U.S. law enforcement agencies, with the help of international colleagues, have shut down the Chinese exchange Bitzlato Limited and arrested its entire top management.

Bitzlato Limited was established in 2016, and its founder is Anatoly Legkodymov, who is a citizen of the Russian Federation. From the first day of its operation, the exchange attracted a large number of people who were not entirely legitimate business, and this was facilitated by the company’s policy and lack of control over “dirty” money. First of all, the exchange attracted the attention of various criminals, and most of all it attracted the attention of users of “dark” Internet markets.

The investigation showed that most of the Bitzlato exchange users were also active users of Hydra Market. Customers and sellers from the Hydra resource immediately fell in love with the Chinese exchange because they did not have any questions about the legality of their finances when making illegal transactions through it. The blockchain analysis showed that in the period from May 2018 to April 2022, about $300 million was credited to Bitzlato accounts from Hydra users. Also, more than $200 million was sent to Hydra accounts from the exchange. Also, thanks to the analysis, it became known that almost $20 million was transferred to the exchange’s accounts from accounts that were used for ransomware crimes.

If you think that Bitzlato employees somehow fought against illegal transactions, you are mistaken. Exchange employees sometimes blocked users who were suspected of illegal activity, but in most cases they themselves deliberately helped to transfer money to Hydra accounts. The analysis of exchange users’ correspondence with the support service showed that the employees directly answered that funds from the exchange could be transferred to any address, regardless of the purpose of the transactions. The employees of the exchange were well aware that most of their customers used accounts registered under other names to make purchases on Hydra Market, and even knowing all the schemes of transferring funds, they did not react in any way.

The marketing director of the exchange prepared a report titled “Competitor Analysis” in which he pointed out that the rejection of illegal money transfers would hit the company’s finances, and he also highlighted the disadvantages of the exchange, which he attributed to “a large number of fraudsters among the users of the resource” and “a large amount of dirty money on the company’s accounts”.

Despite the fact that the exchange was not officially registered in the United States, it advertised its services among clients of the American market. As it later became known, about 1.5 thousand US clients transferred more than USD 2 million to Bitzlato’s account.

The founder of the exchange did not even worry about being held accountable for his activities. As of October 2022, he was living in Miami, from where he had unimpeded access to the exchange’s servers. It all ended on January 17, 2023, when US law enforcement agencies in partnership with several European countries arrested Legkodymov and confiscated all of his company’s cryptocurrency assets.

A leading marketplace on the dark web, Solaris, has been hit by a rival, according to crypto analytics company Elliptic. The Russia-linked platform, which tried to occupy space vacated by the busted Hydra, is believed to have conquered up to a fifth of the illicit market before the hack.

Solaris Allegedly Taken Over by Darknet Marketplace Called Kraken

Solaris, a major marketplace for drugs and other illicit products, has been targeted in a hacking attack carried out by a similar enterprise, Kraken, not to be confused with the well-known cryptocurrency exchange with the same name.

After in April last year law enforcement authorities shut down Hydra, the former leader in this business, seizing its servers in Germany and arresting an alleged operator in Russia, Solaris managed to gain between 20% and 25% market share, according to estimates quoted by Elliptic.

This week, the blockchain forensics company reported that since Friday, Jan. 13, those who visited the onionsite were being transferred to Kraken. The latter claimed to have taken control over the infrastructure, Gitlab repository and source code of Solaris and blocked its bitcoin wallets.

Kraken is another player in the dark web space and, like Solaris and Hydra, is targeting the Russian-language segment of the underground market. The illegal trading platforms are suspected of having other ties to Russia as well.

For example, Solaris is believed of have used the services of one of the Russian “patriotic” hacker groups. The pro-Kremlin Killnet is known for launching distributed denial-of-service (DDoS ) attacks on Ukraine after Russia invaded the country in late February, 2022.

This isn’t the first attempt to breach Solaris. Ukrainian-born cyber intelligence expert Alex Holden claimed to have hacked into the marketplace, according to a report in December, and getting hold of some of the bitcoin sent to dealers using the site and to its owners.

Helped by his cybersecurity company, Holden said he specifically targeted a wallet used for crypto exchange transactions and was able to divert 1.6 BTC. The cryptocurrency was later donated to a Kyiv-based charity.

What do you make of the darknet market Kraken’s hacking attack on rival Solaris? Share your thoughts on the subject in the comments section below.

