Hydra, the world’s biggest cybercrime forum, shut down in police sting

  News
image_pdfimage_print
A cartoon figure stalks a giant bitcoin logo.
Enlarge / Laundering of stolen cryptocurrency was a key service offered by Hydra.

Hydra, the world’s biggest cybercrime forum, is no more. Authorities in Germany have seized servers and other infrastructure used by the sprawling, billion-dollar enterprise along with a stash of about $25 million in bitcoin.

Hydra had been operating since at least 2015 and had seen a meteoric rise since then. In 2020, it had annual revenue of more than $1.37 billion, according to a 2021 report jointly published by security firm Flashpoint and blockchain analysis company Chainalysis. In 2016, the companies said Hydra had a revenue of just $9.4 million. German authorities said the site had 17 million customers and more than 19,000 seller accounts registered.

Cybercrime bazaar

Available exclusively through the Tor network, Hydra was a bazaar that brokered sales of narcotics, fake documents, cryptocurrency-laundering services, and other digital goods. Flashpoint and Chainalysis identified 11 core operators but said the marketplace was so big that it likely was staffed by “several dozen people, with clearly delineated responsibilities.”

In a post published on Tuesday, Germany’s Central Office for Combating Cybercrime (known as ZIT) and the Federal Criminal Police Office (BKA) said they confiscated Hydra’s server infrastructure and 543 bitcoins, worth about $25 million.

People who attempt to visit the site can’t access any of the previously available pages or resources. Instead, they see the following graphic bearing the seals of multiple law enforcement agencies, including the FBI and the Drug Enforcement Administration. The graphic declares that the site has been shut down.

“The seizures carried out today were preceded by extensive investigations that have been conducted by the BKA and the ZIT since August 2021 and in which several US authorities were involved,” authorities wrote in Tuesday’s statement.

Shaken, not stirred

A key service available on Hydra was the Bitcoin Bank Mixer, a service for obfuscating digital transactions so they’re harder for law enforcement to track. Hydra, according to blockchain analysis firm Elliptic, facilitated the laundering of some of the $7 billion in bitcoin stolen from the Bitfinex exchange in 2016. Elliptic also said the darknet site helped launder money the Dark Side ransomware group extorted in a hack of Colonial Pipeline last year.

Overall, Hydra has facilitated more than $5 billion in transactions, Elliptic said. The shuttering of the site leaves a tremendous vacuum in the cybercrime world, one that no doubt will be filled either by the same operators as they rebuild their empire or a new enterprising entrant.

“Overall, today’s actions are a significant success for law enforcement, demonstrating that cybercriminals operating within Russia and surrounding countries are not immune to enforcement action,” Elliptic researchers wrote. “Today’s news is likely to have a significant impact on the Russian cybercrime community, and law enforcement should be praised for such a notable success.”

https://arstechnica.com/?p=1846025