German authorities behead dark web Hydra Market

Police in Germany have taken down a major dark web market for drugs and criminal activity.

The nation's Federal Criminal Police Office (BKA) said on Tuesday its Frankfurt branch had raided buildings that housed the servers of Hydra Market, a dark web forum that had been dedicated largely to illegal sales of narcotics.

In addition to taking down the servers hosting the forum, German police with the Central Office for Combating Cybercrime (ZIT) took control of the keys for wallets holding around $25 million worth of bitcoin.

"The preliminary investigation pending at the ZIT in this regard is directed against the previously unknown operators and administrators of the platform mentioned," read a translation of the German announcement.

"Among other things, there is a suspicion of the commercial operation of criminal trading platforms on the Internet, the commercial procurement or granting of an opportunity for the unauthorized purchase or the unauthorized sale of narcotics and commercial money laundering."

According to the authorities, Hydra had operated as one of the largest Russian-language cybercrime sites on the internet. The dark web market specialized in the drug trade and, at its peak, boasted some 17 million customer accounts and around 19,000 registered seller accounts. Police estimate that for the 2020 calendar year the site managed to do roughly $1.34 billion worth of illicit transactions.

No word was given on any individual arrests in connection to the takedown. The Frankfurt Public Prosecutor's Office has been tasked with handling the court case.

UPDATE 4/6: The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions Tuesday against Hydra Market, which it called "the most prominent Russian darknet market" that offered ransomware-as-a-service, malware, stolen personal data and stolen cryptocurrency. "OFAC's investigation identified approximately $8 million in ransomware proceeds that transited Hydra's virtual currency accounts, including from the Ryuk, Sodinokibi, and Conti ransomware variants," the announcement said. "According to blockchain researchers, approximately 86 percent of the illicit Bitcoin received directly by Russian virtual currency exchanges in 2019 came from Hydra."

The Hydra takedown in Germany is part of a larger international effort by police to dismantle the dark web markets that help to support cybercrime rings and online drug trafficking.

Dubbed "Operation Dark HunTor," the police crackdown looks to target sites that specialize in trafficking of drugs, weapons and money laundering services. The U.S. Drug Enforcement Agency (DEA) has already laid claim to the takedown of illicit markets that it said turned over tens of millions of dollars in transactions.

"This 10-month massive international law enforcement operation spanned across three continents and involved dozens of U.S. and international law enforcement agencies to send one clear message to those hiding on the Darknet peddling illegal drugs: there is no dark internet," Deputy U.S. Attorney General Lisa Monaco said in October. "We can and we will shine a light."

German authorities said Hydra Market's "Bitcoin Bank Mixer" service, which obfuscates cryptocurrency transactions, was also disrupted in the raid. The cryptocurrency laundering angle will be of particular interest to threat analysts and enterprise network defenders.

The laundering rings tend to provide the last mile of transactions for ransomware and cybercrime outfits. Usually, stolen funds are moved through either cryptocurrency exchanges or via bank transactions by money mules who give the cybercrime operators a way to cash out their stolen funds without being directly tied to the illegal acts.