How the Hydra Darknet Market Broke the $1 Billion BarrierResearch Report Describes Marketplace's Evolving Tactics
The Hydra darknet marketplace, which initially focused on narcotics sales, now also offers stolen credit cards, SIM cards, VPN access and cryptocurrency laundering services, with annual sales exceeding $1 billion, according to a report by the research company Flashpoint and the blockchain analysis firm Chainalysis, which explains the market's tactics.
See Also: Automating Security Operations
"Hydra market activity has skyrocketed since its inception, with annual transaction volumes growing from a total of $9.4 million in 2016 to $1.37 billion in 2020," the report states.
The darknet market's growth may enable Hydra to expand outside Russia and the nearby Commonwealth of Independent States region where it currently operates, says Vlad Cuiujuclu, team lead with Flashpoint.
Russian government authorities have not interfered with the market since its inception, Cuiujuclu says.
"Its operators have been planning to expand beyond these borders for years. If this happens, there is a chance that law enforcement will show an increasing interest in the marketplace and its offers," he says.
Flashpoint and Chainalysis say the marketplace has added several rules for sellers and buyers that make tracking sales and the flow of money more difficult.
"Since July 2018, Hydra has imposed strict limitations on sellers, requiring that their cryptocurrency funds be withdrawn into Russian fiat currency via select regionally operated exchanges and payment services," the report says.
Hydra was able to greatly expand after its primary competitor, the Russian Anonymous Marketplace, or RAMP, was shut down by Russian law enforcement officials in 2017. Many RAMP members migrated to Hydra, the report says.
The researchers say Hydra is likely operated by at least 11 individuals, each of whom has specific responsibilities and participates on the marketplace's forums.
"When it comes to the question about Hydra's connection to the Russian government, we can only speculate," Cuiujuclu says. "However, the fact that Hydra has been untouched by Russian law enforcement for the past six years likely suggests that Russian politicians or law enforcement operatives benefit from Hydra's operations in one form or another.
"Russian organized crime and cybercrime has a complex relationship with the country's law enforcement and officials, which allows some criminal ventures to operate virtually undisturbed."
Other darknet marketplaces have been affected by law enforcement activities. For example, in February, Joker's Stash ceased operations just weeks after the FBI and Interpol briefly seized the blockchain domains used by the site (see: Joker's Stash Reportedly Shutting Down Operations).
The marketplace requires that those selling on Hydra cannot simply withdraw their illicit gains but must convert them to Russian rubles using exchange services and electronic wallets, the report notes.
Marketplace users must meet two standards before they can remove any money.
"Sellers must establish a reliable sales track record with more than 50 completed transactions on Hydra, and they must maintain eWallet balances of USD-equivalent $10,000 or more," the report says.
In an even more elaborate effort to stay hidden from cryptocurrency exchange compliance officers, Hydra has implemented a physical money withdrawal and payment system dubbed "buried treasure," in which the funds are literally buried in the ground. Hydra borrowed this tactic from drug dealers who often leave purchased goods in a location where a buyer can later pick them up.
This requires a "customer/buyers to hire designated couriers ('kladmen') to bury cash underground in vacuum-sealed bags within specific agreed-upon locations for the sellers to dig up later," the report says.
According to April 2021 ads on the forum "legalrc," cybercriminals were offering kladsmen upwards of 30,000 [Russian] rubles ($400) per day or contracting them for a full week at $1,000 or more," the report notes.