Abacus Market, the largest bitcoin-enabled Western darknet marketplace, went offline earlier this month, leading blockchain intelligence firm TRM Labs to assess that the operators likely executed an exit scam, disappearing with users’ funds. This incident follows the June 16 seizure of Archetyp Market by law enforcement, highlighting a trend of instability within the Western darknet […]

An international law enforcement operation in June 2025 dismantled Archetyp, one of the dark web’s largest drug marketplaces, after a three-day crackdown spanning six countries. Police Seize €7.8M in Assets in Archetyp Dark Web Bust Archetyp, a darknet platform that reportedly facilitated more than €250 million ($289 million) in illicit drug sales, was taken offline […]

Dormant cryptocurrency wallets associated with Nucleus Marketplace, a dark web market inactive since 2016, unexpectedly showed transaction activity on March 7, 2025, reigniting speculation about the fate of 5,000 bitcoin ( BTC) tied to the platform, according to data from blockchain analytics firm Arkham Intelligence. Dormant Bitcoin Wallets Linked to Defunct Dark Web Market Nucleus […]

A landmark sentencing has closed the chapter on Bitcoin Fog, the longest-running bitcoin mixing service on the darknet, with its operator facing over a decade in prison. The Fall of Bitcoin Fog: DOJ’s Pursuit Unmasks a Decade-Long Darknet Operation The U.S. Department of Justice (DOJ) announced Friday that Roman Sterlingov has been sentenced to prison […]

Heather Morgan, known by her rap persona “Razzlekhan,” could land an 18-month prison sentence after pleading guilty to laundering cryptocurrency linked to the 2016 Bitfinex hack. Prosecutors described her role as pivotal in obscuring stolen bitcoin through complex schemes, despite not being part of the original theft. Her cooperation, and the influence of her husband, […]

Two Russian nationals have been charged with running a massive money laundering network that processed billions through cryptocurrency exchanges, the U.S. Department of Justice (DOJ) announced. These exchanges, including Cryptex and Joker’s Stash, enabled criminals to bypass regulations and funnel funds from fraud, ransomware, and darknet activities. U.S. authorities, in collaboration with international law enforcement, […]

A Nigerian national has been sentenced to five years in federal prison for his role in a massive darknet fraud scheme that intended to cause over $6 million in losses, according to the U.S. Department of Justice (DOJ). Using various online aliases, Kaura led a global network selling stolen payment card data, using cryptocurrencies like […]

German authorities have dismantled 47 exchange services involved in facilitating anonymous crypto transactions for criminal activities. These platforms bypassed anti-money laundering protocols, enabling cybercriminals to exchange digital currencies without identity verification. The takedown follows a series of other operations targeting major cybercrime networks. With seized user and transaction data, authorities are set to pursue further […]

Irish authorities seized $7.1 million in cryptocurrency in a raid targeting money laundering and darknet sales. Three individuals were arrested, with one remaining in custody. “The arrests of the three individuals and the assets seized are the result of a highly complex investigation into criminal darknet marketplace activities by specialist investigators attached to the Garda […]

According to the U.S. Department of Justice (DOJ), the operator of the darknet marketplace Incognito was apprehended at John F. Kennedy Airport on May 18. Law enforcement officials claim Rui-Siang Lin allegedly constructed the DNM and facilitated the sale of over $100 million worth of illegal drugs through the platform. Federal Authorities Nab Alleged Darknet […]

Russian crypto traders have been looking to obtain unrestricted accounts for global exchanges as their access to such platforms is limited. Over the past year, the offering of such accounts on the dark web has increased significantly, cybersecurity experts told the Russian press.

Supply of Crypto Exchange Accounts for Russian Users Doubles in a Year of Sanctions

More and more ready-to-use accounts for cryptocurrency exchanges are being sold to Russian residents. While this is not a new phenomenon — such accounts are often employed by fraudsters and money launderers — the current growth in supply has been attributed to the restrictions imposed by the trading platforms on customers from Russia, as a result of compliance with sanctions over the war in Ukraine.

Russian residents have been buying these accounts despite the dangers, including the risk that whoever created them could maintain access after the sale, the Kommersant reported. But they are inexpensive and offers on darknet markets have doubled since early 2022, Nikolay Chursin from the Positive Technologies information security threat analysis group told the business daily.

