The April 2022, seizure of a series of servers and cryptocurrency wallets containing approximately $25 million worth of bitcoin in Germany by the German Federal Criminal Police (the Bundeskriminalamt), in coordination with the U.S. Federal Bureau of Investigation (FBI), was an historical event in the annals of law enforcement. Known as the Hydra Takedown event, it was a well-orchestrated multinational cooperation event aimed at making online transactions safer for Internet users around the world, including sports fans buying tickets, memorabilia, and non-fungible tokens (NFTs).
The Infrastructure
Hydra was a Darknet marketplace with around 17 million customers and over 19,000 affiliate seller accounts registered on the market. It was a Russian-language Darknet platform that had been accessible via the Tor network since at least 2015. In particular, the Bitcoin Bank Mixer, a service for obfuscating digital transactions provided by the platform, made crypto investigations extremely difficult for law enforcement agencies. In 2021, Hydra accounted for an estimated 80% of all Darknet market-related cryptocurrency transactions, and since 2015, the marketplace has received approximately $5.2 billion in cryptocurrency.
Their focus was on the trading of illicit narcotics, stolen data, false identification documents, stolen financial information, and hacker services and tools. This robust market was facilitated by the cryptocurrency mixing service designed to obfuscate the origin of wallets associated with their customers and affiliates. Transactions on Hydra were conducted in cryptocurrency and Hydra’s operators charged a commission for every transaction conducted on Hydra.
The Operator
In conjunction with the shutdown of Hydra, the FBI announced criminal charges against Dmitry Olegovich Pavlov, 30, a resident of Russia, for conspiracy to distribute narcotics and conspiracy to commit money laundering, in connection with his operation and administration of the servers used to run Hydra. An April 16, 2022, a Bitcoin.com article by Lubomir Tassev reported that Pavlov had been arrested in Russia.
Starting in or about November 2015, Pavlov is alleged to have operated a company, Promservice Ltd., also known as Hosting Company Full Drive, All Wheel Drive and 4x4host.ru, that administered Hydra’s servers (Promservice). During that time, Pavlov, through his company Promservice, administered Hydra’s servers, which allowed the market to operate.
As an active administrator in hosting Hydra’s servers, Pavlov allegedly conspired with the other operators of Hydra to further the site’s success by providing the critical infrastructure that allowed Hydra to operate and thrive in a competitive Darknet market environment. In doing so, Pavlov is alleged to have facilitated Hydra’s activities and allowed Hydra to reap commissions worth millions of dollars generated from the illicit sales conducted through the site.
The Merchandise
According to the FBI press release, “Hydra vendors offered a variety of illicit drugs for sale, including cocaine, methamphetamine, LSD, heroin and other opioids. The vendors openly advertised their drugs on Hydra, typically including photographs and a description of the controlled substance. Buyers rated the sellers and their products on a five-star rating system, and the vendors’ ratings and reviews were prominently displayed on the Hydra site.”
The FBI press release offered even more insight into the details of the investigation. For example, with respect to the falsified identification documents services “users could search for vendors selling their desired type of identification document – for example, U.S. passports or drivers’ licenses – and filter or sort by the item’s price. Many vendors of false identification documents offered to customize the documents based on photographs or other information provided by the buyers.”
Similarly, the press release noted that “numerous vendors also sold hacking tools and hacking services through Hydra. Hacking vendors commonly offered to illegally access online accounts of the buyer’s choosing. In this way, buyers could select their victims and hire professional hackers to gain access to the victims’ communications and take over the victims’ accounts.”
Hydra vendors also offered an array of money laundering and “cash-out” services. This allowed Hydra users to convert their bitcoin (BTC) into a variety of forms of currency supported by Hydra’s wide array of vendors and affiliates. Mixing services allowed customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin.
Hydra’s money laundering features were so in-demand that some users would set up shell vendor accounts for the express purpose of running money through Hydra’s bitcoin wallets as a laundering technique.
A recent blog article by cryptocurrency “know your customer/anti-money laundering” (KYC/AML) research firm, Crystal Blockchain B.V., provided evidence of the transfer of BTC through illicit wallets.
The Sports Industry Implications
Why is this important to sports fans?
Sports is an industry sector that generates billions of dollars around the world in support of the games, athletes, teams and leagues and the merchandizing surrounding the games. It generates loyalty and enthusiasm among the fan base which can also lead users to be vulnerable to phishing and hacking attempts by initial access brokers and others seeking to capitalize on the fan base. Darknet markets that facilitate the transfer of data about the identities of fans, exchange of stolen NFTs, and trafficking of illegal drugs reduce the safety of the games and the security of the events.
Global events, such as the upcoming FIFA 2022 Men’s World Cup to be held in Doha, Qatar are particularly important given the widely popular following of the teams in the Championship, and the increase in network traffic before, during and after the various events.
Threat actors, including those from the now defunct Hydra network are already laying down their malicious infrastructure to ensnare unsuspecting fans into a web of treachery, aimed at exploiting the victims and enriching the perpetrators. Country-based law enforcement agencies that work to disassemble the malicious infrastructure that facilitates theft and fraud are a benefit of a civilization that uses fair competition on a sports field to adjudicate standing. For those not playing by the rules of modern civilized nations; those that attempt to use guns and violence as a means to assert national power, this notion of fair play is counterintuitive. The Russian national team has been banned because of the ongoing disputes regarding doping of athletes. This mirrors the now obvious blundering “special military operation” being poorly executed in the Ukraine by Russia.
The convergence of the Hydra Takedown with the sanctions against Russia’s oligarchs and institutions, coupled with the banishment of Russian teams from the FIFA events only substantiates the global position that athletes within the Russian sphere of influence have no standing on the world stage.
Let the criminals and fraudsters squirm without a platform for laundering their money and selling their merchandise. And the games continue without them.