Russian crypto traders have been looking to obtain unrestricted accounts for global exchanges as their access to such platforms is limited. Over the past year, the offering of such accounts on the dark web has increased significantly, cybersecurity experts told the Russian press.

Supply of Crypto Exchange Accounts for Russian Users Doubles in a Year of Sanctions

More and more ready-to-use accounts for cryptocurrency exchanges are being sold to Russian residents. While this is not a new phenomenon — such accounts are often employed by fraudsters and money launderers — the current growth in supply has been attributed to the restrictions imposed by the trading platforms on customers from Russia, as a result of compliance with sanctions over the war in Ukraine.

Russian residents have been buying these accounts despite the dangers, including the risk that whoever created them could maintain access after the sale, the Kommersant reported. But they are inexpensive and offers on darknet markets have doubled since early 2022, Nikolay Chursin from the Positive Technologies information security threat analysis group told the business daily.

According to Peter Mareichev, an analyst at Kaspersky Digital Footprint Intelligence, the number of new ads for ready-made and verified wallets on various exchanges reached 400 in December. Proposals to prepare fake documents for passing know-your-customer procedures also rose, the newspaper revealed in an earlier article last month.

Simple login data, username and password, is typically priced at around $50, Chursin added. And for a fully set up account, including the documents with which it was registered, a buyer would have to pay an average of $300. Dmitry Bogachev from digital threat analysis firm Jet Infosystems explained that the price depends on factors such as the country and date of registration as well as the activity history. Older accounts are more expensive.

Sergey Mendeleev, CEO of defi banking platform Indefibank, pointed out that there are two categories of buyers — Russians that have no other choice as they need an account for everyday work and those who use these accounts for criminal purposes. Igor Sergienko, director of development at cybersecurity services provider RTK-Solar, is convinced that demand is largely due to crypto exchanges blocking Russian accounts or withdrawals to Russian bank cards in recent months.

Major crypto service providers, including leading digital asset exchanges, have complied with financial restrictions introduced by the West in response to Russia’s invasion of Ukraine. Last year, the world’s largest crypto trading platform, Binance, indicated that, while restricting sanctioned individuals and entities, it was not banning all Russians.

However, since the end of 2022, a number of Russian users of Binance have complained about having their accounts blocked without explanation, as reported by Forklog. Many experienced problems for weeks, including suspended withdrawals amid prolonged checks, affected customers said. The company told the crypto news outlet that the blocking of users from Eastern Europe and the Commonwealth of Independent States was related to the case with the seized crypto exchange Bitzlato.

Do you think the restrictions will push more Russians towards buying ready-made accounts for cryptocurrency exchanges? Share your thoughts on the subject in the comments section below.

Several U.S. nuclear research laboratories have been attacked. According to Reuters, the cyber attacks on the laboratories were carried out by Russian hackers.

According to journalists, over the course of several months in August-September 2022, terrorists attacked the Ernest Lawrence Livermore National Laboratory, the Argonne Laboratory, which is located near Chicago, Illinois, and the Brookhaven National Laboratory in Upton, New York. Among all the facilities attacked, each belongs to the U.S. Department of Energy.

According to reporters, the attacker’s initial goal was to take the scientists’ passwords, which he reached through intimidating threatening emails from employees and creating fake Lab employee pages.

Be that as it may, there have been no official answers to the question of why these sites were chosen as cyberattacks.

A leading marketplace on the dark web, Solaris, has been hit by a rival, according to crypto analytics company Elliptic. The Russia-linked platform, which tried to occupy space vacated by the busted Hydra, is believed to have conquered up to a fifth of the illicit market before the hack.

Solaris Allegedly Taken Over by Darknet Marketplace Called Kraken

Solaris, a major marketplace for drugs and other illicit products, has been targeted in a hacking attack carried out by a similar enterprise, Kraken, not to be confused with the well-known cryptocurrency exchange with the same name.

After in April last year law enforcement authorities shut down Hydra, the former leader in this business, seizing its servers in Germany and arresting an alleged operator in Russia, Solaris managed to gain between 20% and 25% market share, according to estimates quoted by Elliptic.

