federal Security Service (FSB.) The latter apparently received payments from the shop owners and used the platform for obtaining information. There is no better way to monitor criminal activity than tying it around a single site on the Internet and being in cahoots with its administrators.
The seizure of Hydra could probably take place earlier. It seemingly happened just now, though, so the operation’s effect added to the joint sanctions against Russia over its invasion of Ukraine that started on February 24, 2022.
Relation to cybersecurity
Hydra was a well-known black market of drugs, but the assortment of items and services sold there goes far beyond narcotics. On Hydra, one could buy a ransomware attack as a service, computer hacking campaign, or malware to perform it. Hydra also massively sold stolen data, virtual currency, and personal information.
Up to 8 million dollars of ransomware profits 3, which implies many successful attacks, transited Hydra’s cryptocurrency wallets. More than 85% of the unlawful bitcoins on Russian cryptocurrency exchanges originated from Hydra.
The United States has started a real war on ransomware. In 2021, the absolute majority of ransomware victims worldwide are in the USA, while 74% 4 of ransom money from those attacks went to Russia-related criminals. The shutdown of Hydra is a step in the US crusade on Russian hackers, who earned increased attention from the American security services over their alleged interference in the US presidential election in 2016.
- The Russian Wikipedia page about Hydra states that the platform was formed after two smaller markets, Way Away and Legal RC, merged.
- An official BKA statement on the seizure of Hydra
- The current information is taken from the press release of the U.S. Department of the Treasury about the seizure of Hydra.
- The figures are taken from a BBC investigation analyzing ransomware attacks in 2021.