According to Peter Mareichev, an analyst at Kaspersky Digital Footprint Intelligence, the number of new ads for ready-made and verified wallets on various exchanges reached 400 in December. Proposals to prepare fake documents for passing know-your-customer procedures also rose, the newspaper revealed in an earlier article last month.

Simple login data, username and password, is typically priced at around $50, Chursin added. And for a fully set up account, including the documents with which it was registered, a buyer would have to pay an average of $300. Dmitry Bogachev from digital threat analysis firm Jet Infosystems explained that the price depends on factors such as the country and date of registration as well as the activity history. Older accounts are more expensive.

Sergey Mendeleev, CEO of defi banking platform Indefibank, pointed out that there are two categories of buyers — Russians that have no other choice as they need an account for everyday work and those who use these accounts for criminal purposes. Igor Sergienko, director of development at cybersecurity services provider RTK-Solar, is convinced that demand is largely due to crypto exchanges blocking Russian accounts or withdrawals to Russian bank cards in recent months.

Major crypto service providers, including leading digital asset exchanges, have complied with financial restrictions introduced by the West in response to Russia’s invasion of Ukraine. Last year, the world’s largest crypto trading platform, Binance, indicated that, while restricting sanctioned individuals and entities, it was not banning all Russians.

However, since the end of 2022, a number of Russian users of Binance have complained about having their accounts blocked without explanation, as reported by Forklog. Many experienced problems for weeks, including suspended withdrawals amid prolonged checks, affected customers said. The company told the crypto news outlet that the blocking of users from Eastern Europe and the Commonwealth of Independent States was related to the case with the seized crypto exchange Bitzlato.

Do you think the restrictions will push more Russians towards buying ready-made accounts for cryptocurrency exchanges? Share your thoughts on the subject in the comments section below.

Law enforcement authorities from over a dozen countries in Europe and North America have taken part in disrupting the activities of the Hive ransomware group, the U.S. Justice Department and Europol announced. Hive is believed to have targeted various organizations worldwide in the past couple of years, often extorting payments in cryptocurrency.

Captured Decryption Keys Helped Hive Victims Avoid Paying $130 Million in Ransom

Ransomware network Hive, which has had around 1,500 victims in more than 80 countries, has been hit in a months-long disruption campaign, the U.S. Department of Justice (DOJ) and the European Union Agency for Law Enforcement Cooperation (Europol) revealed. A total of 13 nations participated in the operation, including EU member states, the U.K. and Canada.

Hive has been identified as a major cybersecurity threat as the ransomware has been used by affiliated actors to compromise and encrypt data and computer systems of government facilities, oil multinationals, IT and telecom companies in the EU and U.S., Europol said. Hospitals, schools, financial firms, and critical infrastructure have been targeted, the DOJ noted.

It has been one of the most prolific ransomware strains, Chainalysis pointed out, which has collected at least $100 million from victims since its launch in 2021. A recent report by the blockchain forensics company unveiled that revenue from such attacks has decreased last year, with a growing number of affected organizations refusing to pay the demanded ransoms.

According to the announcements by the law enforcement authorities, the U.S. Federal Bureau of Investigation (FBI) penetrated Hive’s computers in July 2022 and captured its decryption keys, providing them to victims around the world which prevented them from paying another $130 million.

Working with the German Federal Police and the Dutch High Tech Crime Unit, the Bureau has now seized control over the servers and websites that Hive used to communicate with its members and the victims, including the darknet domain where the stolen data was sometimes posted. FBI Director Christopher Wray was quoted as stating:

The coordinated disruption of Hive’s computer networks … shows what we can accomplish by combining a relentless search for useful technical information to share with victims.

The Hive ransomware was created, maintained and updated by developers while being employed by affiliates in a ‘ransomware-as-a-service’ (RaaS) double extortion model, Europol explained. The affiliates would initially copy the data and then encrypt the files before asking for a ransom to decrypt the information and not publish it on the leak site.

The attackers exploited various vulnerabilities and used a number of methods, including single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols as well as phishing emails with malicious attachments, the law enforcement agencies detailed.

Do you expect police authorities around the world to dismantle more ransomware networks in the near future? Tell us in the comments section below.