This week, the blockchain forensics company reported that since Friday, Jan. 13, those who visited the onionsite were being transferred to Kraken. The latter claimed to have taken control over the infrastructure, Gitlab repository and source code of Solaris and blocked its bitcoin wallets.

Kraken is another player in the dark web space and, like Solaris and Hydra, is targeting the Russian-language segment of the underground market. The illegal trading platforms are suspected of having other ties to Russia as well.

For example, Solaris is believed of have used the services of one of the Russian “patriotic” hacker groups. The pro-Kremlin Killnet is known for launching distributed denial-of-service (DDoS ) attacks on Ukraine after Russia invaded the country in late February, 2022.

This isn’t the first attempt to breach Solaris. Ukrainian-born cyber intelligence expert Alex Holden claimed to have hacked into the marketplace, according to a report in December, and getting hold of some of the bitcoin sent to dealers using the site and to its owners.

Helped by his cybersecurity company, Holden said he specifically targeted a wallet used for crypto exchange transactions and was able to divert 1.6 BTC. The cryptocurrency was later donated to a Kyiv-based charity.

What do you make of the darknet market Kraken’s hacking attack on rival Solaris? Share your thoughts on the subject in the comments section below.

Cryptocurrency exchange Bitzlato, better known to the Russian-speaking segment of the market, has been taken down as part of an “international cryptocurrency enforcement action,” the U.S. Justice Department announced. The Russian owner of the platform has been arrested for his role in the alleged transmission of illicit money. Bitzlato claimed it was hacked.

US, France Hit Cryptocurrency Exchange Bitzlato, Russian Co-founder Detained in Miami

U.S. authorities have apprehended Anatoly Legkodymov, a resident of China, on charges that his Hong Kong-registered crypto trading platform, Bitzlato, processed illicit funds worth hundreds of millions of dollars. The Russian, a co-founder and majority owner of the exchange, was arrested by the FBI in Miami on Tuesday, a high-ranking official from the United States Department of Justice (DOJ) revealed.

Speaking during a press conference, Deputy Attorney General Lisa Monaco said that Justice Department agents and prosecutors, working with the U.S. Treasury Department and French law enforcement, have “disrupted Bitzlato, a China-based cryptocurrency exchange, notorious for laundering criminal proceeds from the darknet” and ransomware attacks. She also stated:

Today, the Department of Justice has dealt a significant blow to the crypto crime ecosystem.

Legkodymov is accused of operating the exchange as a “high-tech financial hub that, in his own words, catered to ‘known crooks’,” Monaco explained. She went on to allege that Bitzlato was a “crucial financial resource” for Hydra, the largest darknet market, with Russian roots, which was shut down in April, last year, by the German police with the support of U.S. agencies.

According to the DOJ, Hydra buyers funded illicit purchases from crypto accounts hosted at Bitzlato while sellers of drugs, stolen financial information and hacking tools sent criminal proceeds to accounts at the exchange, collectively amounting to $700 million in direct and indirect transfers between 2018 and 2022.

The deputy attorney general also said that the participants in the operation have engaged in a “coordinated campaign of disruption.” This included law enforcement actions in a number of European countries and the seizure of Bitzlato’s servers. By midday Wednesday, Bitzlato’s website was replaced by a notice saying that the service had been seized by French authorities, Reuters reported.

Crypto Exchange Bitzlato Claims It Was Hacked, Halts Withdrawals

Also on Wednesday, the operators of Bitzlato announced on Telegram, that the exchange had suffered a hacking attack. They told users that withdrawals had been suspended indefinitely and asked them to refrain from sending coins to the platform until the issue is resolved.

“Our service was hacked, part of the funds was withdrawn from the service,” the exchange said, noting that the attackers were able to steal a small portion of the funds without specifying the amount. It also sought to assure customers in a second message that their assets were not lost, stating:

For all victims, we guarantee a refund.

“As a security measure, we have disabled the service, we ask you not to replenish the wallets of our service until the work is restored,” Bitzlato reiterated, adding that its team was working on the problem. At the time of writing, the platform is still offline.

