The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the world’s largest darknet market, the Russia-based Hydra Market, along with virtual currency exchange Garantex.
This action was taken to disrupt the proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the site. The Hydra servers were shut down in Germany this week and international officials seized $25 million worth of bitcoin. The investigation was conducted by the U.S. Department of Justice, Federal Bureau of Investigations, Drug Enforcement Administration, Internal Revenue Service Criminal Investigation, and Homeland Security Investigations with help from the German Federal Criminal Police.
“The global threat of cybercrime and ransomware that originates in Russia, and the ability of criminal leaders to operate there with impunity, is deeply concerning to the United States,” Secretary of the Treasury Janet Yellen said. “Our actions send a message today to criminals that you cannot hide on the darknet or their forums, and you cannot hide in Russia or anywhere else in the world. In coordination with allies and partners, like Germany and Estonia, we will continue to disrupt these networks.”
Darknets are Internet-based networks where individuals use special software to obscure their identity and their associated Internet activity. Marketplaces that reside on the darknet almost exclusively accept virtual currency as payment for a large range of illegal services and goods, including ransomware. Countering ransomware is a top priority of the Biden administration.
Hydra is the most prominent Russian darknet market and the largest in the world. Its offerings have included ransomware-as-a-service, hacking services and software, stolen personal information, counterfeit currency, stolen virtual currency, and illicit drugs. OFAC’s investigation identified approximately $8 million in ransomware proceeds that transited Hydra’s virtual currency accounts, including from the Ryuk, Sodinokibi, and Conti ransomware variants. Roughly 86 percent of the illicit Bitcoin received directly by Russian virtual currency exchanges in 2019 came from Hydra. Hydra’s revenue had risen from under $10 million in 2016 to over $1.3 billion in 2020.
Hydra is being sanctioned for engaging in cyber-enabled activities that have posed a significant threat to the national security, foreign policy, or economic health or financial stability of the United States. In addition to sanctioning Hydra, OFAC is identifying over 100 virtual currency addresses associated with the entity’s operations that have been used to conduct illicit transactions.
Garantex is a virtual currency exchange that allows customers to buy and sell virtual currencies using fiat currencies. The investigation found that more than $100 million in transactions are associated with illicit actors and darknet markets, including nearly $6 million from Russian RaaS gang Conti and also including approximately $2.6 million from Hydra. Garantex is being sanctioned for operating or having operated in the financial services sector of the Russian Federation economy.