Illegal Drug Trade Fuels $1.37B in Crypto Transactions at Russian Dark Site | Cybercrime
By John P. Mello Jr.
May 26, 2021 4:00 AM PT
A Russian-language dark web marketplace called Hydra that is known to facilitate the illegal sale of narcotics has seen cryptocurrency transactions soar over the last five years from US$9.4 million in 2016 to $1.37 billion in 2020.
According to a report released Tuesday by Flashpoint and Chainalysis, Hydra’s crypto business began accelerating in 2017 after its chief competitor, the Russian Anonymous Marketplace, known as RAMP, was shut down by Russian law enforcement authorities.
Also contributing to the escalation in transactions is the growing narcotics problem in Russia and the dearth of outlets for turning cryptocurrency into hard cash, explained Flashpoint team lead Vlad Cuiujuclu.
“Transferring crypto into fiat is not something widely available in Russia,” he told the E-Commerce Times.
What’s more, it’s safer to perform cryptocurrency transactions in a marketplace like Hydra than in other mainstream exchanges.
“Services that change cryptocurrency into fiat currency are being increasingly pressured by governments to examine the transactions that go through them and to put in place safeguards to ensure the money can be tracked back to an actual person,” noted Flashpoint Senior Analyst Andras Toth-Czifra.
“Services that offer cryptocurrency laundering are becoming more lucrative,” he told the E-Commerce Times.
Better Business Model
Hydra’s business model has proven to be popular with its clientele, the report noted. The marketplace acts as a host for sellers who can set up and run their narcotics shops on the site. Hydra makes its money by taking a cut of all transactions on the site.
The marketplace also provides valuable services to its customers. It provides greater anonymity that can be found elsewhere, as well as security and “professional quality” deliveries.
“They can help you convert cryptocurrency into fiat currency and will even deliver it to your doorstep,” Cuiujuclu said.
Hydra has also established direct suppliers in China, enabling it to build a reputation as a marketplace known for its large quantities of cheap synthetic drugs.
“Sites like Hydra provide an established market and established threat actors with reasonable cover from the authorities, and so it is exploding,” Garret Grajek, CEO of YouAttest, an identity auditing company in Irvine, Calif. told the E-Commerce Times.
The Flashpoint report noted that Hydra’s operators run a tight ship. Since 2018, the marketplace has imposed strict limitations on sellers, requiring that their cryptocurrency funds be withdrawn into Russian fiat currency via select regionally-operated exchanges and payment services.
Despite those limitations, Hydra seller accounts remain in high demand, Flashpoint reported. In fact, a new submarket has emerged created by cybercriminals willing to pay people with established seller accounts to gain direct access to the marketplace to circumvent Hydra’s withdrawal restrictions.
“It’s surprising how some of these cybercriminals resort to archaic methods to avoid the security measures and identification requirements of cryptocurrency exchanges,” Toth-Czifra said.
One such technique is called “Hidden Treasure,” where a buyer hires a courier, called a “kladman,” to bury cash underground in vacuum-sealed bags within specific agreed-upon locations for the sellers to dig up later.
Once the cash is secured in the hands of the seller, they complete the sale of the contraband by either burying it or shipping it out, as has been done historically.
The report added that as the Hidden Treasure workaround becomes more popular so, too, does the demand for kladmen, which has become a high-paying job. Recent employment ads offer the couriers $400 a day or $1,000 or more for a week’s work.
One reason Hydra has been able to thrive is that its operations have been largely ignored by the Russian government.
“Taking out a big criminal operation always carries the risk of violence and chaos,” Toth-Czifra explained. “One of founding myths of the present political system in Russia is that it saved the country from that kind of chaos in the 1990s so it’s a priority of the Russian government not to do anything that would create a vacuum that would lead to a violent struggle for positions.”
He added that it would not be surprising to find a link between government officials and organized crime in Russia. “Indeed, the longer Hydra continues its operations undisturbed, the more likely it is that there are such connections,” he said.
Grajek maintained that from an outsider perspective, the Russian government’s attitude seems far too lax. “We do not know what is going on behind the scenes,” he continued, “but they do not appear to be very concerned about shutting down these sites the way the West shut down ‘Silk Road.'”
“It appears there is little care about cybercrime generated within its borders, so long as the victims are from other countries,” added Erich Kron, the security awareness advocate at KnowBe4, a security awareness training provider in
“For this reason, as an added bit of insurance against accidentally crossing the government, some strains of malware will not execute on computers that are using a Cyrillic keyboard layout,” he told TechNewsWorld.
Allure of Cryptocurrency
Kron explained that cybercriminals use cryptocurrency because there’s little chance of them getting caught when they use it.
“In the world of tangible currency, when making an illicit purchase, physical money must be exchanged in-person for the item being purchased,” he said. “This type of transaction carries dangers unique to having to be physically present for the exchange, such as being robbed or being arrested by waiting for law enforcement.”
“It carries the additional risk of having to transport the purchased illicit goods from the meeting place to wherever the final destination is,” he added.
“Even online transactions using funds transfer services run a significant risk of having accounts frozen, funds seized and are often far less anonymous than cryptocurrency,” he continued.
“In contrast, cryptocurrency allows payments to happen and transactions to be completed without ever meeting the other party,” he said. “It tends to be somewhat anonymous and easy to launder through services, and allows sellers of illicit items to sell to people across the globe with very little risk and effort.”
However, cryptocurrency is volatile. Could a crash wipe out the cash of cybercriminals?
“I believe it’s here to stay,” observed Katherine Kirkpatrick an attorney with the global law firm of King & Spalding.
“You’re starting to look at serious institutional investors investing, or at least diversifying with it now,” she told the E-Commerce Times.
“This is no longer a fringe investment,” she continued. “This is no longer solely associated with criminals. A lot of legitimate businesses are using it.”