JUNE 28, 2021JULIO BARRAGANANALYSIS, DARK MARKETS, RANSOMWARE
Launched in 2015, hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid.onion Hydra is the most prominent Russian darknet market and likely the largest darknet market in the world. Hydra is Russian in origin and serves the following countries: Russia, Ukraine, Belarus, Kazakhstan, Azerbaijan, Armenia, Kyrgyzstan, Uzbekistan, Tajikistan, and Moldova.
Hydra became the top Russian darknet market in 2017, after the closure of RAMP (Russian Anonymous Marketplace). Originally, there were several other Russian markets. Hydra Market has listed RAMP, IKLAD, BLACKMARKET, SOLARIS, and RuSilk as previous competitors. Hydra launched an aggressive advertisement campaign on YouTube as well as other websites and reportedly conducted DDoS attacks on its competition (unverified). In doing so, Hydra has squashed its competition and attracted millions of users. Hydra has stated that it will continue “…to suppress any resistance that could have a negative impact on the future of our projects”.
How Purchases Work
The way most darknet markets operate is that physical goods are shipped from the seller to the buyer through the post. Hydra works differently. Sellers create “kлад” or “treasures”, which is a package of an illicit good hidden in a physical location. The packages will be buried (“прикоп”), magnetized to something (“магнит”), or otherwise hidden in an inconspicuous location (“тайник”). There are two types of purchases: instant orders and pre-orders. A buyer can purchase an instant order and will immediately receive the coordinates or address of the “kлад”, where the package is hidden. With a pre-order, the buyer and seller will agree on the details of the purchase, such as the amount, and the seller will then hide the product and send the buyer the location. The buyer then goes to the location to pick up the purchase. Neither buyer, seller nor courier ever cross paths in person.
Market Supply Chains
Supply chains on Hydra generally include multiple “treasures”. Suppliers—who import drugs from outside Russia—and chemists and growers—who produce drugs locally—create “master treasures” that are large stashes of drugs. These “master treasures” are then picked up by “warehousemen” who then distribute the goods to smaller couriers. These couriers create the final “treasures” that are picked up by the buyers. An important position for a shop on Hydra is the operator. The operator coordinates the entire supply chain and resolves issues with clients. Employees of a shop on Hydra always have a plan for whenever someone in the supply chain is caught and arrested.
Info obtained from The Project, who interviewed an operator of a supply chain on Hydra.
Another unique aspect of Hydra is its roulette feature. Presumably, the way it works is if a buyer wants to purchase a product, they can risk a smaller amount of money (rather than pay full price) to have a random chance at either wining and receiving the product for the amount risked or losing and the market keeps the amount of money risked. In a way, it is a gambling feature integrated directly into the purchase of goods on the market.
It’s unclear as to how large Hydra actually is and the extent of their transaction volume; however, all information available indicates that the market has immense volume. The Russian investigative outlet, The Project, published an article in July of 2019 that estimated Hydra’s user base to exceed 2.5 million and confirmed that over 393,000 accounts left at least one review for a product. The Project also estimated that as of Jul 25, 2019, Hydra had generated over $1 billion in revenue.
In 2019, Hydra claimed to have 3 million users and to process over 100,000 transactions a day for its more than three million users.
At the time of writing this article, these statistics are a year old, and The Project showed that Hydra received around 20,000 new users per month in 2019; therefore, these statistics are likely to be much bigger today.
In the Spring 2020 CAML Report, CipherTrace reported to have discovered that 86.8% of all criminal BTC received by Russian exchanges came from Hydra. Interestingly, despite Hydra Market being Russian and serving only Russia and the surrounding countries, in 2019, 31.2% of criminal BTC received by UK exchanges came from Hydra Market. There are roughly 4,600 vendors on Hydra—an enormous amount. Some vendors have as few as 2 listings, while others have over 50 listings.
Hydra Dark Market and Ransomware Attacks
It is common for some criminals to use dark markets rather than regulated exchanges as fiat off-ramps. Other than drugs and fake identification documents, Hydra offers cash-out services that allow users to swap crypto for gift cards, prepaid debit cards or even cash . These services, coupled with Hydra’s reputation, make the dark market an attractive option for criminals operating in the region.
Hydra’s New Global Project for Western Expansion—Eternos
In December of 2019, Hydra launched an ICO that raised $146 million to create a new darknet market called Eternos. The aim of Eternos is to dominate darknet markets globally. Hydra claims they intend to include an encrypted messenger, an alternative to TOR called AspaNET, an integrated cryptocurrency exchange, and more. Eternos was intended to launch in September of 2020, but there has been no updates since the initial announcement.
An investment memorandum on the Hydra website, accessible only via dark web browsers like Tor,
claims the platform’s global expansion “will start a new era in the West” at a scale that is “hard to imagine.”
Russia’s Response to Hydra
In December 2019 the Russian government approved a bill calling for tougher penalties for those found promoting drugs on the Internet after Russian news agency Lenta.ru released an exposé on Hydra. The Federal Security Service of the Russian Federation (FSB) have since arrested several in connection with drug trafficking on Hydra.