An investigation into the Hydra marketplace has revealed surging transaction volumes and a thriving -- albeit illicit -- cryptocurrency ecosystem.
On Tuesday, Flashpoint and Chainalysis jointly released a report into Hydra, a marketplace in the dark web.
At its inception in 2015, Hydra was well-known for the sale of narcotics, but as time has gone on, the market has expanded to include stolen credit card data, counterfeit documents including IDs, fake banknotes, and cyberattack services, among other offerings.
Annual transaction volumes have climbed year-over-year, going from an estimated $9.4 million in 2016 to at least $1.37 billion in 2020.
Cryptocurrency is often used by cybercriminals in underground marketplaces to maintain a degree of anonymity and purchase goods and launder proceeds, such as funds obtained through theft, illegal goods sales, or ransomware payouts.
However, the underlying blockchain technology, as analyzed by the researchers, can still reveal something about transaction rates. The team says that in its three most recent years, Hydra has grown by roughly 624% year-over-year, making it potentially one of the more popular criminal marketplaces at present.
The market, which only serves Russian speakers, has managed to avoid more than a short period of downtime or seizure by law enforcement -- at least, for now.
Hydra keeps its users in line and has stringent seller requirements, which could be an important aspect of the marketplace's illicit success. Since at least July 2018, Hydra operators have demanded that at least 50 successful sales are made before withdrawals are allowed, and an eWallet account containing at least $10,000 has to be maintained.
When it comes to the cryptocurrency exchanges handling transactions to and from Hydra, Chainalysis deems many "high-risk" as they do not enforce Know Your Customer (KYC) regulations. Most are located in Russia, and overall, only a small percentage of transactions are funneled through cryptocurrency platforms generally associated with legitimate trading.
Over 1,000 unique deposit addresses and transactions upwards of $7 million, thought to be linked to Hydra, have been recorded.
Withdrawals, too, are set through payment services and exchanges "exclusively or primarily based in Russia and [in] Russian-friendly Eastern European countries," according to the report. Hydra requires sellers to convert their profits into fiat, Russian currency.
Despite the iron fist imposed on sellers, Hydra accounts are still highly sought after.
The researchers say a new sub-market has sprung up in recent times to obtain access to established seller accounts, as well as users attempting to skirt around Hydra's fiat currency withdrawal requirements -- just for a cut of the profit. Stores are being sold for up to $10,000.
Law enforcement agencies have seized and closed down dark web marketplaces ranging from Silk Road to DarkMarket. However, at least for now, Hydra continues to facilitate the sale of illegal goods and services.
In January, Europol took down DarkMarket, a platform facilitating traders between roughly half a million users. An Australian citizen, suspected of being the website's operator, has since been arrested.
Previous and related coverage
- WeSteal: A 'shameless' cryptocurrency stealer sold in the underground
- Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency
- FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0