The hack presumably took place after on Tuesday the exchange announced maintenance scheduled for Thursday, Jan. 19, “aimed at improving the operation of the service and its security.” The notice informed users it will halt transactions between 5 and 9 a.m. Moscow time.

“We strongly recommend that you organize your work activities taking into account the amendments in order to avoid unpleasant situations,” the platform advised customers, informing them that it plans to disable deposits, withdrawals and trading.

Bitzlato launched in 2016 under the name Changebot and later became a cryptocurrency exchange offering peer-to-peer (P2P) trading services. It lists pairs of the Russian ruble with BTC, ETH, USDT, and other digital coins which can be bought and sold with a variety of payment methods.

Online crypto exchangers like Bitzlato are popular in Russia and the former Soviet space but as crypto assets are yet to be fully regulated in the region, they are often targeted by authorities across the Commonwealth of Independent States. A report recently revealed that the Belarusian judiciary has imposed a hefty fine on the operator of one such platform.

Do you expect other similar operations against crypto trading platforms in the near future? Share your thoughts on the subject in the comments section below.

A Ukrainian living in the U.S. has reportedly hacked a major drug market on the Russian dark web, diverting some of its crypto proceeds. The man says he donated the digital cash stolen from the illicit website to an organization delivering humanitarian aid across his war-torn homeland.

Wisconsin Resident With Ukrainian Roots Hacks Russian Dark Web Market Solaris

Ukrainian-born cyber intelligence expert Alex Holden, who left Kyiv as a teenager in the 1980s and now lives in Mequon, Wisconsin, claims he has hacked into Solaris, one of Russia’s largest online drug markets, Forbes informs in a report.

Supported by his team at Hold Security, he was able to get hold of some of the bitcoin sent to dealers and the darknet site’s owners. The cryptocurrency, worth over $25,000, was later transferred to Enjoying Life, a charitable foundation based in the Ukrainian capital.

Without revealing exactly how he did it, Holden explained he took control of much of the internet infrastructure behind Solaris, including some administrator accounts, obtained the website’s source code and a database of its users and drop off locations for drug deliveries.

For a while, the Ukrainian and his colleagues also gained access to the “master wallet” of the marketplace. It was used by buyers and dealers to deposit and withdraw funds and operated as the platform’s crypto exchange, the article details.

Given the rapid turnover, the wallet rarely had more than 3 BTC at a time. Holden managed to appropriate 1.6 BTC and send it to Enjoying Life. Hold Security donated another $8,000 to the charity, which provides assistance to people affected by the war in Ukraine.

Solaris Linked to ‘Patriotic’ Russian Hacking Collective Killnet

The darknet market Solaris is suspected of having connections to the hacking crew Killnet, which after Moscow launched its invasion in late February became one of Russia’s “patriotic” hacker groups vowing to target Ukrainians and their supporters.

Killnet has also conducted a number of attacks in the U.S., including on airport and state government websites as well as the National Geospatial-Intelligence Agency. It reportedly hit the Eurovision song contest, the Estonian government and Italy’s National Health Institute.

The group was also blamed for attacking Rutor, the main rival of Solaris, which became Russia’s leading underground drugs market after Hydra was shut down this past spring. According to U.S. cybersecurity firm Zerofox, Solaris was paying Killnet for DDoS services.

Besides the battlefield, Russia and Ukraine have also clashed in the online space, with the government in Kyiv recruiting experts for its own cyberforce. The special unit was tasked to identify and prevent Russian attacks but also hack back.

Hits such as those on Russia’s largest bank, Sber, and the Moscow Stock Exchange have been attributed to the Ukrainian IT army. Social media accounts associated with the hacktivist collective Anonymous took responsibility for many other attacks.

What do you think about Alex Holden’s attack on the Russian darknet market Solaris? Let us know in the comments section below.

A Moscow court has ordered the seizure of the crypto wallet of one of the alleged administrators of darknet market Hydra. Media reports reveal, however, that the man — who was arrested in Russia in mid-April — is refusing to share access to his presumed crypto stash with Russian law enforcement.

