The Russian-language underground marketplace Hydra has been leading the illegal goods market since 2018, thanks in large part to the cessation of competitors and the imposition of restrictive policies on sellers. This is reported in a new joint report by experts from Flashpoint, a darknet research company, and cryptocurrency software manufacturer Chainalysis.
According to the report, the Hydra administration has made it much more difficult to track transactions on the site by forcing users to make transactions in hard-to-track Russian currencies and using regional financial operators and service providers.
“The money laundered by Hydra is very difficult to trace, almost impossible. The illicit drug trade is problematic in itself, and the lack of transparency in financial transactions and the forced conversion of money through regional and more hidden payment systems create additional challenges for monitoring and fighting cybercrime on Hydra”, the researchers said.
This explains why the cyber ransomware group DarkSide behind the infamous attack on the Colonial Pipeline decided to use the services of Hydra to cash out the ransom paid by the victims, even despite the 4% commission.
Over the past few years, the marketplace has rapidly gained momentum. If in the first year of its operation (2015) it earned $ 9.4 million, then in 2020 Hydra's revenue reached $ 1.4 billion. In just three years, the volume of transactions increased by 624%. In 2019, the number of registered users of the site reached 2.5 million.
The growth of Hydra coincided with the liquidation by Russian law enforcement agencies of the underground trading platform RAMP, which in its fight against competitors did not hesitate to resort to "foul play", in particular, periodically reported to the police their IP addresses.
As noted in the report, Hydra's restrictions on sellers include withdrawal conditions. Before collecting their money, merchants must register more than 50 transactions on Hydra and keep digital wallet balances equivalent to $ 10,000.
Precautions taken by site administrators have resulted in reputable sellers having more power and incentives for cybercriminals to obtain the accounts of influential sellers in order to sell them.
Hydra users also had to face heightened security and identification requirements from cryptocurrency exchanges. This has led some of them to literally rely more and more on buried treasures.
“This method of physical seizure requires buyers to hire special couriers ('mortgagers') to bury cash underground in vacuum-sealed bags at specific agreed locations so that sellers can dig it up later. As soon as the physical cash is in the hands of the seller, he completes the sale of drugs, either by burying the sold goods or by sending them, as has always been done”, the report says.
Hydra continues to make illusory plans to enter the global market. However, after the September announcement of the global expansion, nothing has changed. According to Flashpoint, while Hydra is the largest player in the drug market, the site could expand in other directions, attracting more cybercriminals.