How a tip in Germany brought down Hydra, the impenetrable dark web criminal group
German police say shutting down the infamous site took months of cyber investigation.
“It gave us all goosebumps,” says Sebastian Zwiebel, describing the moment his team shut down Hydra, the world’s largest darknet marketplace.
The website was a stronghold of cybercrime and survived for more than six years by selling illegal drugs and products.
But after a tip-off, German police seized the site’s servers and seized 23 million euros ($25 million) in bitcoin.
“We’ve been working on this for months and when it finally happened it was a huge, really huge feeling,” says Zwiebel.
The police say that 17 million customers and more than 19,000 seller accounts they were registered at the market, which now carries a police seizure notice.
Hydra specialized in same-day “black box” services, in which drug dealers (vendors) hide packages in public places before informing customers of the pickup location.
Shortly after the German operation was announced, the US Treasury Department issued sanctions against Hydra “in a coordinated international effort to disrupt the proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site.”
Hydra was written in Russian and had services with multiple countries.
In the past six months, many high-profile darknet marketplaces have been shut down, but Hydra he was apparently immune to attempts by the police toget downit.
The website was launched in 2015 to sell drugs, pirated materials, forged documents, and illegal digital services like bitcoin mixing, which cybercriminals use to launder stolen or extorted cryptocurrencies.
The site was written in Russian, with sellers located in Russia, Ukraine, Belarus, Kazakhstan, and countries in the region.
Zwiebel notes that the operation to shut it down began with a tip pointing to the possibility that the website’s infrastructure could be hosted in Germany.
“We got some clues through monitoring darknet activity by US officials. So we started in July or August of last year to dig deeper and investigate this field,” he explains.
were necessary many months to locate which company could host Hydra in Germany.
It was eventually discovered that it was a company called “bulletproof” hosting.
A bulletproof hosting company is one that does not audit the websites or content it hosts, has no problem hosting criminal websites, and avoiding police requests for customer information.
The site now has a closure notice.
Zwiebel says his investigators then took their evidence to a German judge for permission to approach the server company and issue a closure notice.
The company was forced to comply, otherwise they too could have been arrested.
Visitors to the site are now greeted with a police banner that reads “platform and criminal content have been seized.”
While celebrating their success, German authorities say they fear This Is Not The End Of The Hydra Cybercrime Group, unless they can find and arrest them.
“We know that they will find another way to do business. They will probably try to build a new platform, and we will have to keep an eye on it. We don’t know the perpetrators, so that is the next step,” Zwiebel says.
The news comes during a turbulent time for darknet markets with some of the most prominent sites being shut down in recent months, either voluntarily or as a result of police activity.
Many of the closures come from criminals who choose to phase out their operations and disappear with their wealth.
In January, the administrators of UniCC, a dark web site that sells stolen credit card details, walked out citing health reasons.
Voluntary closures also ended the White House Market in October 2021, Cannazon in November, and Torrez in December.
However, a BBC investigation earlier this year revealed that the most common way darknet sites are shut down is through so-called “exit scams,” in which administrators voluntarily shut down sites but They steal their clients’ funds in the process.
Now you can receive notifications from BBC World. Download the new version of our appy activate them so you don’t miss our best content.
German police say shutting down the infamous site took months of cyber investigation.
“It gave us all goosebumps,” says Sebastian Zwiebel, describing the moment his team shut down Hydra, the world’s largest darknet marketplace.
The website was a stronghold of cybercrime and survived for more than six years by selling illegal drugs and products.
But after a tip-off, German police seized the site’s servers and seized 23 million euros ($25 million) in bitcoin.
“We’ve been working on this for months and when it finally happened it was a huge, really huge feeling,” says Zwiebel.
The police say that 17 million customers and more than 19,000 seller accounts they were registered at the market, which now carries a police seizure notice.
Hydra specialized in same-day “black box” services, in which drug dealers (vendors) hide packages in public places before informing customers of the pickup location.
Shortly after the German operation was announced, the US Treasury Department issued sanctions against Hydra “in a coordinated international effort to disrupt the proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site.”
Hydra was written in Russian and had services with multiple countries.
In the past six months, many high-profile darknet marketplaces have been shut down, but Hydra he was apparently immune to attempts by the police toget downit.
The website was launched in 2015 to sell drugs, pirated materials, forged documents, and illegal digital services like bitcoin mixing, which cybercriminals use to launder stolen or extorted cryptocurrencies.
The site was written in Russian, with sellers located in Russia, Ukraine, Belarus, Kazakhstan, and countries in the region.
Zwiebel notes that the operation to shut it down began with a tip pointing to the possibility that the website’s infrastructure could be hosted in Germany.
“We got some clues through monitoring darknet activity by US officials. So we started in July or August of last year to dig deeper and investigate this field,” he explains.
were necessary many months to locate which company could host Hydra in Germany.
It was eventually discovered that it was a company called “bulletproof” hosting.
A bulletproof hosting company is one that does not audit the websites or content it hosts, has no problem hosting criminal websites, and avoiding police requests for customer information.
The site now has a closure notice.
Zwiebel says his investigators then took their evidence to a German judge for permission to approach the server company and issue a closure notice.
The company was forced to comply, otherwise they too could have been arrested.
Visitors to the site are now greeted with a police banner that reads “platform and criminal content have been seized.”
While celebrating their success, German authorities say they fear This Is Not The End Of The Hydra Cybercrime Group, unless they can find and arrest them.
“We know that they will find another way to do business. They will probably try to build a new platform, and we will have to keep an eye on it. We don’t know the perpetrators, so that is the next step,” Zwiebel says.
The news comes during a turbulent time for darknet markets with some of the most prominent sites being shut down in recent months, either voluntarily or as a result of police activity.
Many of the closures come from criminals who choose to phase out their operations and disappear with their wealth.
In January, the administrators of UniCC, a dark web site that sells stolen credit card details, walked out citing health reasons.
Voluntary closures also ended the White House Market in October 2021, Cannazon in November, and Torrez in December.
However, a BBC investigation earlier this year revealed that the most common way darknet sites are shut down is through so-called “exit scams,” in which administrators voluntarily shut down sites but They steal their clients’ funds in the process.
Now you can receive notifications from BBC World. Download the new version of our appy activate them so you don’t miss our best content.
The National Administrative Department of Statistics (DANE) announced this Thursday the value of the Consumer Price Index (CPI) recorded during December 2024, as well as the last 12 months. How much was
Chivas del Guadalajara began their participation in the Clausura 2025 tournament of the Liga MX this Saturday with a 1-0 victory against Santos Laguna. The match marked the debut of the Spaniard
The Public Ministry has requested the Judiciary to increase to 18 months the extension of the preventive detention imposed on the former head of the Ministerial Cabinet, Betssy Chavezwho faces criminal proceedings
He Bank popular of China (BPC, central bank) will start on the 15th an issue of 60,000 million yuan (8,185 million dollars, 7,934 million euros) in bonusesthe largest that has been undertaken
The Uruguayan senator expresses his concern about the serious political crisis in Venezuela, just before the new inauguration of Nicolás Maduro. Senator Mario Bergara’s Perspective on the Venezuelan Crisis The senator Mario
