Recent news of German authorities ordering the seizure of USD $25 million in bitcoin from the main Russian darknet market has shaken the cryptocurrency community. The German police noted that Hydra market’s privacy mixer gave them a lot of trouble while they investigated.
The German federal criminal police and the Frankfurt cybercrime office seized 543 BTC as they seized the site’s servers. Not long after the news broke out about the Hydra takeover, a new darknet spot appeared to be competing for first place.
OMG!OMG!, and, to a lesser extent, Blacksprut and Mega, seem to be taking up the mantel for Hydra MarketPlace, as they provide many lucrative features in an appealing package to darknet merchants. OMG!OMG! has moved to 60% of dark activity, Blacksprut to 22%, and Mega to 12%.
In this report update, we examine the dynamics of darknet markets between January 2020 and May 2022 and offer valuable insights into key fund flow changes and interactions in this period.
Our analytics team observes that bitcoin remains the most used currency among darknet entities. Almost 100% of received and sent amounts by darknet entities in our dataset were made in bitcoin. For this reason, we focus our darknet analysis on bitcoin volumes transferred.
What changes have we observed in dark entity interactions using bitcoin since January 2020?
The most significant part of the money sent to darknet entities belongs to darknet entities themselves. Darknet users reduced their external withdrawals and tried to use the funds inside the darknet. It was mainly Hydra’s internal transfers that caused this. The share of KYC exchanges declined, presumably due to verification avoiding and continuing regulations.
After the Hydra closure, the amount of money received from Darknet entities decreased to 11% in May 2022 due to the growth of amounts received from Exchanges without KYC. But we expect amounts to get back in Darknet internal usage after new dark marketplaces substitute Hydra.
Most of the money received from the darknet entities belongs to darknet entities themselves. Darknet users reduced their external withdrawals and tried to use the funds inside the darknet. It was Hydra internal transfers that mainly caused this. We also see a significant reduction in KYC exchange that can tell us about continuing regulations and effective compliance. We can observe a growth in mixers usage that help to hide traces of darknet fund origin.
During all analyzed periods the biggest share of all darknet activity belonged to Hydra MarketPlace. It held 80% of all activity, on average, between 2020 and 2022. After its closing in April, we’ve observed new key players on the market – the so-called: OMG!OMG! and Blacksprut.
On April 5, 2022, the US Justice Department announced the closure of Hydra Market – the largest online darknet marketplace, seizing crypto wallets containing USD $25 million worth of bitcoin.
“The Department of Justice will not allow darknet markets and cryptocurrency to be a safe haven for money laundering and the sale of hacking tools and services. Our message should be clear: we will continue to go after darknet markets and those who exploit them.” Deputy Attorney General Lisa O. Monaco for the US Dept. of Justice
In their research, Crystal’s analytics and investigations team checked through many withdrawal and destination addresses for both Hydra and OMG!OMG! There were a lot of examples where the team found the same addresses for both types of transfers, so they then chose a couple of the most interesting address examples to track and show on the charts we’ve created below.
Two key bitcoin addresses we observed changing to new darknet channels this year:
See Received Transfers From Hydra, OMG!OMG! & Mega Since January 2022
See Received Transfers From Hydra, OMG!OMG!, Blacksprut, & Mega Since January 2022
Both of the addresses have a significant number of deposits received from analyzed Darknet entities – from 80 to 1000 transfers per month. We see an obvious switching in where they receive their funds from – going from Hydra MarketPlace to OMG!OMG! and Blacksprut.
OMG!OMG! is a new Russian marketplace focused on both Russians and overseas buyers. As the project is new, some items are not yet available, however for the most part it is a drug marketplace.
OMG!OMG! darknet marketplace started operating on January 20, 2021, according to Dark.Link, most likely taken from a mention on Rutor, the largest and most popular Russian language darknet forum on April 5, 2022.
Crystal’s analysts have located earlier discussions dating back to OMG!OMG!’s operation almost a year beforehand, on September 24, 2020.
OMG!OMG! is one potential replacement for Hydra. It has been discussed extensively on Russian language forums, although a lot of comments suggest that the site has problems and needs to be improved. Although not entirely certain, it is likely that OMG!OMG!’s owners have purchased the Hydra Darknet MarketPlace forum for a reported $2 million USD.
This could be considered an undervalued price, as our estimates for Hydra’s revenue within a year is worth nearly $700 million USD.
