Today is a big day in the fight against crypto crime. Following a joint operation involving several U.S. law enforcement agencies, Germany’s federal police shut down the Russia-based Hydra Market, the world’s largest darknet market by revenue. Later in the day, the Justice Department followed up by indicting one of Hydra’s key operators, and the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra, adding more than 100 of its cryptocurrency addresses to the SDN list as identifiers. Concurrently, OFAC also sanctioned a Russian cryptocurrency exchange Chainalysis has previously investigated for its role in money laundering: Garantex.
All of the addresses included in the OFAC designations as identifiers are now labeled in Chainalysis products, and they will trigger sanctions alerts for KYT customers who have their settings configured accordingly.
Below, we’ll break down the illicit activity of both businesses and share the addresses listed in OFAC’s designations of Hydra and Garantex.
What was Hydra?
Despite only serving users in Russian-speaking countries, Hydra has been by far the biggest darknet market operating for the last few years.
In 2021, Hydra received more than $1.7 billion worth of cryptocurrency, which accounts for over 75% of all darknet market revenue globally.
Hydra was famous for its sophisticated operations. These included an Uber-like system for arranging drug transactions with anonymous couriers, and a method for contactless cash-for-drugs transactions in which buyers could bury cash in out-of-the-way wooded areas for sellers to dig up later. Hydra had secrecy and security for darknet market transactions down to a science.
Both Hydra itself and its vendors also offered money laundering services, including a tightly-controlled and regimented infrastructure allowing vendors and other cybercriminals to convert cryptocurrency into Russian rubles using a few pre-approved services.
Example of a vendor listing for a money laundering service on Hydra
In fact, since 2020, Hydra received $645 million worth of cryptocurrency from illicit sources, including other darknet markets, wallets holding stolen funds, ransomware operators, and scammers — we believe much of this was due to Hydra’s money laundering services.
Given recent concerns over sanctions evasion using cryptocurrency, the shutdown and sanctioning of Hydra couldn’t have come at a better time, as the platform’s money laundering services could’ve potentially proven useful for sanctioned entities and individuals in Russia. In addition to those actions, the Justice Department also indicted a Russian national named Dmitry Olegovich Pavlov, charging him with conspiracy to distribute narcotics and conspiracy to commit money laundering for his role in administering Hydra. Since 2015, Pavlov provided web hosting services to Hydra through his company Promservices Ltd., making him key to the market’s ability to operate.
Thinking beyond the sanctions implications, the removal of one of the largest illicit services on the dark web represents a huge win for both law enforcement and the cryptocurrency industry as a whole.
What is Garantex?
Garantex is a large cryptocurrency exchange based in Russia that we’ve discussed previously in our research due to its role in money laundering. In fact, Garantex is the biggest service we covered in our 2022 Crypto Crime Report section on money laundering carried out by cryptocurrency businesses headed in Moscow City, the financial center of Russia.
Between 2019 and 2021, we found that 31% of all funds sent to Garantex — over $645 million worth of cryptocurrency — came from addresses connected to crime or hosted by high-risk services like mixers and low-KYC exchanges. That figure includes over $50 million from scams like Finiko, over $60 million from darknet markets like Hydra, and over $10 million from ransomware strains like NetWalker.
Services like Garantex make cryptocurrency-based crime profitable by giving cybercriminals a way to exchange illicitly obtained cryptocurrency for cash, and like Hydra, also represented a possible avenue for sanctions evasion by designated Russian entities. We commend OFAC for its designation of Garantex, and consequently preventing compliant cryptocurrency businesses from doing business with the exchange.
Start screening for sanctions today for free with Chainalysis
Given the sanctions situation in Russia following the invasion of Ukraine, as well as the growing number of cryptocurrency addresses attached to sanctioned individuals and entities on OFAC’s SDN list, there is a need for cryptocurrency businesses to be more cognizant of sanctions than ever. That’s why today is the perfect day to announce that our free API for sanctions screening is available now. The API allows you to automatically check if an address has been included in a sanctions designation before allowing it to connect with your service. Our on-chain sanctions screening oracle is also available here. You can read our initial announcement blog to learn more about these free sanctions screening tools.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making investment decisions.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.