The action against Hydra and crypto exchange Garantex builds on recent sanctions against virtual currency exchanges SUEX and CHATEX, both of which, like Garantex, operated from the Federation Tower in Moscow, Russia.
In addition to the Hydra sanctions, OFAC has identified more than 100 virtual currency addresses associated with the organization’s operations that were used to conduct illegal transactions.
Garantex is a virtual currency exchange founded at the end of 2019 and originally registered in Estonia. Garantex allows customers to buy and sell virtual currencies using fiat currencies. The majority of Garantex’s operations take place in Moscow, including at the Federation Tower, and in St. Petersburg, Russia, where other authorized virtual currency exchangers also operate. An analysis of known Garantex transactions shows that more than $100 million worth of transactions are linked to illegal entities and darknet markets, including almost $6 million from the Russian RaaS gang Conti, as well as about $2.6 million from Hydra. In February 2022, Garantex lost its license to provide virtual currency services after oversight by the Estonian Financial Intelligence Service revealed critical AML/CFT deficiencies and discovered links between Garantex and wallets used for criminal activities. The Estonian authorities coordinated closely with the Ministry of Finance during this process. Despite the loss of the Estonian license to provide virtual currency services following an investigation by the Estonian Financial Intelligence Service, Garantex continues to provide services to customers in unscrupulous ways.
While most virtual currency transactions are legal, virtual currencies can be used for illegal activities, including sanctions evasion through darknet markets, peer-to-peer exchanges, mixers, and exchanges. This includes facilitating ransomware schemes and other cybercrime. Some virtual currency exchanges are used by malicious actors, but others, as in the case of Garantex, Suex, and Chatex, facilitate illicit activities for their own benefit.
The US Department of the Treasury recalls that Hydra was launched in 2015 and is the most famous darknet market in Russia and the largest darknet market in the world. Hydra’s offerings include ransomware, hacking services and software, stolen personal information, counterfeit currency, stolen virtual currency, and illegal drugs.
Hydra was an online criminal marketplace that allowed users primarily from Russian-speaking countries to buy and sell illegal goods and services, including drugs, stolen financial information, fake identities, and money laundering and money-mixing services, anonymously and out of reach. law. law enforcement. Transactions on Hydra were conducted in cryptocurrencies, and Hydra operators charged a fee for each transaction conducted on Hydra.
“The Dark Web has been a key online marketplace for the sale of lethal drugs around the world,” said Ann Milgram of the Drug Enforcement Administration (DEA). “The availability of illegal substances and the money laundering services offered by Hydra threaten public safety and health everywhere. Criminals on the dark web hide behind the illusion of anonymity, but the DEA and our partners around the world are watching them. We will continue to investigate, expose and take action against criminal networks wherever they operate.
“The darknet site Hydra provided a platform for criminals who thought they were out of reach of law enforcement to buy and sell illegal drugs and services,” said Jim Lee, head of IRS-Criminal Investigation. “Our cybercrime department once again used its cryptocurrency tracking expertise to help shut down this site and identify the perpetrator behind it.”
Hydra also featured numerous vendors selling fake IDs. Users could search for vendors that sell identification documents, such as US passports or driver’s licenses, and filter or sort by item price. Many sellers of fake IDs have offered to personalize documents based on photos or other information provided by buyers.
Numerous vendors also sold hacking tools and hacking services through Hydra. Hacker service providers typically offered illegal access to online accounts of the buyer’s choice. Thus, buyers could choose their victims and hire professional hackers to access victims’ messages and take over their accounts.
Hydra providers also offered a wide range of money laundering and so-called “cash out” services that allowed Hydra users to convert their bitcoin (BTC) into various forms of currency supported by Hydra’s wide range of providers. In addition, Hydra offered an internal mixing service to launder and then process withdrawals by providers. Mixing services allowed customers to send bitcoins to designated recipients for a fee in a way that obscures the source or owner of the bitcoins. Hydra’s money laundering features were so sought after that some users created shell provider accounts specifically to transfer money through Hydra Bitcoin wallets as a laundering method.