A leading marketplace on the dark web, Solaris, has been hit by a rival, according to crypto analytics company Elliptic. The Russia-linked platform, which tried to occupy space vacated by the busted Hydra, is believed to have conquered up to a fifth of the illicit market before the hack.

Solaris Allegedly Taken Over by Darknet Marketplace Called Kraken

Solaris, a major marketplace for drugs and other illicit products, has been targeted in a hacking attack carried out by a similar enterprise, Kraken, not to be confused with the well-known cryptocurrency exchange with the same name.

After in April last year law enforcement authorities shut down Hydra, the former leader in this business, seizing its servers in Germany and arresting an alleged operator in Russia, Solaris managed to gain between 20% and 25% market share, according to estimates quoted by Elliptic.

This week, the blockchain forensics company reported that since Friday, Jan. 13, those who visited the onionsite were being transferred to Kraken. The latter claimed to have taken control over the infrastructure, Gitlab repository and source code of Solaris and blocked its bitcoin wallets.

Kraken is another player in the dark web space and, like Solaris and Hydra, is targeting the Russian-language segment of the underground market. The illegal trading platforms are suspected of having other ties to Russia as well.

For example, Solaris is believed of have used the services of one of the Russian “patriotic” hacker groups. The pro-Kremlin Killnet is known for launching distributed denial-of-service (DDoS ) attacks on Ukraine after Russia invaded the country in late February, 2022.

This isn’t the first attempt to breach Solaris. Ukrainian-born cyber intelligence expert Alex Holden claimed to have hacked into the marketplace, according to a report in December, and getting hold of some of the bitcoin sent to dealers using the site and to its owners.

Helped by his cybersecurity company, Holden said he specifically targeted a wallet used for crypto exchange transactions and was able to divert 1.6 BTC. The cryptocurrency was later donated to a Kyiv-based charity.

What do you make of the darknet market Kraken’s hacking attack on rival Solaris? Share your thoughts on the subject in the comments section below.

Cryptocurrency exchange Bitzlato, better known to the Russian-speaking segment of the market, has been taken down as part of an “international cryptocurrency enforcement action,” the U.S. Justice Department announced. The Russian owner of the platform has been arrested for his role in the alleged transmission of illicit money. Bitzlato claimed it was hacked.

US, France Hit Cryptocurrency Exchange Bitzlato, Russian Co-founder Detained in Miami

U.S. authorities have apprehended Anatoly Legkodymov, a resident of China, on charges that his Hong Kong-registered crypto trading platform, Bitzlato, processed illicit funds worth hundreds of millions of dollars. The Russian, a co-founder and majority owner of the exchange, was arrested by the FBI in Miami on Tuesday, a high-ranking official from the United States Department of Justice (DOJ) revealed.

Speaking during a press conference, Deputy Attorney General Lisa Monaco said that Justice Department agents and prosecutors, working with the U.S. Treasury Department and French law enforcement, have “disrupted Bitzlato, a China-based cryptocurrency exchange, notorious for laundering criminal proceeds from the darknet” and ransomware attacks. She also stated:

Today, the Department of Justice has dealt a significant blow to the crypto crime ecosystem.

Legkodymov is accused of operating the exchange as a “high-tech financial hub that, in his own words, catered to ‘known crooks’,” Monaco explained. She went on to allege that Bitzlato was a “crucial financial resource” for Hydra, the largest darknet market, with Russian roots, which was shut down in April, last year, by the German police with the support of U.S. agencies.

According to the DOJ, Hydra buyers funded illicit purchases from crypto accounts hosted at Bitzlato while sellers of drugs, stolen financial information and hacking tools sent criminal proceeds to accounts at the exchange, collectively amounting to $700 million in direct and indirect transfers between 2018 and 2022.

The deputy attorney general also said that the participants in the operation have engaged in a “coordinated campaign of disruption.” This included law enforcement actions in a number of European countries and the seizure of Bitzlato’s servers. By midday Wednesday, Bitzlato’s website was replaced by a notice saying that the service had been seized by French authorities, Reuters reported.

Crypto Exchange Bitzlato Claims It Was Hacked, Halts Withdrawals

Also on Wednesday, the operators of Bitzlato announced on Telegram, that the exchange had suffered a hacking attack. They told users that withdrawals had been suspended indefinitely and asked them to refrain from sending coins to the platform until the issue is resolved.