Investigators Fail to Obtain Hydra Market Operator’s Cryptocurrency

The Russian judiciary wants to confiscate what it believes to be a record amount of cryptocurrency from a drug dealer’s crypto wallet, the business daily Kommersant reported this week, quoting a post on the Telegram news channel Mash.

The crypto stash belongs to an alleged co-founder and administrator of arguably the largest online marketplace on the dark web, Hydra, which was shut down by Germany not long ago.

Dmitry Olegovich Pavlov, a 30-year-old businessman from Cherepovets, was detained last month on a warrant from the Meshchansky District Court of Moscow and accused of production, sale, and distribution of drugs under Russia’s Criminal Code.

His arrest came shortly after the U.S. Department of Justice announced criminal charges against a Russian resident with the same names for conspiracy to distribute narcotics and conspiracy to commit money laundering.

According to the report, Pavlov’s wallet was seized with a court order and investigators think it stores hundreds of millions of dollars’ worth of cryptocurrency. Whether the state will be able to obtain the coins, however, is another question.

The owner refuses to give Russian authorities access to his wallet and the exact amount of digital currency stored there is yet to be established. Aside from the crypto wallet, Pavlov has been otherwise cooperative and police already have his phones and computers, Kommersant revealed.

Dmitry Pavlov is the first Hydra operator detained in the history of the Russian-language marketplace, the newspaper noted. The platform had been active since at least 2015 and had around 17 million customers before it was busted in early April when German law enforcement seized its server infrastructure and took down the darknet market’s website with support from U.S. agencies.

Do you expect Russian authorities to eventually gain access to Dmitry Pavlov’s crypto wallet? Tell us in the comments section below.

A district court in Moscow has arrested a man whom local media reports identify as Dmitry Pavlov, alleged administrator of the recently shut down darknet market Hydra. Russian authorities believe he has been involved in drug-related crime punishable by up to 20 years in prison.

Moscow Court Arrests Russian Believed to Be Hydra Administrator

Meshchansky District Court of Moscow has taken into custody a certain Dmitry Olegovich Pavlov accused of production, sale, and distribution of drugs under Russia’s Criminal Code, the “Moscow” City News Agency reported this week, quoting the court’s press service.

Pavlov, who was arrested on Monday, April 11, has the same names as a 30-year-old Russian citizen and resident charged for similar offenses in relation to his alleged role as an administrator of the recently busted Hydra Market, one of the largest marketplaces on the darknet.

Earlier this month, German law enforcement seized Hydra’s server infrastructure in the country and took down the Russian-language platform’s website. The operation was carried with support from several U.S. agencies.

On April 5, the U.S. Department of Justice announced criminal charges against Dmitry Pavlov for conspiracy to distribute narcotics and conspiracy to commit money laundering. According to an indictment filed with the U.S. District Court for the Northern District of California, the Russian is also accused of administering and providing hosting services to Hydra.

The Russian business daily Kommersant quoted Pavlov telling the BBC on April 6 he had not been contacted by U.S. authorities and that he learned about the charges from the media. He also insisted his company had all the necessary licenses from Roskomnadzor, Russia’s communications watchdog, and was not administering any websites but only leasing servers as an intermediary.

The United States has been alleging the Russian Federation’s involvement with crypto-related criminal organizations, including darknet markets (DNMs) and ransomware actors. In September, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-based crypto broker Suex, believed to have received more than $20 million from DNMs like Hydra.

The department also imposed sanctions on Hydra itself — which had been active since at least 2015 and had around 17 million customers before it was shut down — and on a cryptocurrency exchange called Garantex, suspected of processing over $2.6 million in transactions from the darknet market platform.

Do you expect other arrests in Russia in connection with the Hydra case? Tell us in the comments section below.

Law enforcement agencies in Germany have targeted Hydra, a leading darknet market (DNM). As part of an operation conducted with U.S. support, the German police were able to establish control over the servers of the Russian-language platform in the country and take down its website.

