German, U.S. authorities seize world's largest darknet marketplace

Since Hydra was seized Tuesday, visitors to the site have been greeted by a banner informing them of the joint action between the U.S. and German authorities to take down the illicit marketplace. Photo courtesy of Bundeskriminalamt  
Since Hydra was seized Tuesday, visitors to the site have been greeted by a banner informing them of the joint action between the U.S. and German authorities to take down the illicit marketplace. Photo courtesy of Bundeskriminalamt  

April 5 (UPI) -- Authorities in Germany and the United States have seized and shuttered Hydra Market, the world's largest and longest-running darknet marketplace, on accusations it functioned as a criminal trading platform for narcotics, money laundering and other nefarious goods and services.

In conjunction with the move, the U.S. Treasury unveiled sanctions against the marketplace and a cryptocurrency exchange while the Justice Department indicted Hydra's hosting provider.


The Russian-language Hydra Market, located in Germany, ran on the darknet, a network only accessible via specialized software and tools, allowing vendors to surreptitiously create accounts to advertise their illegal products that ranged from drugs to false identification documents, such as U.S. passports and driver's licenses.

Some vendors also sold hacking tools and services where buyers could choose their targets for cyberattacks while others sold stolen financial information.

German officials said the market consisted of more than 19,000 vendors and about 17 million registered buyers who traded exclusively on the platform in cryptocurrencies.


The market has been accessible via the darknet since 2015, with its revenue growing from 10 million the following year to $1.3 billion in 2020, according to U.S. officials.

In total, the market has received $5.2 billion, and represented about 80% of all cryptocurrency transactions on darknet markets last year, they added.

Authorities seized the market Tuesday morning following an investigation launched in August of last year by Germany's Criminal Police Office and its Central Office for Combating Cybercrime along with U.S. law enforcement.

Cryptocurrency wallets containing about $25 million in bitcoin were also grabbed in the joint operation, authorities said.

Visitors to the market since the seizure have been greeted by a banner informing them in English, German and Russian of the law enforcement operation.

"This coordinated action sends a clear message to anyone attempting to operate or support an online criminal enterprise under the cover of the darkweb," U.S. Attorney Stephanie Hinds for the Northern District of California said in a statement. "The darkweb is not a place criminals can operate with impunity or hide from U.S. law enforcement, and we will continue to use our sophisticated tools and expertise to dismantle and disable darknet markets."

U.S. federal prosecutors in conjunction with the seizure also announced charges against Dmitry Olegovich Pavlov, a 30-year-old Russian resident, for operating Promservice, the company that administered Hydra's servers.


The indictment states that starting in 2013 Pavlov managed domain servers for two Russian online drug forums that merged to create Hydra in 2015 in order to compete against a now-shuttered Russian darknet market. Prosecutors accuse Pavlov of administering Hyrda's leased servers from at least November 2015, allowing it to function as an illicit marketplace and in return received cryptocurrency payments.

"He conspired with the other operators of Hydra to further the sites success by providing the critical infrastructure that allowed Hydra to operate and thrive in a competitive darknet market environment," the indictment states, adding that he allowed it to reap commissions worth millions of dollars from illicit sales.

Pavlov has been charged with one count of conspiracy to commit money laundering and one count of conspiracy to distribute narcotics.

The charges follow undercover law enforcement agents buying some 5 grams of methamphetamine and having it sent to a San Francisco post office box. The package originated in Ukraine and its contents were confirmed via laboratory analysts.

The undercover agents then used Hydra's Bitcoin money laundering service to launder .015 Bitcoins, which Hydra remitted to a wallet of the agents' choosing after taking its commission.


Proof of Pavlov's involvement with hosting the marketplace consists of invoices prosecutors said he received from a commercial data center.

"The Justice Department will be relentless in our efforts to hold accountable those who violate our laws -- no matter where they are located or how they try to hide their crimes," Attorney General Merrick Garland said.

Hydra was also sanctioned Tuesday by the U.S. Treasury in a coordinated effort with German partners to disrupt cybercrime.

An Office of Foreign Assets Control investigation has identified some $8 million in ransomeware proceeds that have transited through the markets virtual accounts including from Sodinokibi, also known as REvil, the Russia gang accused of netting some $11 million from major meat producer JBS after forcing its plants to shutter last spring.

The office in sanctioning Hydra also identified more than 100 virtual currency addresses associated with its operations that have been used for illicit transactions.

Estonia-registered virtual currency exchange Garantex was also blacklisted Tuesday by the Treasury as analysis shows it facilitated more than $100 million in transactions with known criminals and darknet markets, including $2.6 million from Hydra and $6 million from a Russia gang.

The targeting of Garantex follows the Treasury again working with Estonia authorities to take down two ransomware operatives and a virtual currency exchange in November.


"Russia is a haven for cybercriminals," the Treasury said Tuesday in a statement. "Treasury is committed to taking actions against actors that, like Hydra and Garantex, willfully disregard anti-money laundering and countering the financing of terrorism obligations and allow their systems to be abused by illicit actors."

Cyberattacks, particularly in the form of ransomware, plagued the Biden administration early in its tenure as it was confronted with several high-profile incidents. Since then, combatting them while fortifying cybersecurity have become priorities for the White House, with President Joe Biden announcing a slew of measures to counter such illicit attacks.

Latest Headlines