The closure of international marketplaces on the darknet and cybercriminal forums triggered the growth of Russian-speaking counterparts, in particular Hydra. The volume of transactions increased from $ 9.3 million in 2016 to $ 1.4 billion, and according to other sources, even to $ 2 billion in 2020. If the dynamics continue, the site may take the place of specialized cybercriminal stores, experts say. They believe that Hydra is stable “due to cooperation with the special services,” otherwise it would not have been difficult to close it using DDoS attacks.
“Kommersant” got acquainted with the research of the American companies Chainalysis and Flashpoint, dedicated to one of the shadow sites on the darknet “Hydra”. It follows from it that the total volume of transactions passing through Hydra in 2020 amounted to almost $ 1.4 billion, while in 2016 it was at the level of $ 9.3 million.
Hydra portal was launched in 2015. It is considered to be the largest Russian darknet market, which began with the drug trade. By the middle of 2019, 2.5 million accounts were registered on the resource. In addition to drugs, counterfeit money and documents, instructions on illegal activities have become popular products on Hydra. The resource also provides services for the sale of drugs, account hacking and cyber attacks.
Basically, transactions on Hydra are carried out in cryptocurrency. Since 2018, in order to withdraw funds, sellers have been converting them into Russian “fiat” through exchanges and electronic wallets – while only Russian payment systems Qiwi or YuMoney (former Yandex.Money) are allowed, the study says. In “YuMoney” “b” was assured that they did not work with “Hydra”, Qiwi did not answer.
The volume of transactions indicated in the study is based on counting only those wallets that are in the Chainalysis database, according to the Internet Tracing, Hydra’s turnover may approach $ 2 billion, said its founder, Igor Bederov.
One of the factors behind Hydra’s growth, according to analysts, was pressure on other cybercriminal platforms, such as RAMP, Joker’s Stash, Verified and Maza (Kommersant reported on the hacks of the Maza and Verified forums on March 5 and 19). According to experts from Chainalysis and Flashpoint, Hydra may take the place of the closing specialized cybercriminal shops and markets. But the site has limitations, for example, Hydra sellers must have more than 50 completed transactions and maintain an account balance equivalent to $ 10,000. As a result, the number of advertisements for the sale of sellers’ accounts is growing.
At the same time, “Hydra” has so far eluded the control of security officials and problems with competitors, analysts emphasize, calling the site “resistant to fluctuations in geopolitics and the efforts of law enforcement agencies.” Other experts suggest that Hydra may cooperate with the latter in one way or another. From the point of view of special services, sometimes it is better to control than just shut down, explains Dmitry Artimovich, an expert in the field of information security: “If you close the resource, there will be many more small shops that will be uncontrolled.” Roskomnadzor and the FSB did not respond to Kommersant’s request.
Some cybersecurity companies really have an unspoken instruction “not to work with Hydra,” a source in the market told Kommersant: “This means that they are not looking for cybercriminals on this resource.”
After a number of major operations to combat drug trafficking in 2019-2020, the world media argued that the “golden age” of drug trafficking in the shadow Internet is over, notes Igor Bederov, “Hydra” “seems immortal, but in reality, no one has seriously dug under it yet. “. To eliminate the resource, he explains, DDoS attacks could be used, this is how the illegal marketplaces Dream Market, Empire Market, Nightmare Market and the Dread forum were closed. In addition, the expert adds, any account on Hydra can be hacked using phishing or automatic brute-force attacks, or a demonstrative information attack on the site, demonstrating data leaks, arrests of participants and the closure of stores.
What to prepare for respectable companies when hackers begin to redistribute the market