Investigators Hit Hydra in Germany, Confiscate Millions in Crypto

Hydra Market, one of the largest marketplaces on the darknet, has been shut down by German authorities which seized its server infrastructure. According to an announcement by the Federal Criminal Police Office (BKA), law enforcement agents also confiscated bitcoin worth around €23 million ($25 million). The following message appeared on Hydra’s website on Tuesday:

BKA carried out the raid together with the Central Office for Combating Cybercrime (ZIT) at the Public Prosecutor’s Office in Frankfurt which is leading the investigation against Hydra’s operators and administrators. They are wanted for running illegal online platforms facilitating the trade of drugs and money laundering.

The German police noted that Hydra had been active since at least 2015 before the seizures which came after extensive investigations by the BKA and ZIT. They started in August last year and were conducted with the participation of several U.S. agencies.

The darknet marketplace, which was accessible via the Tor network, was targeting Russian speakers. It had around 17 million customers and over 19,000 registered sellers, the press release detailed. Besides banned substances, these also offered stolen data, forged documents and digital services.

Hydra became a major darknet market after overtaking another Russian platform, DNM Ramp. According to the data compiled by the blockchain forensics company Chainalysis, the region of Eastern Europe sends more digital currency to darknet marketplaces than any other region.

Washington has been alleging Moscow’s involvement with malicious cyber actors like DNMs, ransomware groups and other crypto-related crime. In September, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-based crypto broker Suex which is believed to have received more than $20 million from darknet markets like Hydra.

The Treasury Department has imposed sanctions against Hydra and a crypto exchange called Garantex. The trading platform, which has been operating mostly out of Russia, is suspected of processing over $100 million in transactions linked to illicit actors and darknet markets, including $2.6 million from Hydra.

Meanwhile, the U.S. Department of Justice announced criminal charges against a Russian resident, Dmitry Pavlov, for conspiracy to distribute narcotics and conspiracy to commit money laundering. The 30-year-old Pavlov is allegedly the administrator of Hydra Market’s servers.

German law enforcement officials think that Hydra was likely the darknet market with the highest turnover globally. BKA and ZIT have estimated that its sales reached at least €1.23 billion in 2020 alone. They also noted that the investigations were hampered by the platform’s own ‘Bitcoin Bank Mixer’ service.

Do you think other darknet markets will be targeted after Hydra? Let us know in the comments section below.

Law enforcement in Russia has blocked major sites on the dark web, including a carding market leader. The platforms have been seized amid ongoing investigations into hacking groups, with Russian authorities ramping up efforts to dismantle the cybercrime rings and detain their members.

Interior Ministry of Russia Hits Stolen Credit Cards Market

The Ministry of Internal Affairs of the Russian Federation (MVD) has brought down four prominent websites operating on the dark web, blockchain forensics firm Elliptic has revealed. The sites have been blocked by Directorate “K”, MVD’s unit combatting computer-related crime.

The seized platforms are the Sky-Fraud forum, Trump’s Dumps, UAS Store, and Ferum Shop, which became the leading market for stolen credit cards after the largest marketplace in the niche, Unicc, was taken offline in January, the report details.

According to Elliptic’s estimate, the sites have collectively made more than $263 million in crypto sales denominated in bitcoin (BTC), ether (ETH), and litecoin (LTC) before they were shut down. Ferum accounts for the bulk of that amount with $256 million in bitcoin generated, or 17% of the carding market.

Trump’s Dumps, another website distributing compromised card data, has allegedly made around $4.1 million since its launch in 2017. Both sites were advertised on the on Sky-Fraud forum, where carding techniques and money laundering tips were among the main topics. Directorate “K” has apparently left a message in its source code, reading: “Which one of you is next?”

[#Russia] SKY-FRAUD & FERUM, famous Russian #carding forums closed by Russian authorities.

