The crackdown on Hydra and crypto exchange Garantex follows recent sanctions against virtual currency exchanges SUEX and CHATEX, all of which, like Garantex, worked from the Federation Tower in Moscow, Russia.
In addition to penalizing Hydra, OFAC has found over 100 virtual currency addresses linked to the organization's illegal transactions.
Garantex is a virtual currency exchange established in late 2019 and initially registered in Estonia. It enables clients to buy and sell virtual currencies using fiat currencies. Most of Garantex's activities occur in Moscow, including at the Federation Tower, and in St. Petersburg, Russia, where other authorized virtual currency exchangers also operate. An examination of known Garantex transactions reveals that over $100 million worth of transactions are connected to illicit entities and darknet markets, including nearly $6 million from the Russian RaaS gang Conti, as well as about $2.6 million from Hydra. In February 2022, Garantex lost its license to offer virtual currency services after the Estonian Financial Intelligence Service identified significant AML/CFT deficiencies and uncovered ties between Garantex and wallets used for criminal activities. Despite losing the Estonian license, Garantex continues to provide services to customers in unethical ways.
Though most virtual currency transactions are lawful, virtual currencies can be exploited for illegal purposes, such as sanctions evasion through darknet markets, peer-to-peer exchanges, mixers, and exchanges. This encompasses facilitating ransomware schemes and other cybercrime. Some virtual currency exchanges are utilized by nefarious actors, while others, like Garantex, Suex, and Chatex, facilitate illegal activities for their own gain.
The US Department of the Treasury notes that Hydra was launched in 2015 and is the most well-known darknet market in Russia and the largest worldwide. Hydra's offerings include ransomware, hacking services and software, stolen personal information, counterfeit currency, stolen virtual currency, and illegal drugs.
Hydra was an online criminal marketplace that allowed users primarily from Russian-speaking countries to buy and sell illegal goods and services, including drugs, stolen financial information, fake identities, and money laundering and money-mixing services, anonymously and beyond the reach of the law. Transactions on Hydra were carried out in cryptocurrencies, and Hydra operators charged a fee for each transaction conducted on the platform.
Ann Milgram of the Drug Enforcement Administration (DEA) stated, “The Dark Web has been a major online marketplace for the sale of deadly drugs globally. The availability of illegal substances and the money laundering services provided by Hydra jeopardize public safety and health worldwide. Criminals on the dark web hide under the guise of anonymity, but the DEA and our global partners are monitoring them. We will continue to investigate, uncover, and take action against criminal networks wherever they operate.
“The darknet site Hydra provided a platform for criminals who thought they were out of reach of law enforcement to buy and sell illegal drugs and services,” said Jim Lee, head of IRS-Criminal Investigation. “Our cybercrime department once again used its cryptocurrency tracking expertise to help shut down this site and identify the perpetrator behind it.”
Hydra also featured numerous vendors selling fake IDs. Users could search for vendors that sell identification documents, such as US passports or driver’s licenses, and filter or sort by item price. Many sellers of fake IDs have offered to personalize documents based on photos or other information provided by buyers.
Numerous vendors also sold hacking tools and hacking services through Hydra. Hacker service providers typically offered illegal access to online accounts of the buyer’s choice. Thus, buyers could choose their victims and hire professional hackers to access victims’ messages and take over their accounts.
Hydra providers also offered a wide range of money laundering and so-called “cash out” services that allowed Hydra users to convert their bitcoin (BTC) into various forms of currency supported by Hydra’s wide range of providers. In addition, Hydra offered an internal mixing service to launder and then process withdrawals by providers. Mixing services allowed customers to send bitcoins to designated recipients for a fee in a way that obscures the source or owner of the bitcoins. Hydra’s money laundering features were so sought after that some users created shell provider accounts specifically to transfer money through Hydra Bitcoin wallets as a laundering method.
