Bitcoin & Darknet 2022: Is OMG!OMG! The New Hydra?

by the Crystal analytics team

June 17, 2022

An insight into bitcoin & darknet dynamics in H2 2022 compared to 2020 and 2021. Is OMG!OMG! moving in to become the new Hydra Market?

Key Findings:

  • Hydra led about 80% of darknet activity until it was closed in April 2022 by OFAC
  • Crystal has observed some new substates for Hydra: OMG!OMG!, Blacksprut, and Mega
  • In May, OMG!OMG! moved to 60% of dark activity, Blacksprut to 22%, and Mega to 12%
  • Our partners at WhiteBIT provided key information to corroborate our investigations
  • Hydra’s affiliate forum has reportedly been sold to the highest bidder for USD $ 2 million
  • Darknet users are trying to keep their money and interactions inside the darknet
  • Dark market entities are increasingly avoiding cryptocurrency exchanges with KYC 
  • Darkweb users are going to crypto mixers more and more for their withdrawals
  • Bitcoin (BTC) continues to be the main digital asset used by entities on the darknet

Closure of Hydra & What’s Happened Since Then: A Brief Overview

Recent news of German authorities ordering the seizure of USD $25 million in bitcoin from the main Russian darknet market has shaken the cryptocurrency community. The German police noted that Hydra market’s privacy mixer gave them a lot of trouble while they investigated.

The German federal criminal police and the Frankfurt cybercrime office seized 543 BTC as they seized the site’s servers. Not long after the news broke out about the Hydra takeover, a new darknet spot appeared to be competing for first place. 

OMG!OMG!, and, to a lesser extent, Blacksprut and Mega, seem to be taking up the mantel for Hydra MarketPlace, as they provide many lucrative features in an appealing package to darknet merchants. OMG!OMG! has moved to 60% of dark activity, Blacksprut to 22%, and Mega to 12%.

In this report update, we examine the dynamics of darknet markets between January 2020 and May 2022 and offer valuable insights into key fund flow changes and interactions in this period. 

(See Crystal’s previous analytics reports from 2021, 2020, and 2019, for dynamics comparison)

The Darknet Asset of Choice: Still Bitcoin

The Darknet Asset of Choice: Still Bitcoin

Our analytics team observes that bitcoin remains the most used currency among darknet entities. Almost 100% of received and sent amounts by darknet entities in our dataset were made in bitcoin. For this reason, we focus our darknet analysis on bitcoin volumes transferred.

What changes have we observed in dark entity interactions using bitcoin since January 2020?

Darknet Entity Interaction Dynamics: January 2020 - May 2022
We can see here that there’s been stable darknet growth since January 2020 with a peak reached in October 2021. January and February 2022 are still more significant than the same period a year ago, but March and April 2022 had a substantial drop in overall dynamics compared to 2021. This shift may be related to the Russia-Ukraine war that began in February 2022 and, but is most likely related to the closure of Hydra MarketPlace by OFAC in April 2022.

The most significant part of the money sent to darknet entities belongs to darknet entities themselves. Darknet users reduced their external withdrawals and tried to use the funds inside the darknet. It was mainly Hydra’s internal transfers that caused this. The share of KYC exchanges declined, presumably due to verification avoiding and continuing regulations.

After the Hydra closure, the amount of money received from Darknet entities decreased to 11% in May 2022 due to the growth of amounts received from Exchanges without KYC. But we expect amounts to get back in Darknet internal usage after new dark marketplaces substitute Hydra.

Most of the money received from the darknet entities belongs to darknet entities themselves. Darknet users reduced their external withdrawals and tried to use the funds inside the darknet. It was Hydra internal transfers that mainly caused this. We also see a significant reduction in KYC exchange that can tell us about continuing regulations and effective compliance. We can observe a growth in mixers usage that help to hide traces of darknet fund origin.

Darknet Dynamics with Exchanges With KYC: January 2020 - May 2022
Same as previous seems to be related to regulations and enclosing all darknet money inside the darknet. Darknet users are avoiding VASPs with verification to be not disclosed or not to have their funds frozen because of their origin. 
Darknet Dynamics with Crypto Mixers: January 2020 - May 2022
Darknet users prefer to use mixers to withdraw money. The amount increased during the whole analyzed period, except 2022. The beginning of 2022 had greater amounts sent from Darknet entities to Mixers than a year ago. However, after January 2022 we observe a drop in transferred amounts. It could relate to both the geopolitical conflict and Hydra closure, as most Hydra funds were seized.
Darknet Entity Dynamics With Other Darknet Entities: January 2020 - May 2022
The usage of coins inside the darknet itself has constantly been growing. It looks like users prefer not to withdraw money out of the darknet itself – but to keep transacting within the darknet.