“Our service was hacked, part of the funds was withdrawn from the service,” the exchange said, noting that the attackers were able to steal a small portion of the funds without specifying the amount. It also sought to assure customers in a second message that their assets were not lost, stating:

For all victims, we guarantee a refund.

“As a security measure, we have disabled the service, we ask you not to replenish the wallets of our service until the work is restored,” Bitzlato reiterated, adding that its team was working on the problem. At the time of writing, the platform is still offline.

The hack presumably took place after on Tuesday the exchange announced maintenance scheduled for Thursday, Jan. 19, “aimed at improving the operation of the service and its security.” The notice informed users it will halt transactions between 5 and 9 a.m. Moscow time.

“We strongly recommend that you organize your work activities taking into account the amendments in order to avoid unpleasant situations,” the platform advised customers, informing them that it plans to disable deposits, withdrawals and trading.

Bitzlato launched in 2016 under the name Changebot and later became a cryptocurrency exchange offering peer-to-peer (P2P) trading services. It lists pairs of the Russian ruble with BTC, ETH, USDT, and other digital coins which can be bought and sold with a variety of payment methods.

Online crypto exchangers like Bitzlato are popular in Russia and the former Soviet space but as crypto assets are yet to be fully regulated in the region, they are often targeted by authorities across the Commonwealth of Independent States. A report recently revealed that the Belarusian judiciary has imposed a hefty fine on the operator of one such platform.

Do you expect other similar operations against crypto trading platforms in the near future? Share your thoughts on the subject in the comments section below.

According to web portal darkdot.com and anonymous journalist Darkdotfail, the popular darknet forum Dread has been down for a month. The well-known forum, which was a place for darknet market (DNM) patrons to discuss operations security, rate specific vendors, and talk about stealth delivery ideas, has been absent for 30 days. However, the forum’s founder, “Hugbunter,” has stated that it will relaunch in the near future.

Dread Forum Founder Announces Plans to Relaunch

In the underground world of darknet markets (DNMs), the forum Dread was known for being a go-to source of information. According to a Jan. 1, 2023 update hosted on darkdot.com, the forum has been down for a month. “Dread is a critical source of truth in an anonymous community proliferated with scams,” the update notes. “The popular Tor freedom of speech forum went offline on Nov. 30, 2022, and has yet to return.” The update adds that while the Dread admin team typically posts status updates on Reddit at /r/dreadalert, communication has been sparse.

The anonymous journalist known as Darkdotfail has written about the issue on Twitter and their website, dark.fail, also indicates that Dread is currently offline. According to a Jan. 5, 2023 update on the website, Dread is offline due to a DDOS attack and readers should follow /r/dreadalert for updates. On Jan. 2, 2023, the DNM and Tor researcher wrote that Dread’s founder, Hugbunter, had privately confirmed that the forum will return. “Dread’s now been offline for a month, Hugbunter privately confirmed to us that it will return,” Darkdotfail wrote. Two days later, Darkdotfail shared an update from the Reddit forum /r/dreadalert.

The privacy advocate and anonymous journalist said:

Hugbunter posted an update regarding Dread’s downtime to /r/dreadalert. Meanwhile, the team behind Incognito Market opportunistically coded and launched a competing forum, Libre, during Dread’s downtime. Never boring around here.

The message from Hugbunter, which includes the founder’s PGP signature, explains that the team has been “working extremely hard to restore service.” In the message, the Dread founder estimates that the team is about a week away from a solid estimated time of arrival (ETA).

“As of right now, we’re about a week out from being able to give a solid ETA on a return of Dread, but I will say we’re hopeful of it being next week,” Hugbunter detailed. “This depends on there being no further issues as we finalize everything on the server side and also if I manage to work through some rewrites of the codebase in a timely manner, however, it is not an easy or small task — So no further pressure please.”

This is not the first time Dread has experienced a significantly long downtime. On Sept. 30, 2019, Bitcoin.com News reported on the forum’s first major outage. At that time, Hugbunter’s dead man’s switch was triggered, resulting in a temporary loss of control over the forum. However, Hugbunter returned shortly after and validated the forum owner’s identity through the PGP keys associated with the Dread founder. The forum remained active, with some exceptions due to DDOS attacks, until Nov. 2022. In addition to Dread’s outage from DDOS attacks, the Tor Project reported that the Tor network itself has slowed by close to 50%.

