As part of a coordinated effort led by the United States, German police have seized the servers powering Hydra, a notorious darknet marketplace, and confiscated approximately $25 million in bitcoin. Hydra, a Russian-language forum on the darknet, served as a hub for illicit trade, facilitating transactions involving illegal drugs, stolen financial data, forged identification documents (passports and driver’s licenses), and money laundering and mixing services. The marketplace’s “cash-out” services, aimed at laundering money, made it particularly attractive for ransomware operators.
Hydra also hosted vendors offering hacking tools and malicious services, generating revenue by charging a commission on sales. The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) identified over 100 virtual currency wallets linked to illicit transactions. Hydra accounted for an estimated 80% of all darknet market-related cryptocurrency transactions in the previous year, with its revenue surging from under $10 million in 2016 to over $1.3 billion in 2020.
The alleged administrator of Hydra Market, Dmitry Olegovich Pavlov, a 30-year-old Russian resident, has been charged with conspiracy to distribute drugs and money laundering offenses. The US Drug Enforcement Agency, FBI, Internal Revenue Service Criminal Investigation, US Postal Inspection Service, and Homeland Security collaborated on the investigation, with the German Federal Criminal Police executing the takedown.
![](https://www.deeponion.net/wp-content/uploads/2024/01/4b0b-article-220406-hydra-main-1024x576.png)
While cybersecurity experts hailed the operation as a significant achievement in the battle against cybercrime, they warned that other similar markets might emerge to fill the void left by Hydra’s demise. Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, noted that although the takedown represents progress, administrators and users of Hydra could establish a new or rebranded version of the marketplace or migrate to an alternative service. In addition to the action against Hydra Market, sanctions have been imposed on the virtual currency exchange Garantex, accused of handling funds from the Conti ransomware-as-a-service gang and Hydra. Garantex, originally registered in Estonia, faced the loss of its license in February 2022 due to alleged connections with wallets used for criminal activity. Operating primarily in Moscow and St Petersburg, the exchange will face further challenges with the enhanced sanctions impacting its ability to function as a business.