OFAC Sanctions Hydra Following Law Enforcement Shutdown of the Darknet Market

Digital Currencies, OFAC, Sanctionsgracechurchfcp

Today is a big day in the fight against crypto crime. Following a joint operation involving several U.S. law enforcement agencies, Germany’s federal police shut down the Russia-based Hydra Market, the world’s largest darknet market by revenue. Later in the day, the Justice Department followed up by indicting one of Hydra’s key operators, and the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra, adding more than 100 of its cryptocurrency addresses to the SDN list as identifiers. Concurrently, OFAC also sanctioned a Russian cryptocurrency exchange Chainalysis has previously investigated for its role in money laundering: Garantex.

All of the addresses included in the OFAC designations as identifiers are now labeled in Chainalysis products, and they will trigger sanctions alerts for KYT customers who have their settings configured accordingly.

Below, we’ll break down the illicit activity of both businesses and share the addresses listed in OFAC’s designations of Hydra and Garantex.

What was Hydra?

Despite only serving users in Russian-speaking countries, Hydra has been by far the biggest darknet market operating for the last few years.

In 2021, Hydra received more than $1.7 billion worth of cryptocurrency, which accounts for over 75% of all darknet market revenue globally.

Hydra was famous for its sophisticated operations. These included an Uber-like system for arranging drug transactions with anonymous couriers, and a method for contactless cash-for-drugs transactions in which buyers could bury cash in out-of-the-way wooded areas for sellers to dig up later. Hydra had secrecy and security for darknet market transactions down to a science.

Both Hydra itself and its vendors also offered money laundering services, including a tightly-controlled and regimented infrastructure allowing vendors and other cybercriminals to convert cryptocurrency into Russian rubles using a few pre-approved services.

In fact, since 2020, Hydra received $645 million worth of cryptocurrency from illicit sources, including other darknet markets, wallets holding stolen funds, ransomware operators, and scammers — we believe much of this was due to Hydra’s money laundering services.

Given recent concerns over sanctions evasion using cryptocurrency, the shutdown and sanctioning of Hydra couldn’t have come at a better time, as the platform’s money laundering services could’ve potentially proven useful for sanctioned entities and individuals in Russia. In addition to those actions, the Justice Department also indicted a Russian national named Dmitry Olegovich Pavlov, charging him with conspiracy to distribute narcotics and conspiracy to commit money laundering for his role in administering Hydra. Since 2015, Pavlov provided web hosting services to Hydra through his company Promservices Ltd., making him key to the market’s ability to operate.

Thinking beyond the sanctions implications, the removal of one of the largest illicit services on the dark web represents a huge win for both law enforcement and the cryptocurrency industry as a whole.

What is Garantex?

Garantex is a large cryptocurrency exchange based in Russia that we’ve discussed previously in our research due to its role in money laundering. In fact, Garantex is the biggest service we covered in our 2022 Crypto Crime Report section on money laundering carried out by cryptocurrency businesses headed in Moscow City, the financial center of Russia.

Between 2019 and 2021, we found that 31% of all funds sent to Garantex — over $645 million worth of cryptocurrency — came from addresses connected to crime or hosted by high-risk services like mixers and low-KYC exchanges. That figure includes over $50 million from scams like Finiko, over $60 million from darknet markets like Hydra, and over $10 million from ransomware strains like NetWalker.

Services like Garantex make cryptocurrency-based crime profitable by giving cybercriminals a way to exchange illicitly obtained cryptocurrency for cash, and like Hydra, also represented a possible avenue for sanctions evasion by designated Russian entities. We commend OFAC for its designation of Garantex, and consequently preventing compliant cryptocurrency businesses from doing business with the exchange.

Article credit: https://blog.chainalysis.com/reports/hydra-garantex-ofac-sanctions-russia/