The Justice Department announced Tuesday the seizure of Hydra Market (Hydra), the world’s largest and longest-running darknet market.
In 2021, Hydra accounted for an estimated 80% of all darknet market-related cryptocurrency transactions, and since 2015, the marketplace has received approximately $5.2 billion in cryptocurrency.
The seizure of the Hydra servers and cryptocurrency wallets containing $25 million worth of bitcoin was made this morning in Germany by the German Federal Criminal Police (the Bundeskriminalamt), in coordination with U.S. law enforcement.
“The Justice Department will be relentless in our efforts to hold accountable those who violate our laws – no matter where they are located or how they try to hide their crimes,” said Attorney General Merrick Garland. “Together with our German law enforcement partners, we have seized the infrastructure of the world’s largest darknet market, but our work is far from over.”
Hydra was an online criminal marketplace that enabled users in mainly Russian-speaking countries to buy and sell illicit goods and services, including illegal drugs, stolen financial information, fraudulent identification documents, and money laundering and mixing services, anonymously and outside the reach of law enforcement. Transactions on Hydra were conducted in cryptocurrency and Hydra’s operators charged a commission for every transaction conducted on Hydra.
In conjunction with the shutdown of Hydra, the department also announced criminal charges against Dmitry Olegovich Pavlov, 30, a resident of Russia, for conspiracy to distribute narcotics and conspiracy to commit money laundering, in connection with his operation and administration of the servers used to run Hydra.
“This coordinated action sends a clear message to anyone attempting to operate or support an online criminal enterprise under the cover of the dark web,” said U.S. Attorney Stephanie Hinds for the Northern District of California. “The dark web is not a place criminals can operate with impunity or hide from U.S. law enforcement, and we will continue to use our sophisticated tools and expertise to dismantle and disable darknet markets.”
According to the indictment, vendors on Hydra could create accounts on the site to advertise their illegal products, and buyers could create accounts to view and purchase the vendors’ products. Hydra vendors offered a variety of illicit drugs for sale, including cocaine, methamphetamine, LSD, heroin, and other opioids. The vendors openly advertised their drugs on Hydra, typically including photographs and a description of the controlled substance. Buyers rated the sellers and their products on a five-star rating system, and the vendors’ ratings and reviews were prominently displayed on the Hydra site.
Hydra also featured numerous vendors selling false identification documents. Users could search for vendors selling their desired type of identification document – for example, U.S. passports or drivers’ licenses – and filter or sort by the item’s price. Many vendors of false identification documents offered to customize the documents based on photographs or other information provided by the buyers.
Numerous vendors also sold hacking tools and hacking services through Hydra. Hacking vendors commonly offered to illegally access online accounts of the buyer’s choosing. In this way, buyers could select their victims and hire professional hackers to gain access to the victims’ communications and take over the victims’ accounts.
Hydra vendors also offered a robust array of money laundering and so-called “cash-out” services, which allowed Hydra users to convert their bitcoin (BTC) into a variety of forms of currency supported by Hydra’s wide array of vendors. In addition, Hydra offered an in-house mixing service to launder and then process vendors’ withdrawals. Mixing services allowed customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin. Hydra’s money laundering features were so in-demand that some users would set up shell vendor accounts for the express purpose of running money through Hydra’s bitcoin wallets as a laundering technique.
Starting in or about November 2015, Pavlov is alleged to have operated a company, Promservice Ltd., also known as Hosting Company Full Drive, All Wheel Drive, and 4x4host.ru, that administered Hydra’s servers (Promservice). During that time, Pavlov, through his company Promservice, administered Hydra’s servers, which allowed the market to operate as a platform used by thousands of drug dealers and other unlawful vendors to distribute large quantities of illegal drugs and other illicit goods and services to thousands of buyers and to launder billions of dollars derived from these unlawful transactions.
As an active administrator in hosting Hydra’s servers, Pavlov allegedly conspired with the other operators of Hydra to further the site’s success by providing the critical infrastructure that allowed Hydra to operate and thrive in a competitive darknet market environment. In doing so, Pavlov is alleged to have facilitated Hydra’s activities and allowed Hydra to reap commissions worth millions of dollars generated from the illicit sales conducted through the site.