Cryptocurrency exchange Bitzlato, better known to the Russian-speaking segment of the market, has been taken down as part of an “international cryptocurrency enforcement action,” the U.S. Justice Department announced. The Russian owner of the platform has been arrested for his role in the alleged transmission of illicit money. Bitzlato claimed it was hacked.

US, France Hit Cryptocurrency Exchange Bitzlato, Russian Co-founder Detained in Miami

U.S. authorities have apprehended Anatoly Legkodymov, a resident of China, on charges that his Hong Kong-registered crypto trading platform, Bitzlato, processed illicit funds worth hundreds of millions of dollars. The Russian, a co-founder and majority owner of the exchange, was arrested by the FBI in Miami on Tuesday, a high-ranking official from the United States Department of Justice (DOJ) revealed.

Speaking during a press conference, Deputy Attorney General Lisa Monaco said that Justice Department agents and prosecutors, working with the U.S. Treasury Department and French law enforcement, have “disrupted Bitzlato, a China-based cryptocurrency exchange, notorious for laundering criminal proceeds from the darknet” and ransomware attacks. She also stated:

Today, the Department of Justice has dealt a significant blow to the crypto crime ecosystem.

Legkodymov is accused of operating the exchange as a “high-tech financial hub that, in his own words, catered to ‘known crooks’,” Monaco explained. She went on to allege that Bitzlato was a “crucial financial resource” for Hydra, the largest darknet market, with Russian roots, which was shut down in April, last year, by the German police with the support of U.S. agencies.

According to the DOJ, Hydra buyers funded illicit purchases from crypto accounts hosted at Bitzlato while sellers of drugs, stolen financial information and hacking tools sent criminal proceeds to accounts at the exchange, collectively amounting to $700 million in direct and indirect transfers between 2018 and 2022.

The deputy attorney general also said that the participants in the operation have engaged in a “coordinated campaign of disruption.” This included law enforcement actions in a number of European countries and the seizure of Bitzlato’s servers. By midday Wednesday, Bitzlato’s website was replaced by a notice saying that the service had been seized by French authorities, Reuters reported.

Crypto Exchange Bitzlato Claims It Was Hacked, Halts Withdrawals

Also on Wednesday, the operators of Bitzlato announced on Telegram, that the exchange had suffered a hacking attack. They told users that withdrawals had been suspended indefinitely and asked them to refrain from sending coins to the platform until the issue is resolved.

“Our service was hacked, part of the funds was withdrawn from the service,” the exchange said, noting that the attackers were able to steal a small portion of the funds without specifying the amount. It also sought to assure customers in a second message that their assets were not lost, stating:

For all victims, we guarantee a refund.

“As a security measure, we have disabled the service, we ask you not to replenish the wallets of our service until the work is restored,” Bitzlato reiterated, adding that its team was working on the problem. At the time of writing, the platform is still offline.

The hack presumably took place after on Tuesday the exchange announced maintenance scheduled for Thursday, Jan. 19, “aimed at improving the operation of the service and its security.” The notice informed users it will halt transactions between 5 and 9 a.m. Moscow time.

“We strongly recommend that you organize your work activities taking into account the amendments in order to avoid unpleasant situations,” the platform advised customers, informing them that it plans to disable deposits, withdrawals and trading.

Bitzlato launched in 2016 under the name Changebot and later became a cryptocurrency exchange offering peer-to-peer (P2P) trading services. It lists pairs of the Russian ruble with BTC, ETH, USDT, and other digital coins which can be bought and sold with a variety of payment methods.

Online crypto exchangers like Bitzlato are popular in Russia and the former Soviet space but as crypto assets are yet to be fully regulated in the region, they are often targeted by authorities across the Commonwealth of Independent States. A report recently revealed that the Belarusian judiciary has imposed a hefty fine on the operator of one such platform.

Do you expect other similar operations against crypto trading platforms in the near future? Share your thoughts on the subject in the comments section below.

A Ukrainian living in the U.S. has reportedly hacked a major drug market on the Russian dark web, diverting some of its crypto proceeds. The man says he donated the digital cash stolen from the illicit website to an organization delivering humanitarian aid across his war-torn homeland.

Wisconsin Resident With Ukrainian Roots Hacks Russian Dark Web Market Solaris

Ukrainian-born cyber intelligence expert Alex Holden, who left Kyiv as a teenager in the 1980s and now lives in Mequon, Wisconsin, claims he has hacked into Solaris, one of Russia’s largest online drug markets, Forbes informs in a report.