Authorities left an easter egg on the code source saying “WHICH ONE OF YOU IS NEXT?”#cybercrime #takedown #infosec #banking pic.twitter.com/RbNTkWPHIc

— Soufiane Tahiri (@S0ufi4n3) February 7, 2022

The fourth blocked website, UAS Store, was a platform offering stolen remote desktop protocol credentials that cybercriminals use to gain access to victims’ accounts from other devices. These breaches have increased during the Covid-19 pandemic as more employees are now working from home. Since late 2017, UAS Store has made around $3 million in cryptocurrency.

Elliptic notes that the latest seizures have been executed after the previous top carding marketplace, Unicc, and its affiliate proxy market Luxsocks, became inaccessible in mid-January. The seizures also came after the subsequent arrest of Unicc’s suspected administrator by the Russian Federal Security Service (FSB). Researchers claim the crypto proceeds of the two platforms reached $372 million.

Meanwhile, the MVD has sought through a Moscow court the arrest of six unidentified hackers accused of “illegal circulation of means of payment.” Whether the group is linked to the closed-down dark web sites is not clear yet. Last month, FSB and MVD busted the notorious Revil ransomware group on a U.S. request, detaining 14 of its suspected members.

Do you think Russia will continue to crack down on dark web platforms and hacking groups? Tell us in the comments section below.

Russian institutions have responded to a call from а public movement for joint efforts to identify cryptocurrency transfers related to drug trade. The anti-drug organization, Stopnarkotik, recently asked the interior ministry and the central bank to investigate alleged connections between U.S.-sanctioned crypto exchange Suex and a darknet market operating in the region.

Russian Authorities Respond to Stopnarkotik’s Request for Action Against Drug Trade

The Ministry of Internal Affairs of the Russian Federation (MVD) and Bank of Russia have agreed to cooperate with the All-Russian Public Movement Stopnarkotik on identifying financial flows involving cryptocurrencies obtained as a result of drug sales. The Russian online news portal Lenta.ru reported on the agreement, quoting a letter from a high-ranking MVD official.

The letter signed by Major General Andrei Yanishevsky, head of the Drug Control Department at the Interior Ministry, has been issued after a working meeting with representatives of the anti-drug organization. It comes in response to Stopnarkotik’s call for the two institutions to carry out an investigation focused on Suex, a Russia-based OTC crypto broker, and its links to other companies and banks.

In September, the U.S. Treasury Department blacklisted the Czech-registered entity Suex OTC s.r.o. which operates out of physical offices in Moscow and Saint Petersburg. The crypto platform is suspected of processing hundreds of millions of dollars in coin transactions related to scams, ransomware attacks, darknet markets, and the infamous Russian BTC-e exchange.

Since launching in 2018, Suex is believed to have received over $481 million in BTC alone. Close to $13 million came from ransomware operators such as Ryuk, Conti, and Maze, over $24 million was sent by crypto scams like Finiko, $20 million came from mixers, and another $20 million from darknet markets such as the Russia-targeting Hydra, blockchain forensics firm Chainalysis detailed in a report.

In its request to the Russian authorities, following the announcement of the U.S. sanctions, Stopnarkotik noted that Suex had been “involved in money laundering for the largest drug-selling platform.” The organization pointed out that the market’s drug trafficking in the Russian Federation amounts to an estimated $1.5 billion a year or more.

It also mentioned the name of one of Suex’s co-founders and highlighted its alleged connections with other crypto companies and financial institutions such as Exmo, a major digital asset exchange in Eastern Europe, financial services company Qiwi, a leading payment provider in Russia and the CIS countries, as well as the Ukraine-based Concord Bank.

Stopnarkotik asked Bank of Russia to provide its assessment on the matter, check if the operations of Suex and other entities are being conducted in accordance with the law in Russia, and consider blocking Russian payments to a Ukrainian organization.

“We received a response from the Ministry of Internal Affairs and the Central Bank. We also had a personal meeting with the Ministry of Internal Affairs so that they had an understanding of how we receive information, including about money laundering,” the movement’s chairman, Sergei Polozov, has been quoted as saying. He added that the Russian Interior Ministry is ready to accept Stopnarkotik’s data and work together with the organization.

Do you expect the cooperation between Stopnarkotik and Russian government institutions to develop further? Tell us in the comments section below.