Dark Web marketplace Hydra rakes in $1.37bn in crypto
Russian-language dark Web marketplace Hydra has pulled in a huge $1.37 billion worth of crypto-currencies in 2020, up from $9.4 million in 2016.
This is according to a study by Flashpoint and Chainalysis, which this week released new joint research findings detailing the inner workings and rise to prominence of Hydra, the dark Web marketplace known primarily for its illicit, high-traffic narcotics market.
The report notes the growth in annual transaction volumes marks a staggering 624% year-over-year jump over a three-year period from 2018 to 2020.
It says the illicit activities, however, no longer end with narcotics for Hydra, as cyber criminals now use it to conduct illicit sales of stolen credit cards, SIM cards, and counterfeit documents and IDs, among other offerings – as well as to obfuscate their own digital transactions through regional exchanges and extended money-laundering tactics.
Flashpoint and Chainalysis point out that further buoying Hydra’s growth is its ability – or its good fortune – to remain running and unscathed against competitor attacks or law enforcement scrutiny. Its only downtime of note occurred during a short time period at the beginning of the COVID-19 global pandemic in late March 2020.
In contrast to most other dark Web marketplaces that want to encourage cyber criminal sellers wherever possible, Hydra takes the opposite tact.
Since at least July 2018, according to Flashpoint Intelligence, Hydra administrators have imposed strict controls on its sellers.
It notes that geospatial data visualisations of Hydra transactional flows further confirm these seller restrictions, with Russia by far the leading destination country for the vast majority of funds exiting all Hydra accounts (both buyers and sellers).
Flashpoint Intelligence discovered that first, seller withdrawals on Hydra are disabled until sellers meet activity minimums in which they successfully complete 50 or more sales transactions, and maintain an e-wallet account balance of at least USD-equivalent $10 000.
Second, it adds, Hydra admins impose strict guidelines as to how seller funds may make withdrawals.
“Sellers must convert their Hydra earnings into Russian fiat currency using a select list of payment operators and exchanges. Perhaps unsurprisingly, the select few regionally-operated exchanges and payment services that are permitted are all exclusively or primarily based in Russia and Russian-friendly Eastern European countries,” it explains.
Ilia Kolochenko, founder of ImmuniWeb, and a member of the Europol data protection experts network, says after several high-profile shutdowns and server seizures of famous dark Web marketplaces, cyber criminals are significantly more prudent.
"The publicly or semi-publicly accessible forums and marketplaces are just a tip of the cyber crime iceberg. Professional cyber mercenaries do not advertise their services, silently selling stolen data to trusted customers from organised crime or governments. They lawfully rent AWS [Amazon Web Services] or similar infrastructure to host their communication centres, fully-encrypted and protected, and totally inconspicuous from the outside.
“Their targeted hacking campaigns are usually untraceable and uninvestigable; moreover, even the victims oftentimes fail to detect the well-prepared and noiseless intrusions. The mercenaries have access to banking institutions, lawyers and offshore companies to silently cash out their loot in any currency and in any form, including gold and real estate.”
According to Kolochenko, public forums in Russian that offer conversion of payments into gift cards or cash in rubles are mainly oriented for beginners.
“Both layers of cyber crime markets are, however, projected to grow in 2021. Lack of cooperation between international law enforcement agencies, missing extradition treaties between the countries and growing political tensions – all hinder prosecution of cyber crime, while proliferation of crypto-currencies spurs the feeling of impunity among the attackers.”