Supported by his team at Hold Security, he was able to get hold of some of the bitcoin sent to dealers and the darknet site’s owners. The cryptocurrency, worth over $25,000, was later transferred to Enjoying Life, a charitable foundation based in the Ukrainian capital.

Without revealing exactly how he did it, Holden explained he took control of much of the internet infrastructure behind Solaris, including some administrator accounts, obtained the website’s source code and a database of its users and drop off locations for drug deliveries.

For a while, the Ukrainian and his colleagues also gained access to the “master wallet” of the marketplace. It was used by buyers and dealers to deposit and withdraw funds and operated as the platform’s crypto exchange, the article details.

Given the rapid turnover, the wallet rarely had more than 3 BTC at a time. Holden managed to appropriate 1.6 BTC and send it to Enjoying Life. Hold Security donated another $8,000 to the charity, which provides assistance to people affected by the war in Ukraine.

Solaris Linked to ‘Patriotic’ Russian Hacking Collective Killnet

The darknet market Solaris is suspected of having connections to the hacking crew Killnet, which after Moscow launched its invasion in late February became one of Russia’s “patriotic” hacker groups vowing to target Ukrainians and their supporters.

Killnet has also conducted a number of attacks in the U.S., including on airport and state government websites as well as the National Geospatial-Intelligence Agency. It reportedly hit the Eurovision song contest, the Estonian government and Italy’s National Health Institute.

The group was also blamed for attacking Rutor, the main rival of Solaris, which became Russia’s leading underground drugs market after Hydra was shut down this past spring. According to U.S. cybersecurity firm Zerofox, Solaris was paying Killnet for DDoS services.

Besides the battlefield, Russia and Ukraine have also clashed in the online space, with the government in Kyiv recruiting experts for its own cyberforce. The special unit was tasked to identify and prevent Russian attacks but also hack back.

Hits such as those on Russia’s largest bank, Sber, and the Moscow Stock Exchange have been attributed to the Ukrainian IT army. Social media accounts associated with the hacktivist collective Anonymous took responsibility for many other attacks.

What do you think about Alex Holden’s attack on the Russian darknet market Solaris? Let us know in the comments section below.

A Moscow court has ordered the seizure of the crypto wallet of one of the alleged administrators of darknet market Hydra. Media reports reveal, however, that the man — who was arrested in Russia in mid-April — is refusing to share access to his presumed crypto stash with Russian law enforcement.

Investigators Fail to Obtain Hydra Market Operator’s Cryptocurrency

The Russian judiciary wants to confiscate what it believes to be a record amount of cryptocurrency from a drug dealer’s crypto wallet, the business daily Kommersant reported this week, quoting a post on the Telegram news channel Mash.

The crypto stash belongs to an alleged co-founder and administrator of arguably the largest online marketplace on the dark web, Hydra, which was shut down by Germany not long ago.

Dmitry Olegovich Pavlov, a 30-year-old businessman from Cherepovets, was detained last month on a warrant from the Meshchansky District Court of Moscow and accused of production, sale, and distribution of drugs under Russia’s Criminal Code.

His arrest came shortly after the U.S. Department of Justice announced criminal charges against a Russian resident with the same names for conspiracy to distribute narcotics and conspiracy to commit money laundering.

According to the report, Pavlov’s wallet was seized with a court order and investigators think it stores hundreds of millions of dollars’ worth of cryptocurrency. Whether the state will be able to obtain the coins, however, is another question.

The owner refuses to give Russian authorities access to his wallet and the exact amount of digital currency stored there is yet to be established. Aside from the crypto wallet, Pavlov has been otherwise cooperative and police already have his phones and computers, Kommersant revealed.

Dmitry Pavlov is the first Hydra operator detained in the history of the Russian-language marketplace, the newspaper noted. The platform had been active since at least 2015 and had around 17 million customers before it was busted in early April when German law enforcement seized its server infrastructure and took down the darknet market’s website with support from U.S. agencies.

Do you expect Russian authorities to eventually gain access to Dmitry Pavlov’s crypto wallet? Tell us in the comments section below.

A district court in Moscow has arrested a man whom local media reports identify as Dmitry Pavlov, alleged administrator of the recently shut down darknet market Hydra. Russian authorities believe he has been involved in drug-related crime punishable by up to 20 years in prison.