In the Jan. 3 message, Hugbunter, the founder of Dread, detailed that the forum’s DDOS issues would be solved by the time it returns and “any other service who needs assistance.” Hugbunter promised that Dread will relaunch with a revamped user experience and proper DDOS protection, saying “the plans I have with the relaunch and also for the near future are going to allow all of us to move forward significantly and we will continue to innovate this space. We are not going anywhere and I still have much to provide and share.”

What do you think about Dread’s current downtime and Hugbunter explaining that the forum will return soon? Let us know what you think about this subject in the comments section below.

A Ukrainian living in the U.S. has reportedly hacked a major drug market on the Russian dark web, diverting some of its crypto proceeds. The man says he donated the digital cash stolen from the illicit website to an organization delivering humanitarian aid across his war-torn homeland.

Wisconsin Resident With Ukrainian Roots Hacks Russian Dark Web Market Solaris

Ukrainian-born cyber intelligence expert Alex Holden, who left Kyiv as a teenager in the 1980s and now lives in Mequon, Wisconsin, claims he has hacked into Solaris, one of Russia’s largest online drug markets, Forbes informs in a report.

Supported by his team at Hold Security, he was able to get hold of some of the bitcoin sent to dealers and the darknet site’s owners. The cryptocurrency, worth over $25,000, was later transferred to Enjoying Life, a charitable foundation based in the Ukrainian capital.

Without revealing exactly how he did it, Holden explained he took control of much of the internet infrastructure behind Solaris, including some administrator accounts, obtained the website’s source code and a database of its users and drop off locations for drug deliveries.

For a while, the Ukrainian and his colleagues also gained access to the “master wallet” of the marketplace. It was used by buyers and dealers to deposit and withdraw funds and operated as the platform’s crypto exchange, the article details.

Given the rapid turnover, the wallet rarely had more than 3 BTC at a time. Holden managed to appropriate 1.6 BTC and send it to Enjoying Life. Hold Security donated another $8,000 to the charity, which provides assistance to people affected by the war in Ukraine.

Solaris Linked to ‘Patriotic’ Russian Hacking Collective Killnet

The darknet market Solaris is suspected of having connections to the hacking crew Killnet, which after Moscow launched its invasion in late February became one of Russia’s “patriotic” hacker groups vowing to target Ukrainians and their supporters.

Killnet has also conducted a number of attacks in the U.S., including on airport and state government websites as well as the National Geospatial-Intelligence Agency. It reportedly hit the Eurovision song contest, the Estonian government and Italy’s National Health Institute.

The group was also blamed for attacking Rutor, the main rival of Solaris, which became Russia’s leading underground drugs market after Hydra was shut down this past spring. According to U.S. cybersecurity firm Zerofox, Solaris was paying Killnet for DDoS services.

Besides the battlefield, Russia and Ukraine have also clashed in the online space, with the government in Kyiv recruiting experts for its own cyberforce. The special unit was tasked to identify and prevent Russian attacks but also hack back.

Hits such as those on Russia’s largest bank, Sber, and the Moscow Stock Exchange have been attributed to the Ukrainian IT army. Social media accounts associated with the hacktivist collective Anonymous took responsibility for many other attacks.

What do you think about Alex Holden’s attack on the Russian darknet market Solaris? Let us know in the comments section below.

The Organization for Security and Co-operation in Europe (OSCE) has set out to teach law enforcement officers in Uzbekistan how to conduct crypto and dark web investigations. The regional body recently organized a training course for employees of the country’s security agencies in Tashkent.

Uzbekistan Police and Security Agents Attend OSCE Course on Cryptocurrencies

Representatives of Uzbekistan’s Prosecutor General’s Office, the Ministry of Internal Affairs, and the State Security Service have taken a training course on cryptocurrency and dark web investigations held by the OSCE between Oct. 17 and 21 in the capital Tashkent.