Key Darknet Player Dynamics: January 2020 - May 2022

During all analyzed periods the biggest share of all darknet activity belonged to Hydra MarketPlace. It held 80% of all activity, on average, between 2020 and 2022. After its closing in April, we’ve observed new key players on the market – the so-called: OMG!OMG! and Blacksprut.

Hydra closure and OFAC what happened?

On April 5, 2022, the US Justice Department announced the closure of Hydra Market – the largest online darknet marketplace, seizing crypto wallets containing USD $25 million worth of bitcoin.

“The Department of Justice will not allow darknet markets and cryptocurrency to be a safe haven for money laundering and the sale of hacking tools and services. Our message should be clear: we will continue to go after darknet markets and those who exploit them.” Deputy Attorney General Lisa O. Monaco for the US Dept. of Justice

Key Bitcoin Addresses & Their Darknet Interactions

In their research, Crystal’s analytics and investigations team checked through many withdrawal and destination addresses for both Hydra and OMG!OMG! There were a lot of examples where the team found the same addresses for both types of transfers, so they then chose a couple of the most interesting address examples to track and show on the charts we’ve created below. 

Two key bitcoin addresses we observed changing to new darknet channels this year:

Address #1: 

See Received Transfers From Hydra, OMG!OMG! & Mega Since January 2022

Address #2 

See Received Transfers From Hydra, OMG!OMG!, Blacksprut, & Mega Since January 2022

Both of the addresses have a significant number of deposits received from analyzed Darknet entities – from 80 to 1000 transfers per month. We see an obvious switching in where they receive their funds from – going from Hydra MarketPlace to OMG!OMG! and Blacksprut.

Overview of OMG!OMG! Darknet Marketplace  

OMG!OMG! is a new Russian marketplace focused on both Russians and overseas buyers. As the project is new, some items are not yet available, however for the most part it is a drug marketplace.

OMG!OMG! darknet marketplace started operating on January 20, 2021, according to Dark.Link, most likely taken from a mention on Rutor, the largest and most popular Russian language darknet forum on April 5, 2022. 

Crystal’s analysts have located earlier discussions dating back to OMG!OMG!’s operation almost a year beforehand, on September 24, 2020.

Is OMG!OMG! the Hydra Successor? 

OMG!OMG! is one potential replacement for Hydra. It has been discussed extensively on Russian language forums, although a lot of comments suggest that the site has problems and needs to be improved. Although not entirely certain, it is likely that OMG!OMG!’s owners have purchased the Hydra Darknet MarketPlace forum for a reported $2 million USD. 

This could be considered an undervalued price, as our estimates for Hydra’s revenue within a year is worth nearly $700 million USD. 

Users of the site praise the number and variety of stores on the marketplace, and given the high number, it is credible that Hydra merchants have re-established on OMG!OMG!. Our research has also shown many vendors from Hydra have reappeared on OMG!OMG!. 

There are also negative reviews of the site, which are mostly about frequent inaccessibility of the marketplace, the unstable and low pace of work, deposit failures, and stolen accounts. 

Press articles suggest that the poor user experience has tainted OMG!OMG!’s success, leading to more competition from another Darknet MarketPlace called ‘Mega’. 

Crypto-asset of Choice: Bitcoin 

OMG!OMG! is unusual in that it only supports BTC (bitcoin) as a method of payment at present.

WhiteBIT’s Investigation Into Hydra’s New Shopfront: OMG!OMG!

WhiteBIT’s Investigation Into Hydra’s New Shopfront: OMG!OMG!

At the end of March 2022, representatives of the AML and financial monitoring team from WhiteBIT reached out and shared the results of their internal investigation. It helped us mitigate other risks and immediately mark up other sources of illegal activity. 

“As WhiteBIT acts in compliance with the European Law and AML standards, we constantly, day and night, keep an eye on the risks of incoming and outgoing transactions. Above all, our task is to secure our clients’ assets and avoid any involvement of doubtful funds in the transactions with our users. Specifically,  we monitored all possible connections with “Hydra” and “Garantex”, because ongoing criminal procedures were initiated against these platforms, and in such cases, threat actors may use complicated schemes to double back the flow of transactions.  