Moscow Court Arrests Russian Believed to Be Hydra Administrator

Meshchansky District Court of Moscow has taken into custody a certain Dmitry Olegovich Pavlov accused of production, sale, and distribution of drugs under Russia’s Criminal Code, the “Moscow” City News Agency reported this week, quoting the court’s press service.

Pavlov, who was arrested on Monday, April 11, has the same names as a 30-year-old Russian citizen and resident charged for similar offenses in relation to his alleged role as an administrator of the recently busted Hydra Market, one of the largest marketplaces on the darknet.

Earlier this month, German law enforcement seized Hydra’s server infrastructure in the country and took down the Russian-language platform’s website. The operation was carried with support from several U.S. agencies.

On April 5, the U.S. Department of Justice announced criminal charges against Dmitry Pavlov for conspiracy to distribute narcotics and conspiracy to commit money laundering. According to an indictment filed with the U.S. District Court for the Northern District of California, the Russian is also accused of administering and providing hosting services to Hydra.

The Russian business daily Kommersant quoted Pavlov telling the BBC on April 6 he had not been contacted by U.S. authorities and that he learned about the charges from the media. He also insisted his company had all the necessary licenses from Roskomnadzor, Russia’s communications watchdog, and was not administering any websites but only leasing servers as an intermediary.

The United States has been alleging the Russian Federation’s involvement with crypto-related criminal organizations, including darknet markets (DNMs) and ransomware actors. In September, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-based crypto broker Suex, believed to have received more than $20 million from DNMs like Hydra.

The department also imposed sanctions on Hydra itself — which had been active since at least 2015 and had around 17 million customers before it was shut down — and on a cryptocurrency exchange called Garantex, suspected of processing over $2.6 million in transactions from the darknet market platform.

Do you expect other arrests in Russia in connection with the Hydra case? Tell us in the comments section below.

Law enforcement agencies in Germany have targeted Hydra, a leading darknet market (DNM). As part of an operation conducted with U.S. support, the German police were able to establish control over the servers of the Russian-language platform in the country and take down its website.

Investigators Hit Hydra in Germany, Confiscate Millions in Crypto

Hydra Market, one of the largest marketplaces on the darknet, has been shut down by German authorities which seized its server infrastructure. According to an announcement by the Federal Criminal Police Office (BKA), law enforcement agents also confiscated bitcoin worth around €23 million ($25 million). The following message appeared on Hydra’s website on Tuesday:

BKA carried out the raid together with the Central Office for Combating Cybercrime (ZIT) at the Public Prosecutor’s Office in Frankfurt which is leading the investigation against Hydra’s operators and administrators. They are wanted for running illegal online platforms facilitating the trade of drugs and money laundering.

The German police noted that Hydra had been active since at least 2015 before the seizures which came after extensive investigations by the BKA and ZIT. They started in August last year and were conducted with the participation of several U.S. agencies.

The darknet marketplace, which was accessible via the Tor network, was targeting Russian speakers. It had around 17 million customers and over 19,000 registered sellers, the press release detailed. Besides banned substances, these also offered stolen data, forged documents and digital services.

Hydra became a major darknet market after overtaking another Russian platform, DNM Ramp. According to the data compiled by the blockchain forensics company Chainalysis, the region of Eastern Europe sends more digital currency to darknet marketplaces than any other region.

Washington has been alleging Moscow’s involvement with malicious cyber actors like DNMs, ransomware groups and other crypto-related crime. In September, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-based crypto broker Suex which is believed to have received more than $20 million from darknet markets like Hydra.

The Treasury Department has imposed sanctions against Hydra and a crypto exchange called Garantex. The trading platform, which has been operating mostly out of Russia, is suspected of processing over $100 million in transactions linked to illicit actors and darknet markets, including $2.6 million from Hydra.

Meanwhile, the U.S. Department of Justice announced criminal charges against a Russian resident, Dmitry Pavlov, for conspiracy to distribute narcotics and conspiracy to commit money laundering. The 30-year-old Pavlov is allegedly the administrator of Hydra Market’s servers.

German law enforcement officials think that Hydra was likely the darknet market with the highest turnover globally. BKA and ZIT have estimated that its sales reached at least €1.23 billion in 2020 alone. They also noted that the investigations were hampered by the platform’s own ‘Bitcoin Bank Mixer’ service.

Do you think other darknet markets will be targeted after Hydra? Let us know in the comments section below.