Hydra Server Seizure May Not Be the End of the Darknet Beast

Last week, the German BKA announced they had successfully shutdown one of the largest Russian markets on the darknet: Hydra.

Hydra server seizer banner declaring that the platform and content have been seized by the BKA.
[Hydra server seizure banner]
“The platform and the criminal content have been seized by the Federal Criminal Police Office (BKA) on behalf of the Attorney General’s Office in Frankfurt am Main in the course of an international coordinated law enforcement operation.”

Launched in 2015, Hydra has been a mythical and staying force of the darknet for nearly a decade.

Hydra market boasted over 17 million customers and over 19,000 seller accounts at the time of shutdown. It grew significantly after many of the buyers and vendors from its competitor: Russian Anonymous Market Place (RAMP), turned to Hydra after RAMP was seized by Russian authorities in September 2017.

Hydra was known for underground illicit goods trading, expanding its operations from drugs and narcotics into digital services, counterfeiting and forged goods, as well as stolen data in recent years. The market also provided a robust mixing service known as the “Bitcoin Bank Mixer” for laundering cryptocurrencies.

On April 5th, the US Justice Department published an indictment against 30 year old Russian national, Dmitry Olgevich Pavlov – the owner of the Russian web hosting company, Promservice, Ltd., and domain administrator for wayaway[.]biz. The US is charging Pavlov as a co-conspirator with “other operators of Hydra” to facilitate years of illegal trade across the darknet marketplace. According to the investigators, “Pavlov allowed Hydra to reap commissions worth millions of dollars generated from the illicit sales conducted through the site.”

There is a darknet forum with the same name, Wayaway that has been a long-time partner of Hydra.

According to users on Telegram, Pavlov has previously stated that his company has all the licenses and approval of Roskomnadzor (Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media, e.g. propaganda agency), does not actually administer any sites, but simply leases servers as an intermediary.

“We do not know what is hosted here, because after granting access to the server, clients change their password, and access is impossible.”

On the same day, the US Treasury Department imposed sanctions not only against the Hydra darknet marketplace, but also against the Garantex cryptocurrency exchange. The exchange was established in 2019, is reportedly compliant with AML and KYC laws, and fully regulated in Estonia and across Europe. The Treasury Department also published a list of over 100 cryptocurrency addresses affiliated with operators of Hydra and Garantex.

Future of Hydra and Russian Darknet Markets

Despite being such a popular Tor service, especially for the eastern European narcotics trade, there have been numerous deep web services and vendor shops emerge in recent years that similarly support underground illegal economies. The Hydra shutdown will have little impact on buyers seeking access to the goods and services they require. We believe many users will simply shift to other services of this nature across the darknet and deep web.

This weekend a representative from Hydra’s staff shared that there had been no arrests associated with the servers’ seizure and encouraged users not to panic. Their statement read like a typical commercial breach announcement to its users. Translated key points include:

The entire infrastructure of the hydra was removed and now we are restoring all the functions of the site from backup servers.
You should not panic and switch to militant resources with a platform, too, we will scold and punish for this.
Passwords are recommended to be changed after the restoration of all functionality.
… (arrests) are not expected if you kept your anonymity.

One thing that is constant in the darknet is change. DarkOwl analysts also noticed the shutdown of another massively popular decentralized marketplace in recent weeks: World Market. Unlike Hydra, World Market is believed to have exit scammed with reports that the admin, Lovelace likely stole over 4 Million USD of the market’s escrow funds.

Curious about something you read? Interested in learning more? Contact us to find out how darknet data applies to your use case.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2022 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.