Contents:
According to new research published by Flashpoint analysts, Hydra marketplace has revealed increasing transaction volumes and a booming cryptocurrency ecosystem.
The Russian dark web marketplace, mainly known for its illicit, high-traffic narcotics market, is now conducting illegal sales of stolen credit cards, SIM cards, counterfeit documents, and IDs, as well as covering its own digital transactions through regional exchanges and extended money laundering tactics.
Image Source: Flashpoint
Cybercriminals often use cryptocurrency in underground marketplaces to maintain a level of anonymity and buy goods and launder proceeds, like funds obtained through theft, illegal sales, or ransomware payouts.
Unlike other dark web marketplaces that encourage cybercriminal sellers, Hydra does quite the opposite. According to Flashpoint Intelligence, since at least July 2018, Hydra operators have imposed strict controls on its sellers:
- Sellers are required to complete 50 or more sales transactions, and maintain an eWallet account balance of at least $10,000 to enable withdrawals;
- Sellers must convert their Hydra earnings into Russian fiat currency, but also face similarly tight constraints with the payment services and exchanges they are permitted to use to do the cryptocurrency conversion.
Chainalysis deems many “high-risk” when it comes to the cryptocurrency exchanges handling transactions to and from Hydra, as they do not enforce Know Your Customer (KYC) regulations. The majority are based in Russia and only a small percentage of transactions are funneled through cryptocurrency platforms associated with legitimate trading.
Image Source: Flashpoint
According to the report, more than 1,000 unique deposit addresses and transactions upwards of $7 million, thought to be linked to Hydra, have been recorded.
Sellers seeking to withdraw their illegal sales proceeds must first convert the funds into accepted “fiat” through exchange services and electronic wallets, which are strictly limited to Russian rubles. Sellers face similarly heavy restrictions imposed on their eWallets, permitting only Russian-owned or approved payment providers, like Qiwi or Yandex Money.
Hydra sellers would not be able to withdraw the funds that they (illicitly) amassed themselves from their completed sales if they don’t yet have at least 50 total sales transactions or if their eWallet balance totals remain under USD-equivalent $10,000, whether or not they hit the 50-transaction mark.
Source: Flashpoint
Due to these restrictions, some threat actors have begun selling options and techniques that bypass controls in listings on illegal marketplaces outside of Hydra.
Taking into consideration the sustained and continued escalation of Hydra, as well as its clandestine approach to operations and financial controls, researchers address some important considerations for security, risk, and fraud teams.
- Money laundering trails to Hydra are difficult, near impossible, to trace.
- Hydra’s expansion to other illicit trades may endanger more industry sectors.
- The longer Hydra runs unscathed, the more apparent its regional influence.