Hydra, the world’s biggest cybercrime forum, shut down in police sting

Enlarge / The laundering of stolen cryptocurrencies was a key service offered by Hydra.

Hydra, the world’s largest cybercrime forum, is no more. Authorities in Germany have seized servers and other infrastructure used by the sprawling billion-dollar company along with a stash of around $25 million in bitcoin.

Hydra had been operating since at least 2015 and had seen a meteoric rise ever since. In 2020, it had annual revenue of more than $1.37 billion, according to a 2021 report published jointly by security firm Flashpoint and blockchain analytics firm Chainalysis. In 2016, the companies said Hydra had revenue of just $9.4 million. German authorities said the site had 17 million customers and more than 19,000 registered seller accounts.

Cybercrime Bazaar

Available exclusively through the Tor network, Hydra was a bazaar dealing in the sale of narcotics, fake documents, cryptocurrency laundering services, and other digital goods. Flashpoint and Chainalysis identified 11 major operators, but said the market was so large that it probably had “several dozen people, with clearly delineated responsibilities.”

In a post published Tuesday, Germany’s Central Office for Combating Cybercrime (known as ZIT) and the Federal Criminal Police Office (BKA) said they seized Hydra’s server infrastructure and 543 bitcoins, worth approximately $25 million.

People trying to visit the site are unable to access any of the previously available pages or resources. Instead, they see the graphic below with the seals of various law enforcement agencies, including the FBI and the Drug Enforcement Administration. The graphic declares that the site has been shut down.


“The seizures made today were preceded by extensive investigations conducted by the BKA and the ZIT since August 2021 and involving multiple US authorities,” authorities wrote in Tuesday’s statement.

shaken not stirred

A key service available on Hydra was Bitcoin Bank Mixer, a service to obfuscate digital transactions to make them more difficult for law enforcement to trace. Hydra, according to blockchain analytics firm Elliptic, facilitated the laundering of some of the $7 billion in bitcoin stolen from the Bitfinex exchange in 2016. Elliptic also said the darknet site helped launder money the ransomware group Dark Side extorted in a Colonial Pipeline hack last year.

Overall, Hydra has facilitated more than $5 billion in transactions, Elliptic said. The closure of the site leaves a tremendous void in the world of cybercrime, one that will no doubt be filled by the operators themselves as they rebuild their empire or by an enterprising new entrant.

“Overall, today’s actions are a significant success for law enforcement, demonstrating that cybercriminals operating within Russia and neighboring countries are not immune from enforcement actions,” the Elliptic researchers wrote. “Today’s news is likely to have a significant impact on the Russian cybercrime community, and law enforcement is to be commended for such a remarkable success.”

Leave a Comment