Access management, fraud management and cybercrime
Bundeskriminalamt seizes 543 Bitcoins; No arrests yet
Mihir Bagwe •
April 5, 2022
German police said they shut down Russian darknet market Hydra, known for offering stolen credit and SIM cards, VPN access and cryptocurrency laundering services.
See also: Third party risk: lessons on Log4j
The Federal Criminal Police Office of Germany, also called Bundeskriminalamt – or BKA – is also said to have seized 543 bitcoins, worth around $25 million, associated with the market.
In a statement to Information Security Media Group, a BKA representative says there have been “no arrests in connection with the actions taken today.” The BKA declined to comment on further matters as it is an ongoing investigation.
Agencies involved in the investigation include the German Central Office for Combating Cybercrime – or ZIT, as well as US law enforcement authorities including the Federal Bureau of Investigation, the US Department of Justice and the United States Drug Enforcement Administration.
The FBI, DOJ and DEA have not yet responded to ISMG’s request for comment.
The vast operation began in August 2021. The biggest challenge the agencies faced, according to the BKA, was tracing the funds – the darknet market offered criminals on its platform crypto mixing services to obfuscate transactions digital, the statement said.
Hydra, a darknet market for Russian speakers, accounted for 75% of global darknet market revenue last year, according to a blockchain forensics firm On-chain analysis. The company, in its report, details how cryptocurrency has flowed to and from these markets over the past year.
Hydra, according to the BKA statement, had “[a]approximately 17 million customers[s] and over 19,000 registered seller accounts on the Marketplace. According to ZIT and BKA estimates, “Hydra Market” was probably the illegal market with the highest turnover in the world. Its sales amounted to at least 1.23 billion euros (about $1.34 billion) in 2020 alone.”
These findings echo a joint analysis published by research firm Flashpoint and Chainalysis a year ago (see: How the Hydra Darknet Market Crossed the $1 Billion Barrier).
“Hydra’s market activity has skyrocketed since its inception, with annual transaction volumes growing from a total of $9.4 million in 2016 to $1.37 billion in 2020,” according to the report.
Seize a “drop in the ocean”
The $25 million seizure is “a drop in the bucket” compared to Hydra’s annual revenue of $1.35 billion in 2020, says Kevin Beaumont, a former Microsoft threat analyst and security professional. cybersecurity.
The servers were based in Germany so the input should be interesting. They clearly only got a tiny fraction of the cryptocurrency involved, as Hydra made around $2 billion in revenue last year, I’m guessing it was moved to other wallets and such.
— Kevin Beaumont (@GossiTheDog) April 5, 2022
Citing the recent takedown of DarkMarket, Raid Forums and now Hydra, Beaumont said“It will be interesting to see where people show up next.”
Commenting on whether a decade-old company with $2 billion in revenue wouldn’t have backups, Beaumont said“We’ll see! [But] historically many of them struggle to recover significantly because they make mistakes like having backups on the same host etc.”
Stopping a “significant blow”
On the other hand, Bill Callahan, director of government and strategic affairs of the Blockchain Intelligence Group, says that this seizure and investigation, involving the collaboration of several law enforcement agencies, is a blow to drug traffickers. and other illicit actors operating in Hydra. network.
“As new evidence develops, we will most likely see further arrests and prosecutions in Germany and the United States,” he told ISMG. Intelligence developed from electronic evidence and blockchain intelligence, he adds, will be “huge and able to identify offenders previously unknown to law enforcement.”
Additionally, global financial criminal investigations typically involve U.S. dollar transactions or the use of a U.S. financial institution, which likely places a co-conspirator under U.S. legal jurisdiction, Callahan says.
Hydra rules to counter the investigation
The Flashpoint and Chainalysis report shows that the darknet market has added several rules for sellers and buyers that make it harder to track sales and the flow of money. “Since July 2018, Hydra has imposed strict limits on sellers, requiring their cryptocurrency funds to be withdrawn in Russian fiat currency via certain regionally operated exchange and payment services,” it says.
Founded in 2015 with an initial focus on narcotics sales, Hydra was able to significantly expand its operations and services after its main competitor, the Russian Anonymous Market – or RAMP – was shut down by Russian law enforcement in 2017. Many RAMP members have migrated to Hydra, the report says.
It also states that Hydra is likely operated by at least 11 people, each with specific responsibilities and participating in market forums.
This is a developing story. Further updates will be posted as they become available.