Users of the site praise the number and variety of stores on the marketplace, and given the high number, it is credible that Hydra merchants have re-established on OMG!OMG!. Our research has also shown many vendors from Hydra have reappeared on OMG!OMG!.
There are also negative reviews of the site, which are mostly about frequent inaccessibility of the marketplace, the unstable and low pace of work, deposit failures, and stolen accounts.
Press articles suggest that the poor user experience has tainted OMG!OMG!’s success, leading to more competition from another Darknet MarketPlace called ‘Mega’.
OMG!OMG! is unusual in that it only supports BTC (bitcoin) as a method of payment at present.
At the end of March 2022, representatives of the AML and financial monitoring team from WhiteBIT reached out and shared the results of their internal investigation. It helped us mitigate other risks and immediately mark up other sources of illegal activity.
“As WhiteBIT acts in compliance with the European Law and AML standards, we constantly, day and night, keep an eye on the risks of incoming and outgoing transactions. Above all, our task is to secure our clients’ assets and avoid any involvement of doubtful funds in the transactions with our users. Specifically, we monitored all possible connections with “Hydra” and “Garantex”, because ongoing criminal procedures were initiated against these platforms, and in such cases, threat actors may use complicated schemes to double back the flow of transactions.
We have noticed a new source of abnormal suspicious activity from the “OMG!OMG!” cluster and took rapid action to research and establish the origin of “OMG!OMG!” platform operations.
During the investigation, the following facts were revealed: online stores and consumers began to massively migrate to this marketplace, and there were dozens of vacancies on different hiring platforms inviting candidates with experience working with “Hydra”. Furthermore, ordinary consumers and “employers” directly indicated on the forums that Hydra services have moved to a new marketplace.
As soon as the “OMG!OMG!” connection to “Hydra” was identified, we notified our AML partner Crystal Blockchain about the suspicion that the dark marketplace “Hydra” did not cease to exist, but simply moved to a new hosting.”
WhiteBIT AML and Financial Team
Blacksprut has been around since early 2021 but has only been getting real attention since the closure of Hydra. “At the moment, Blacksprut has over 1,100 active vendors, with thousands of users.” What we can see with Blacksprut, is that darknet development is getting more sophisticated in terms of its design, useability, and its functionality. Dark.Link
Mega, on the other hand, has been around since 2016. It currently has 2,600 sellers. The platform is quite outdated, which is likely why other platforms like Blacsprut are making a mark, but the fact that it has been around for 6+ years “earns you a reputation.” Dark.Link
“The loudest headline of recent days – [forum name] sold for two million dollars…” Lenta
Not long after the closure of Hydra in April 2022, there were several offers made to the founders to sell its affiliated forum according to relevant Telegram channels “citing their own sources.” This reported sale would be important to the darknet community, given their few spaces for communication, but also potentially for those monitoring darknet crimes, should there be a slip up in logistics in the handover. The forum database would also be relevant to both the new buyers and to those looking to take down the darknet, should a relevant mishap happen.
According to analysts, the “two main contenders” to take over are OMG!OMG! or Mega. There are potentially billions at stake here for the new leader, and for the teams that take them down.
The rapid ascent of new marketplaces OMG!OMG!, Blacksprut and Mega, to fill the void left by Hydra show the limitations of sanctions as a policy response to these activities; in many ways, though effective in the short term, they are not a lasting solution. Long term, we expect these replacements to continuously reconstitute despite intervention from governments. In many ways, it is like playing a fairground game; as soon as one appears and is struck, another rises.
It is also worth noting that these sanctions are led by the United States, and cryptocurrency is very much international. Sanctions would only be applied by entities with US-facing operations or US dollar businesses. Instead, what is needed is an international response to these issues, that takes into consideration the international nature of the criminal act.
What current sanctions processes are effective at doing is providing Virtual Asset Service Providers (VASPs) with a legal motive to act. Ultimately, however, they are not a solution to darknet marketplaces, or indeed any other illicit blockchain activity.
In reality, these services will continue to exist as long as there is a need for what they provide, which is a far deeper question of the kinds of policies needed in place to combat the darknet.
For more information, to get a demo, or to get a report – get in touch with our expert team at [email protected]
Disclaimer: Crystal aggregates data on blockchain entities related to transactional fund flows and direct and indirect wallet connections and sources of funds, along with any public forum mentions and other related mentions found. We do not collect or keep personal data related to any individual on the analytics platform. The information presented does not constitute legal advice. Crystal Blockchain B.V. accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.