U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace
The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world's largest dark web marketplace as part of a coordinated operation in partnership with U.S. officials.
The sanctions are part of an "international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site," the Treasury Department said in a statement.
Along with the sanctions, the Office of Foreign Assets Control (OFAC) disclosed a list of more than 100 virtual currency addresses that have been identified as associated with the entity's operations to conduct illicit transactions.
The sanctions come as Germany's Federal Criminal Police Office shut down the online criminal marketplace that it said specialized in narcotics trade, seizing its servers and 543 bitcoins worth 23 million euros ($25.3 million).
Hydra was a Russian-language darknet platform that had been accessible via the Tor network since at least November 2015, facilitating the trafficking of outlawed goods and services, including illegal drugs, stolen financial information, fraudulent identification documents, and money laundering and mixing services.
The Treasury Department, in a related move, also sanctioned the virtual currency exchange Garantex, making it the third crypto platform to be blocklisted by the U.S. after SUEX and CHATEX.
"Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets, including nearly $6 million from Russian RaaS gang Conti and also including approximately $2.6 million from Hydra," the Treasury Department noted.
Pavlov is alleged to have operated a company named Promservice Ltd., also known as Hosting Company Full Drive, All Wheel Drive, and 4x4host.ru, to commandeer the servers. He also purportedly conspired with other operators of the marketplace by providing the infrastructure backbone that enabled its success in a "competitive darknet market environment."
"In 2021, Hydra accounted for an estimated 80% of all darknet market-related cryptocurrency transactions, and since 2015, the marketplace has received approximately $5.2 billion in cryptocurrency," the DoJ said.
In a simultaneous move, the Department of Justice (DoJ) announced charges against Dmitry Olegovich Pavlov, a 30-year-old Russian national, in connection with operating the servers used to run Hydra, in addition to accusing him for furthering the distribution of narcotics and engaging in money laundering.
Besides allowing vendors to openly advertise a variety of deadly drugs for sale through a five-star rating system, Hydra is also said to have functioned as a distribution channel for forged passports and drivers' licenses as well as hacking tools and services that allowed bad actors to gain illegal access to online accounts.
These transactions on Hydra were conducted in virtual currency and its administrators charged a commission for every transaction conducted on the website. Hydra also provided users with cash-out and mixing services to convert their bitcoins into different forms of digital crypto assets and conceal their tracks.
"The dismantling of the Hydra Market, the dark web's largest supplier of illicit goods and services, sends a message to these electronic criminal kingpins that think they can operate with impunity," said Special Agent in Charge Anthony Salisbury of Homeland Security Investigations (HSI) Miami.
"HSI will continue to work with our U.S. and international law enforcement partners to target these transnational criminal organizations who attempt to manipulate the anonymity of the dark web to push their poison all over the world," Salisbury added.
The takedown has predictably "prompted heated discussions" on the dark web, as threat actors relying on the services offered by Hydra speculate about the future of the marketplace and point out the possibility that authorities or other malicious parties could "set up fake versions of Hydra in order to track down former users."
However, the administrators of Hydra have not acknowledged the closure and are attempting to paint a different picture, cybersecurity company Flashpoint said, with the operators reportedly claiming that "the market is undergoing 'technical works.'"
Source: thehackernews.com