On April 5, German authorities announced the takedown of the Hydra marketplace, the world’s largest darknet market trading in illicit drugs, cyberattack tools, forged documents and stolen data. The criminal operation, with about 17 million customer accounts, raked in billions in bitcoin before getting shut down.

On its website, the Federal Criminal Police Office (BKA) stated it had secured and closed Hydra’s server infrastructure. Bitcoins amounting to about $25 million were seized, which were attributed to the Hydra marketplace.

At the same time, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra. This was a coordinated effort involving multiple U.S. federal authorities and the German Federal Criminal Police.

What is Hydra?

According to the U.S. Department of the Treasury, Hydra was launched in 2015. It is the most prominent Russian darknet market and the largest darknet market in the world. Hydra trades in Ransomware-as-a-Service, breach services and software, stolen personal information, counterfeit currency, stolen virtual currency and illicit drugs. Following a sale, Hydra’s vendors anonymously distributed illicit goods to physical locations. After Hydra received payment, typically in cryptocurrency, buyers would receive location coordinates.

The Treasury press release states, “According to blockchain researchers, approximately 86% of the illicit bitcoin received directly by Russian virtual currency exchanges in 2019 came from Hydra. Before today’s action, Hydra’s revenue had risen dramatically from under $10 million in 2016 to over $1.3 billion in 2020. This growth in profit is enabled by Hydra’s association with Russian illicit finance.”

Affiliated virtual currency exchanges sanctioned

In addition to sanctioning Hydra, OFAC found over 100 virtual currency addresses used to conduct illicit transactions. These addresses are also connected with the Hydra gang.

For example, look at Garantex, a virtual currency exchange founded in 2019 and first registered in Estonia. The Treasury states that known Garantex transactions show over $100 million connected with illicit actors and darknet markets. These transactions include nearly $6 million from the Russian Ransomware-as-a-Service gang Conti and about $2.6 million from Hydra.

Massive takedown

According to BKA, the Hydra network amassed 17 million customer accounts and over 19,000 registered sellers. In 2020, the group had a global turnover of $1.34 billion. Enforcement agencies noted that Hydra affiliates made the investigation extra challenging. For example, Bitcoin Bank Mixer hid digital transactions provided by the platform.

Mixers scramble up bitcoin in private pools before dividing them up among their recipients. Mixing coins together makes it much more difficult to trace transactions. Analysts may only see that someone sent coins to the mixer while the final recipient and amounts remain obscured.

Now that Hydra has closed, visitors will only find a takedown banner.

Takedown banner. Source: BKA 

Prosecution underway

Prosecutors are now charging Hydra operators and administrators with running a criminal trading platform, participating in the unauthorized purchase and sale of narcotics and commercial money laundering.