German authorities have taken down the Hydra marketplace – a popular destination on the Dark Web for trading in illicit goods and services, including cyberattack tools and stolen data.
This week, they were able to commandeer and take offline underpinning infrastructure such as servers, plus install a takedown banner in place of a working website, all while seizing $25 million (€23 million) in funds in the process.
“The illegal marketplace was a Russian-language Darknet platform that had been accessible via the Tor network since at least 2015,” according to a Tuesday statement from Frankfurt’s public prosecutor (ZIT) and Germany’s Federal Criminal Police Office (BKA). “Their focus was on trading in illegal narcotics. In addition, data spied out worldwide, forged documents and digital services were offered profitably via the platform.”
Security firm Elliptic said that it confirmed the seizure, which occurred on April 5 in a series of 88 transactions amounting to 543.3 BTC, according to a post about the Hydra crackdown on Tuesday. It also said that since its inception, Hydra has pulled in around $5 billion in Bitcoin.
The takedown operation has been in motion since last August, according to the notice, and included cooperation from American authorities. The investigation found that Hydra had 17 million customer accounts and boasted more than 19,000 registered sellers, with a global turnover of $1.34 billion (€1.23 billion) just in 2020. alone. Finding that information was not easy, the agencies noted.
“In particular, the Bitcoin Bank Mixer, a service for obfuscating digital transactions provided by the platform, made crypto-investigations extremely difficult for law enforcement agencies,” the posting noted. In the end they discovered that “Hydra…was probably the illegal marketplace with the highest turnover worldwide.”
Prosecutors are charging Hydra operators and administrators with charges of: commercially operating a criminal trading platform on the internet; the commercial procurement or granting of an opportunity for the unauthorized purchase or the unauthorized sale of narcotics; and commercial money laundering.
Cracking Down on Illegal Dark Markets
Given their status as linchpins of the Dark Web underground economy for cybercriminals and narcotics traders alike, international authorities have continued to put effort into dismantling underground markets.
One of the earliest wins was the dismantling of Joker’s Stash in late 2020. It was a popular cybercriminal destination that specialized in trading in payment-card data, offering millions of stolen credit and debit cards to buyers. Anyone purchasing the information can create cloned cards to physically use at ATMs or at in-store machines that aren’t chip-enabled; or, they can simply use the information to buy things online. Law enforcement managed to disable its blockchain DNS sites as well as Tor addresses.
Then last year, Europol announced the takedown of DarkMarket, which according to the law enforcement agency was “the world’s largest illegal marketplace on the Dark Web.”
DarkMarket served as a marketplace for cybercriminals to buy and sell drugs, counterfeit money, stolen or counterfeit credit card data, anonymous SIM cards and malware. According to Europol, DarkMarket had almost 500,000 users and more than 2,400 sellers at the time of closure.
In addition, “several darknet services have also voluntarily closed down over the winter of 2021-22,” according Elliptic.
Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.