In a win for global law enforcement, Germany’s Bundeskriminalamt (BKA) announced on April 5, 2022, that it had officially taken down the infrastructure of Hydra, a Russian-based, illegal dark-web marketplace that has allegedly facilitated more than $5 billion in Bitcoin transactions since its inception in 2015. In the process of shutting it down, German authorities seized over $25 million in Bitcoin through 88 transaction. According to BKA, it “secured the server infrastructure in Germany of the world’s largest illegal Darknet marketplace ‘Hydra Market.’”

BKA attributed the take down to a collaborative investigation between its Central Office for Combating Cybercrime and U.S. law enforcement authorities since August 2021.

According to BKA, Hydra had 17 million customers and over 19,000 seller accounts registered on its marketplace, and “was probably the illegal marketplace with the highest turnover worldwide.”

Following the takedown in Germany, the U.S. Department of Treasury (Treasury) Office for Foreign Assets Control (OFAC) followed up with sanctions against Hydra, which, according to Secretary of the Treasury, Janet Yellen, sends “a message today to criminals that you cannot hide on the darknet or their forums, and you cannot hide in Russia or anywhere else in the world.”

Treasury’s release states, “Countering ransomware is a top priority of the Administration. Today’s action supports the Administration’s counter-ransomware lines of effort to disrupt ransomware infrastructure and actors in close coordination with international partners” and calls out Russia as “a haven for cybercriminals.”

Therefore, Hydra was designated by OFAC “for being responsible for or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.”

Treasury further sanctioned virtual currency exchange Garantex, which is in Estonia but operating in Moscow and St. Petersburg, Russia. According to Treasury, more than $100 million in transactions over the exchange were associated with “illicit actors and darknet markets,” including Conti and Hydra.

Therefore, Treasury designated Garantex “for operating or having operated in the financial services sector of the Russian Federation economy” which “reinforces OFAC’s recent public guidance to further cut off avenues for potential sanctions evasion by Russia, in support of the G7 leaders’ commitment to maintain the effectiveness of economic measures.”

These actions by the Department of the Treasury send a strong message to cybercriminals that sanctions related to the war in Ukraine are rapidly spurring additional scrutiny and action by law enforcement against anyone associated with Putin or Russia.

For more on what these sanctions mean for U.S. individuals and businesses, click here.