The course was organized by the OSCE Transnational Threats Department in co-operation with the OSCE Project Co-ordinator in Uzbekistan and the Academy of the Prosecutor General’s Office, the intergovernmental security body said on its website.

“Participants learned about the main concepts and key trends in the areas of internetworking, anonymity and encryption, cryptocurrencies, obfuscation techniques, dark web, and Tor networks,” the announcement detailed.

They also practiced various approaches and methods for seizure of crypto assets, blockchain analysis, and darknet searching. The course was based on materials provided by the European Cybercrime Training and Education Group (ECTEG).

A new computer classroom donated by the OSCE to the Prosecutor General’s Academy was inaugurated before the course by Deputy Prosecutor General of Uzbekistan Erkin Yuldashev and Acting OSCE Project Co-ordinator in Uzbekistan Hans-Ulrich Ihm.

Crypto Training in Region to Continue Throughout Next Year

Digital technologies have been transforming the criminal landscape, noted Evgeniy Kolenko who heads the Prosecutor General’s Academy. He insisted that educating law enforcement in this field needs a long-term and systematic approach.

“Cybercrime education requires adequate equipment – both hardware and software,” added Gayrat Musaev, Head of the Academy’s Department for Implementation of Information and Communication Technologies and Information Security. Musaev also praised the new dark web lab.

The OSCE course is the first of this kind in Uzbekistan within the second phase of the “Capacity Building on Combating Cybercrime in Central Asia” project funded by the U.S., Germany, and South Korea. Similar training activities will continue across the region throughout 2022 and 2023.

This year, the government in Tashkent has been taking steps to more comprehensively regulate Uzbekistan’s crypto sector. In the spring, President Shavkat Mirziyoyev issued a decree providing definitions for terms like crypto assets and exchange. New registration rules for crypto miners were presented in June and earlier in October, Uzbekistan introduced monthly fees for crypto companies.

Do you think law enforcement authorities in Central Asia will continue to increase focus on the crypto space? Share your thoughts on the subject in the comments section below.

A Moscow court has ordered the seizure of the crypto wallet of one of the alleged administrators of darknet market Hydra. Media reports reveal, however, that the man — who was arrested in Russia in mid-April — is refusing to share access to his presumed crypto stash with Russian law enforcement.

Investigators Fail to Obtain Hydra Market Operator’s Cryptocurrency

The Russian judiciary wants to confiscate what it believes to be a record amount of cryptocurrency from a drug dealer’s crypto wallet, the business daily Kommersant reported this week, quoting a post on the Telegram news channel Mash.

The crypto stash belongs to an alleged co-founder and administrator of arguably the largest online marketplace on the dark web, Hydra, which was shut down by Germany not long ago.

Dmitry Olegovich Pavlov, a 30-year-old businessman from Cherepovets, was detained last month on a warrant from the Meshchansky District Court of Moscow and accused of production, sale, and distribution of drugs under Russia’s Criminal Code.

His arrest came shortly after the U.S. Department of Justice announced criminal charges against a Russian resident with the same names for conspiracy to distribute narcotics and conspiracy to commit money laundering.

According to the report, Pavlov’s wallet was seized with a court order and investigators think it stores hundreds of millions of dollars’ worth of cryptocurrency. Whether the state will be able to obtain the coins, however, is another question.

The owner refuses to give Russian authorities access to his wallet and the exact amount of digital currency stored there is yet to be established. Aside from the crypto wallet, Pavlov has been otherwise cooperative and police already have his phones and computers, Kommersant revealed.

Dmitry Pavlov is the first Hydra operator detained in the history of the Russian-language marketplace, the newspaper noted. The platform had been active since at least 2015 and had around 17 million customers before it was busted in early April when German law enforcement seized its server infrastructure and took down the darknet market’s website with support from U.S. agencies.

Do you expect Russian authorities to eventually gain access to Dmitry Pavlov’s crypto wallet? Tell us in the comments section below.

A district court in Moscow has arrested a man whom local media reports identify as Dmitry Pavlov, alleged administrator of the recently shut down darknet market Hydra. Russian authorities believe he has been involved in drug-related crime punishable by up to 20 years in prison.

Moscow Court Arrests Russian Believed to Be Hydra Administrator

Meshchansky District Court of Moscow has taken into custody a certain Dmitry Olegovich Pavlov accused of production, sale, and distribution of drugs under Russia’s Criminal Code, the “Moscow” City News Agency reported this week, quoting the court’s press service.

