Investigating Hydra: Where Cryptocurrency Roads All Lead to Russia and Go Dark
Sequencing Cryptocurrency Flows on Russian Cybercrime Market “Hydra” in New Joint Research
In new research, we detail the inner workings of cybercriminal cryptocurrency financial chains and the rise to prominence of “Hydra,” the Russian-language dark web marketplace (DWM) known primarily for its illicit, high-traffic narcotics market.
Download your copy here: Hydra: Where The Crypto Money Laundering Trail Goes Dark
Today, however, the illicit activities no longer end with narcotics for Hydra. Cybercriminals now use it to conduct illicit sales of stolen credit cards, SIM cards, and counterfeit documents and IDs, among other offerings—as well as to obfuscate their own digital transactions through regional exchanges and extended money laundering tactics.
Hydra Is on a Blistering Growth Trajectory
Hydra market activity has skyrocketed since its inception, with annual transaction volumes growing from a total of $9.40 million in 2016 to north of $1.37 billion by the end of 2020. Observed through blockchain analysis, we see a staggering 624% year-over-year growth rate for Hydra in its three most recent years 2018 to 2020.
Further buoying Hydra’s growth is its ability—or its good fortune—to remain running and unscathed against competitor attacks or law enforcement scrutiny; its only downtime of note occurred during a short time period at the beginning of the COVID-19 global pandemic in late March 2020.
Hydra Cryptocurrency Volumes Are Booming
Why All Cryptocurrency Cybercrime Trails Lead to Russia and Go Dark
In contrast to most other dark web marketplaces that want to encourage cybercriminal sellers wherever possible, Hydra takes the opposite tact. Since at least July 2018, according to Flashpoint Intelligence, Hydra administrators have imposed strict controls on its sellers.
Geospatial data visualizations of Hydra transactional flows further confirm these seller restrictions with Russia by far the leading destination country for the vast majority of funds exiting all Hydra accounts (both buyers and sellers).
Hydra Seller Withdrawals Funnel through Russian Exchanges and Service Operators
Hydra Restrictions Drive a Hard Bargain for Cybercriminal Sellers
First, seller withdrawals on Hydra are disabled until sellers meet activity minimums in which they a) successfully complete 50 or more sales transactions, and b) maintain an eWallet account balance of at least USD-equivalent $10,000.
Second, Hydra admins impose strict guidelines as to how seller funds may be withdrawn: Sellers must not only first convert their Hydra earnings into Russian fiat currency, but also face similarly tight constraints with the payment services and exchanges they are permitted to use to do the cryptocurrency conversion. Perhaps unsurprisingly, the select few regionally-operated exchanges and payment services that are permitted are all exclusively or primarily based in Russia and Russian-friendly Eastern European countries.
Download the Report
Get your copy with all of the detailed findings HERE. We go into further detail on these findings and provide more data charts and analysis on Hydra, including:
- How Hydra grew to prominence in just five years’ time.
- Why Hydra sellers are resorting to physical product and cash burials.
- Why more industries are at risk as Hydra expansion looms.
Register for Our Joint Webinar on Thursday, June 17th
Join Flashpoint and Chainalysis for a webinar with our subject matter experts who spearheaded the Hydra research investigation as we discuss our findings and future implications for a cybercriminal marketplace that continues to grow at a rapid rate. The webinar will take place on Thursday, June 17th at 11:00AM EDT. Register for the webinar here.