Last week, the German BKA announced they had successfully shutdown one of the largest Russian markets on the darknet: Hydra.
Launched in 2015, Hydra has been a mythical and staying force of the darknet for nearly a decade.
Hydra market boasted over 17 million customers and over 19,000 seller accounts at the time of shutdown. It grew significantly after many of the buyers and vendors from its competitor: Russian Anonymous Market Place (RAMP), turned to Hydra after RAMP was seized by Russian authorities in September 2017.
Hydra was known for underground illicit goods trading, expanding its operations from drugs and narcotics into digital services, counterfeiting and forged goods, as well as stolen data in recent years. The market also provided a robust mixing service known as the “Bitcoin Bank Mixer” for laundering cryptocurrencies.
On April 5th, the US Justice Department published an indictment against 30 year old Russian national, Dmitry Olgevich Pavlov – the owner of the Russian web hosting company, Promservice, Ltd., and domain administrator for wayaway[.]biz. The US is charging Pavlov as a co-conspirator with “other operators of Hydra” to facilitate years of illegal trade across the darknet marketplace. According to the investigators, “Pavlov allowed Hydra to reap commissions worth millions of dollars generated from the illicit sales conducted through the site.”
There is a darknet forum with the same name, Wayaway that has been a long-time partner of Hydra.
According to users on Telegram, Pavlov has previously stated that his company has all the licenses and approval of Roskomnadzor (Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media, e.g. propaganda agency), does not actually administer any sites, but simply leases servers as an intermediary.
On the same day, the US Treasury Department imposed sanctions not only against the Hydra darknet marketplace, but also against the Garantex cryptocurrency exchange. The exchange was established in 2019, is reportedly compliant with AML and KYC laws, and fully regulated in Estonia and across Europe. The Treasury Department also published a list of over 100 cryptocurrency addresses affiliated with operators of Hydra and Garantex.
Despite being such a popular Tor service, especially for the eastern European narcotics trade, there have been numerous deep web services and vendor shops emerge in recent years that similarly support underground illegal economies. The Hydra shutdown will have little impact on buyers seeking access to the goods and services they require. We believe many users will simply shift to other services of this nature across the darknet and deep web.
This weekend a representative from Hydra’s staff shared that there had been no arrests associated with the servers’ seizure and encouraged users not to panic. Their statement read like a typical commercial breach announcement to its users. Translated key points include:
One thing that is constant in the darknet is change. DarkOwl analysts also noticed the shutdown of another massively popular decentralized marketplace in recent weeks: World Market. Unlike Hydra, World Market is believed to have exit scammed with reports that the admin, Lovelace likely stole over 4 Million USD of the market’s escrow funds.