Pavlov, who was arrested on Monday, April 11, has the same names as a 30-year-old Russian citizen and resident charged for similar offenses in relation to his alleged role as an administrator of the recently busted Hydra Market, one of the largest marketplaces on the darknet.

Earlier this month, German law enforcement seized Hydra’s server infrastructure in the country and took down the Russian-language platform’s website. The operation was carried with support from several U.S. agencies.

On April 5, the U.S. Department of Justice announced criminal charges against Dmitry Pavlov for conspiracy to distribute narcotics and conspiracy to commit money laundering. According to an indictment filed with the U.S. District Court for the Northern District of California, the Russian is also accused of administering and providing hosting services to Hydra.

The Russian business daily Kommersant quoted Pavlov telling the BBC on April 6 he had not been contacted by U.S. authorities and that he learned about the charges from the media. He also insisted his company had all the necessary licenses from Roskomnadzor, Russia’s communications watchdog, and was not administering any websites but only leasing servers as an intermediary.

The United States has been alleging the Russian Federation’s involvement with crypto-related criminal organizations, including darknet markets (DNMs) and ransomware actors. In September, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-based crypto broker Suex, believed to have received more than $20 million from DNMs like Hydra.

The department also imposed sanctions on Hydra itself — which had been active since at least 2015 and had around 17 million customers before it was shut down — and on a cryptocurrency exchange called Garantex, suspected of processing over $2.6 million in transactions from the darknet market platform.

Do you expect other arrests in Russia in connection with the Hydra case? Tell us in the comments section below.

Law enforcement agencies in Germany have targeted Hydra, a leading darknet market (DNM). As part of an operation conducted with U.S. support, the German police were able to establish control over the servers of the Russian-language platform in the country and take down its website.

Investigators Hit Hydra in Germany, Confiscate Millions in Crypto

Hydra Market, one of the largest marketplaces on the darknet, has been shut down by German authorities which seized its server infrastructure. According to an announcement by the Federal Criminal Police Office (BKA), law enforcement agents also confiscated bitcoin worth around €23 million ($25 million). The following message appeared on Hydra’s website on Tuesday:

BKA carried out the raid together with the Central Office for Combating Cybercrime (ZIT) at the Public Prosecutor’s Office in Frankfurt which is leading the investigation against Hydra’s operators and administrators. They are wanted for running illegal online platforms facilitating the trade of drugs and money laundering.

The German police noted that Hydra had been active since at least 2015 before the seizures which came after extensive investigations by the BKA and ZIT. They started in August last year and were conducted with the participation of several U.S. agencies.

The darknet marketplace, which was accessible via the Tor network, was targeting Russian speakers. It had around 17 million customers and over 19,000 registered sellers, the press release detailed. Besides banned substances, these also offered stolen data, forged documents and digital services.

Hydra became a major darknet market after overtaking another Russian platform, DNM Ramp. According to the data compiled by the blockchain forensics company Chainalysis, the region of Eastern Europe sends more digital currency to darknet marketplaces than any other region.

Washington has been alleging Moscow’s involvement with malicious cyber actors like DNMs, ransomware groups and other crypto-related crime. In September, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-based crypto broker Suex which is believed to have received more than $20 million from darknet markets like Hydra.

The Treasury Department has imposed sanctions against Hydra and a crypto exchange called Garantex. The trading platform, which has been operating mostly out of Russia, is suspected of processing over $100 million in transactions linked to illicit actors and darknet markets, including $2.6 million from Hydra.

Meanwhile, the U.S. Department of Justice announced criminal charges against a Russian resident, Dmitry Pavlov, for conspiracy to distribute narcotics and conspiracy to commit money laundering. The 30-year-old Pavlov is allegedly the administrator of Hydra Market’s servers.

German law enforcement officials think that Hydra was likely the darknet market with the highest turnover globally. BKA and ZIT have estimated that its sales reached at least €1.23 billion in 2020 alone. They also noted that the investigations were hampered by the platform’s own ‘Bitcoin Bank Mixer’ service.

Do you think other darknet markets will be targeted after Hydra? Let us know in the comments section below.