Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016.
The “blistering growth” in annual transaction volumes marks a mind-blowing 624% year-over-year soar over a three-year period from 2018 to 2020.
“Further buoying Hydra’s boom is its ability—or its properly fortune—to remain running and unscathed against competitor attacks or law enforcement scrutiny; its solely downtime of note occurred at some point of a short time period at the commencing of the COVID-19 world pandemic in late March 2020,” threat intelligence firm Flashpoint stated in a file jointly published with blockchain analysis company Chainalysis.
Active since 2015, Hydra opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), in particular facilitating narcotics trade, before becoming a bazaar for all things criminal, including providing BTC cash-out offerings and peddling stolen credit cards, SIM cards, documents, IDs, and counterfeit money, with the operators profiting as the intermediary for every transaction carried out on the platform.
Hydra accounts for over 75% of darknet market income global in 2020, positioning it as a major player in the crypto crime landscape in Eastern Europe, in accordance to a file by Chainalysis published in February 2021. This skyrocketing cryptocurrency activity conducted via the market can be partly attributed to the demise of RAMP in September 2017, which resulted in a mass migration of cybercrime gangs to Hydra.
A second contributing factor, according to the research, is the stringent requirements imposed on sellers. Effective July 2018, the guidelines mandate that outbound withdrawals of cryptocurrency proceeds from sellers’ wallets are routed via regionally-operated crypto exchanges and fee services in order to exchange the funds into Russian fiat currency.
Also in place are obstacles that disable seller withdrawals until they either successfully complete greater than 50 sales transactions or maintain an account balance of at least $10,000. These policy changes have in all likelihood benefited Hydra administrators and sanctioned sellers, entities, and service providers, who can still function and fulfill transactions underneath these stricter e-wallet restrictions.
“Upon completion of the customer portion of the transaction, the money trail goes dark as more veiled, in-region monetary operators and service providers manage the sellers’ finances and convert cryptocurrency withdrawals into difficult-to-trace Russian fiat currencies as the subsequent step in the economic chain,” the researchers said.
These withdrawal restrictions have also made Hydra seller accounts a hot commodity on various underground forums, fostering a new offshoot market the place cybercriminals buy an established seller account to gain direct access to the market and entirely sidestep Hydra insurance policies and enforcement controls.
What’s more, Hydra’s cash-out services — which permit bitcoin to be transformed into present vouchers, prepaid debit cards, Russian rubles, or even physical cash that’s hid at a discreet place (aka “hidden treasure”) — have made crypto laundering a rewarding way for criminals to exchange their bitcoin haul without being identified and reported.
DarkSide, the ransomware gang behind the Colonial Pipeline ransomware assault earlier this month, sent 4% of its ill-gotten gains totaling $17.5 million to Hydra’s operators to avail the service.
Another element that appears to be working in Hydra’s prefer is the fact that it is remained unaffected by takedowns and “competitor chicanery” which have impacted other Russian-speaking cybercriminal communities such as Joker’s Stash, Verified, and Mazafaka, raising the opportunity that the marketplace could be “more resilient to oscillating geopolitics and law enforcement efforts.”
“Hydra’s expansion to other illicit trades may also endanger more industry sectors,” the researchers cautioned. “While Hydra presently supports the selling of many illicit items and services, its strongest market, by far, remains narcotics sales. Should Hydra continue to grow, its support of other cybercriminal trades will probably expand along with it.”