Hydra, the world’s largest and longest-running darknet market has finally ceased operations, taken offline in a joint effort between German and US law enforcement. On Tuesday, April 5th, Federal police in Germany shut down servers hosting the market’s main URL on the dark web that were located within the country, seizing approximately $25 million in bitcoin in the process.
In a statement, federal police said they were also investigating unnamed individuals believed to be “operating criminal trading platforms on the internet on a commercial basis.”
Hydra was thought to have a userbase consisting of over 19,000 vendors, 2.5 million regular users, and 17 million registered clients overall. Blockchain forensics experts at Chainalysis estimate that roughly $3.4 billion in BTC transactions had transpired at the market over its lifetime, with much of the proceeds collected by admins being passed on to legitimate cryptocurrency exchanges.
Though Hydra was long-believed to be operating out of Russia, yesterday’s reveal of its servers being hosted in Germany – along with other recently-uncovered factors – suggests this was never actually the case.
In February, two Ukrainian-based individuals were named as “responsible for Hydra’s operations” based on an assessment of recently-released information performed by the dark web intelligence-gathering company, Gemini Advisory. The information, initially posted by an anonymous individual behind the hydra.expert domain, was partially confirmed by Gemini and revealed that JavaScript found to be embedded in the marketplace contained the names of the two Hydra masterminds as file authors.
An archived version of hydra.expert details the process by which the two Ukrainian nationals were identified, breaking down the JavaScript code supposedly uncovered from the market and detailing an investigation into the subdomains associated with a domain mentioned in it.
The Russian-language market, founded in 2015, had also recently been placed under sanctions by the US in an effort to cripple financial infrastructure used by cybercriminals associated with massive ransomware attacks that interrupted supply lines across much of the country throughout 2021. It suffered very little downtime during its nearly-seven years in operation, going offline only a few times; the most recent of which was during the early stages of the pandemic.
A Bitcoin-only market, Hydra limited services and sales to residents of countries comprising the former USSR. It made heavy use of the “dead drop” product delivery system through which buyers would dig up or uncover purchases (referred to as “treasures”) hidden at pre-specified locations, thus avoiding use of traditional postal delivery systems.