We have noticed a new source of abnormal suspicious activity from the “OMG!OMG!” cluster and took rapid action to research and establish the origin of “OMG!OMG!” platform operations.  

During the investigation, the following facts were revealed: online stores and consumers began to massively migrate to this marketplace, and there were dozens of vacancies on different hiring platforms inviting candidates with experience working with “Hydra”. Furthermore, ordinary consumers and “employers” directly indicated on the forums that Hydra services have moved to a new marketplace. 

As soon as the “OMG!OMG!” connection to “Hydra” was identified, we notified our AML partner Crystal Blockchain about the suspicion that the dark marketplace “Hydra” did not cease to exist, but simply moved to a new hosting.”

WhiteBIT AML and Financial Team

Parallel Rise of Blacksprut and Mega

Blacksprut has been around since early 2021 but has only been getting real attention since the closure of Hydra. “At the moment, Blacksprut has over 1,100 active vendors, with thousands of users.” What we can see with Blacksprut, is that darknet development is getting more sophisticated in terms of its design, useability, and its functionality. Dark.Link

Mega, on the other hand, has been around since 2016. It currently has 2,600 sellers. The platform is quite outdated, which is likely why other platforms like Blacsprut are making a mark, but the fact that it has been around for 6+ years “earns you a reputation.” Dark.Link

Hydra Affiliate Forum Sold To The Highest Bidder?

“The loudest headline of recent days – [forum name] sold for two million dollars…” Lenta

Not long after the closure of Hydra in April 2022, there were several offers made to the founders to sell its affiliated forum according to relevant Telegram channels “citing their own sources.” This reported sale would be important to the darknet community, given their few spaces for communication, but also potentially for those monitoring darknet crimes, should there be a slip up in logistics in the handover. The forum database would also be relevant to both the new buyers and to those looking to take down the darknet, should a relevant mishap happen. 

According to analysts, the “two main contenders” to take over are OMG!OMG! or Mega. There are potentially billions at stake here for the new leader, and for the teams that take them down.

Source: Lenta

Bitcoin & Darknet Dynamics 2022: Conclusions & Predictions

The rapid ascent of new marketplaces OMG!OMG!, Blacksprut and Mega, to fill the void left by Hydra show the limitations of sanctions as a policy response to these activities; in many ways, though effective in the short term, they are not a lasting solution. Long term, we expect these replacements to continuously reconstitute despite intervention from governments. In many ways, it is like playing a fairground game; as soon as one appears and is struck, another rises. 

It is also worth noting that these sanctions are led by the United States, and cryptocurrency is very much international. Sanctions would only be applied by entities with US-facing operations or US dollar businesses. Instead, what is needed is an international response to these issues, that takes into consideration the international nature of the criminal act.  

What current sanctions processes are effective at doing is providing Virtual Asset Service Providers (VASPs) with a legal motive to act. Ultimately, however, they are not a solution to darknet marketplaces, or indeed any other illicit blockchain activity.  

In reality, these services will continue to exist as long as there is a need for what they provide, which is a far deeper question of the kinds of policies needed in place to combat the darknet.

For more information, to get a demo, or to get a report – get in touch with our expert team at [email protected]   

Disclaimer: Crystal aggregates data on blockchain entities related to transactional fund flows and direct and indirect wallet connections and sources of funds, along with any public forum mentions and other related mentions found. We do not collect or keep personal data related to any individual on the analytics platform. The information presented does not constitute legal advice. Crystal Blockchain B.V. accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Similar news...


by the Crystal compliance team

December 2, 2022

November 2022 Update on Crypto Regulatory Affairs

Chairman of Commodity Futures Trading Commission: Bitcoin is a commodity; what about Ethereum? What makes...

Read more

December 2, 2022


by the Crystal Analytics Team

November 30, 2022

UPDATED: Report on Crypto Donations Raised in Support of Ukraine

 This updated report from the Crystal analytics team outlines the surge and dynamics in crypto...

Read more

November 30, 2022


by the Crystal compliance team

November 17, 2022

ESMA warns crypto-assets industry about future crypto-crashes

Key highlights from ESMA’s report on crypto-assets and risks for financial stability  As we were...

Read more

November 17, 2022