A woman typing on a laptop on a train in New Jersey

What comes after Hydra, the darknet marketplace that changed everything?

Dina Temple-Raston of the “Click Here” podcast spoke with Niko Vorobyov, the Russian author of Dopeworld and Kim Grauer, director of research at Chainalysis and an expert in cryptocurrency economics and crime, about Hydra, its closure in April and who or what is likely to replace it.

For seven years, the Amazon.com of darknet marketplaces was a one-stop shop called Hydra. It started out as an online bazaar for illegal drugs, but

OMG!OMG! is one of the darknet markets fighting for primacy after the takedown fo Hydra.
OMG!OMG! is one of the darknet markets fighting for primacy after the takedown fo Hydra.Image from The Record.Media
ended up revolutionizing the way drug deals were done, and eventually grew into a billion-dollar business complete with codes of conduct, customer support and legal and medical services. It had just started branching out into financial services when German authorities shut its servers down in April.

The “Click Here” podcast spoke with Niko Vorobyov, the Russian author of Dopeworld and Kim Grauer, director of research at Chainalysis and an expert in cryptocurrency economics and crime, about Hydra, its closure in April and who or what is likely to replace it.
 
Click Here: To the uninitiated, what set Hydra apart from other darknet marketplaces like Silk Road or AlphaBay?
Niko Vorobyov: Hydra was such a huge monopoly. Even the dealers who are basically independent of Hydra, who are selling on their own channels, chances are they got their supply, or their supplier got their supply from someone who was on Hydra. Kim Grauer: It was by far the fastest growing darknet marketplace out there, and it was doing so much more than just selling drugs. It’s doing money laundering. It’s involved in ransomware attacks.
Niko, you’ve used Hydra to buy drugs… you said Hydra helped revolutionize the way illegal drugs were sold in Russia. Can you explain?
NV: So, I’m a narcotics connoisseur, of sorts. And one time there was me, this girl and these two other guys who were quite experienced with buying from Hydra. And what they do is they send coordinates that you can paste into your phone and you also get sent these pictures with like these terribly drawn arrows in Microsoft paint. And that shows you where exactly like which tree or which bench or which bin or which pipe they’ve hidden the stuff in. And then off you go.
So, it is like a treasure hunt?
NV: The packet is actually buried, like on a little bit under the tree. We didn’t bring any shovels or anything like that, that’d be too obvious. So instead we’re standing by this tree… picking up bits of dead wood around this and just digging frantically around this tree. It took us a while to dig — like five or ten minutes — and then we open it up to make sure it was the real deal, because sometimes there’s a risk that you find something and it’s actually like another package for someone else.
Because there are so many Hydra packages hidden, you can accidentally find the wrong thing?
NV: Totally. If you’re walking along a path or something in the park and you see some snow tracks going in an odd direction and you follow them, eventually you’re gonna find some drugs because like, this is the standard way of hiding drugs in Russia.
Some researchers say Hydra “professionalized” the darknet market by setting standards and becoming more of a one-stop shop… can you talk about that? What did they do differently?
KG: They do a lot of vetting, not anyone can join. You have to be a certain level of vendor in order to participate in Hydra. NV: The whole point is to isolate every bit of every stage of the supply chain. The customer doesn’t know the kladman [drug distributor] who doesn’t know their boss, their boss doesn’t know their supplier.KG: I think one of the biggest things that it offered was a Ruble-to-US dollar conversion point. That’s a huge benefit in the crypto space. Ransomware groups used Hydra a lot, not only to purchase software to carry out their attacks further, but to launder money.
Sort of like the Swiss bank of crypto?
KG: They also don’t ask a lot of questions at times about who the people are that they’re receiving funds from. They will take 5% or 10% as a fee, and that’s the price of not asking questions.I think these networks are really good at moving large quantities of money for high net worth individuals in a way that doesn’t attract international attention. I think people want to think about crypto crime and regular crime as very distinct and very different, but there are a lot of similarities, and darknet marketplaces really are just marketplaces for goods and services that also happen to be illegal.One of the things that happens with darknet marketplaces is as you get bigger, you become targeted by law enforcement for takedowns. Hydra knew that was happening. They’re so large that law enforcement was definitely licking their lips at the thought of taking them down. And they eventually did last Spring.
Hydra lasted a lot longer than most other darknet markets. But in April, German Federal Police seized Hydra servers, effectively shutting the organization down. Where does that demand go?
KG: Definitely there’s going to be something that takes its place. Whether it’s Hydra, I don’t know. But the demand is there and people will find a way to carry out these types of transactions. NV: There’s like three or four websites competing between each other for a monopoly. One of them was called OMG!OMG! There’s also been a resurgence of old school dealers doing hand-to-hand sales for those people who still have those contacts. This is mostly in small towns, not so much Moscow. KG: I think what you’re getting at is the whack-a-mole problem, which is present in darknet marketplaces, but also present in literally all crime. You put a cop on the corner of a hot street and then everyone moves to another street. So was it effective? To some degree, but it does cause this substitution effect in behavior.
Often ransomware gangs are shuttered one day and then reconstitute themselves a short time later. Will that happen here?
KG: One of the cool things about blockchain analysis is we can track that. So say you’re a vendor or a customer who buys and sells from Hydra. Because of the transparency of blockchains, we can see all of those transactions happening on the blockchain. So we can see, ‘Hey, this customer, they used to be purchasing from AlphaBay. Then they went to Dream Market. Now they’re on Hydra.’ We can see where they’re going next.The question of ‘is Hydra getting reconstituted’ is something that we’re also paying attention to, but I haven’t seen many signs of it as of yet. NV: This is gonna take a while to do. Hydra had doctors and lawyers on staff and whoever they had on their payroll, nobody really knows each other in real life. So I think it’ll eventually come back, but it’s going to take a while for all the relevant people to find each other in the wilds of the internet.

An earlier version of this story originally appeared in The Record.Media. There was additional reporting by Will Jarvis.

The interviews have been edited and condensed for clarity.

Related: Son of Conti: Ransomware tries its hand at politics

Less than .05% of listeners will donate. Can we count on you?

Our coverage reaches millions each week, but only a small fraction of listeners contribute to sustain our program. We still need 224 more people to donate $100 or $10/monthly to unlock our $67,000 match. Will you help us get there today?