+++lead-in-textnnOn the dark web, the takedown of yet another cryptocurrency-based black market for drugs has become almost a semiannual routine, with plenty of competitors ready to fill the shoes of any market law enforcement manages to bust.But the seizure of the Russian-language dark-web site Hydra may have ripple effects that go further than most: It represents a disruption of not just the post-Soviet world’s biggest hub of online narcotics sales, but also of a cybercriminal money-laundering and cash-out service that had been used in crimes with victims across the globe.nn+++nnGerman law enforcement agencies [announced](https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2022/Presse2022/220405_PM_IllegalerDarknetMarktplatz.html) early Tuesday morning that German federal police known as the BKA—in a [joint operation](https://home.treasury.gov/news/press-releases/jy0701) with the FBI, DEA, IRS Criminal Investigations, and Homeland Security Investigations in the US—seized Hydra’s Germany-based servers, shutting down the site and confiscating $25 million in bitcoins stored there.In doing so, they’ve put an end to, by some measures, the longest-running and most crowded black market in the history of the dark web, with 19,000 seller accounts and more than 17 million customer accounts, according to BKA.The US treasury simultaneously [imposed new sanctions](https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220405) on the market and more than a hundred of its cryptocurrency addresses.nnIn total, Hydra [facilitated more than $5 billion dollars](https://www.elliptic.co/blog/5-billion-darknet-market-hydra-seized-by-german-authorities) in illicit cryptocurrency transactions since it launched in 2015, according to blockchain analysis firm Elliptic.The majority of those transactions, Elliptic says, were sales of illegal drugs, which were strictly limited to Hydra’s target market of former Soviet states.
But Hydra also played a significant and more global role for cybercriminals: It offered “mixing” services designed to launder crypto and make it more difficult to trace, alongside exchange services that allowed clients to trade in the crypto proceeds from all manner of crime for Russian rubles—in some cases, even for cash bundles buried in the ground for customers to dig up later.nn“It has this dual function of being a drugs market and a service for cybercriminals—and particularly Russian cybercriminals,” says Jess Symington, Elliptic’s research lead.“So it does impact more than just the drugs community, and it forces these individuals to now potentially reconsider how they’re going to launch their funds or cash out.”nnAround half of the roughly $2 billion in transactions going into Hydra’s cryptocurrency addresses in 2021 and early 2022 were from illicit or “risky” sources, such as stolen funds, dark-web markets, ransomware, online gambling, scams, and individuals and organizations facing sanctions, according to cryptocurrency tracing firm Chainalysis.In other words, close to a billion dollars’ worth of the money entering Hydra over that time wasn’t clean money used to buy drugs or other contraband available for sale on the site, but rather dirty money that Hydra was helping to launder and exchange for rubles.nnChainalysis has so far tracked just over $200 million in stolen cryptocurrency going into the site’s coffers in 2021 and 2022.
It has also tracked much smaller amounts linked to other crimes, with roughly $4 million from sanctioned sources, $5 million from fraud, and $4 million from ransomware.(Chainalysis saw close to $9 million in total ransomware payments funneled into Hydra over the market’s lifetime but says that relatively small number is a conservative estimate.) Another major chunk of the site’s incoming payments during that time, close to $310 million, were from dark-web markets—including some funds from Hydra recycled back into the site—as users sought to launder the proceeds from the sales of drugs and other illegal products and services and cash out.nnAll of that makes it clear that Hydra wasn’t merely a Silk Road for the post-Soviet world, but a significant player in the financial services of a more far-reaching cybercriminal economy—one that’s now been abruptly yanked offline.“I’m going to be following this really closely because it’s going to be really impactful on the ecosystem, ” says Kim Grauer, director of research at Chainalysis.“It’s a major disruption.”nnAs a cashout service, Hydra didn’t function like a normal exchange, in which users could trade cryptocurrency for traditional dollars or euros in a bank account, or vice versa.
Instead, according to Russian-speaking analysts at threat intelligence firm Flashpoint, the market offered services in which customers could spend cryptocurrency to buy rubles from vendors on the site, which were then sent to the buyer with payment services like QIWI, Tinkoff, or Yandex.Money (which has since rebranded as YooMoney).Users who sought to leave even less of a digital trail could also use *klad,* or “hidden treasure” services, a [dead-drop system](https://www.wired.com/story/what-is-dead-drop/) where rubles they purchased with crypto are buried in bundles underground by a courier.A few hours later, the service would share the location of the buried cash with the buyer, who could then dig it up and retrieve it.nnDue to the risk of discovery or theft, those dead-drop services charged a hefty commission—as much as 15 percent, according to Flashpoint—but that may have been worth the cost for paranoid users holding cryptocurrency connected to serious crimes.”Basically, you take the tracing part out of the equation,” says Vlad Cuiujuclu, an analyst at Flashpoint.“Paying a couple more percent is preferable to being traced and endangering yourself.”nnWhether Hydra is really offline for good or will resurface in the near future remains an open question.Germany’s BKA, after all, didn’t announce any arrests in its takedown operation.
In keeping with its many-headed name, a joint report from Flashpoint and Chainalysis last year counted at least 11 administrators and operators who have run the market under pseudonyms like Ironman, Deus, Handsome Jack, Glavred, Fatality, and Satoshi Nakamoto.nnBut even if the Hydra operators have escaped law enforcement, they may still face suspicion from their dark-web peers if Hydra reappears online, argues Elliptic’s Symington: Users may now fear that the Hydra admins have been compromised by law enforcement.“We’ve seen other markets struggle when they pop back up as version two,” she says.“They never really do as well as the original sites.And there’s always questions around the authenticity of the claims of the administrators.”nnAfter a decade demonstrating its resilience to law enforcement, however, the larger cryptocurrency black market will almost certainly produce another operation to fill the same Russian-language niche.Even if Hydra is gone for good, the dark web’s illicit economy will no doubt be ready to grow another head to replace it.nn***n### More Great WIRED Storiesn- 📩 The latest on tech, science, and more: [Get our newsletters](https://www.wired.com/newsletter?sourceCode=BottomStories)\!n- It’s like [GPT-3 but for code](https://www.wired.com/story/openai-copilot-autocomplete-for-code/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc)—fun, fast, and full of flawsn- You (and the planet) really need a [heat pump](https://www.wired.com/story/why-you-the-planet-need-heat-pump/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc)n- Can an online course help [Big Tech](https://www.wired.com/story/foundations-humane-technology-online-course-silicon-valley/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc) find its soul?n- [iPod modders](https://www.wired.com/story/ipod-modders/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc) give the music player new lifen- [NFTs don’t work](https://www.wired.com/story/nfts-dont-work-the-way-you-think-they-do/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc) the way you might think they don- 👁️ Explore AI like never before with [our new database](https://www.wired.com/category/artificial-intelligence/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc)n- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the [best fitness trackers](https://www.wired.com/gallery/best-fitness-tracker/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc), [running gear](https://www.wired.com/gallery/best-running-gear/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc) (including [shoes](https://wired.com/gallery/best-trail-running-shoes-round-up/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc) and [socks](https://www.wired.com/gallery/best-running-socks/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc)), and [best headphones](https://www.wired.com/gallery/best-headphones-under-100/?itm_campaign=BottomRelatedStories&itm_content=footer-recirc)nn.
