FBI, IRS, DEA and SF Prosecutors Shut Down Multi-billion-dollar ‘Hydra’ Cryptocurrency in Darknet

The defendant’s organization – and the international criminal enterprise it ran – sound like the plot of a James Bond movie.

In a stunning announcement this week, Attorney General Merrick Garland revealed that the U.S. Attorney’s Office in San Francisco is leading the prosecution of a Russia-based mastermind accused of running Hydra, the world’s largest and longest-running illegal 'darknet' crptocurrency market, which federal agencies say they have put out of business.

In 2021, Hydra Market ccounted for an estimated 80% of all darknet market-related cryptocurrency transactions, and since 2015, the marketplace has received approximately $5.2 billion in cryptocurrency, according to federal prosecutors.

The seizure of the Hydra servers and cryptocurrency wallets occurred in Germany, where German Federal Criminal Police (the Bundeskriminalamt) coordinated efforts with U.S. law enforcement.

“The Justice Department will be relentless in our efforts to hold accountable those who violate our laws – no matter where they are located or how they try to hide their crimes,” Garland said.

“Together with our German law enforcement partners, we have seized the infrastructure of the world’s largest darknet market, but our work is far from over,” said the attorney general. “We will continue to work alongside our international and interagency partners to disrupt and dismantle darknet markets, and to hold those who commit their crimes on the dark web accountable for their acts.”

“The successful seizure of Hydra, the world's largest darknet marketplace, dismantled digital infrastructures enabling a wide range of criminals – including Russian cyber criminals, the cryptocurrency tumblers and money launderers that support them and others, and drug traffickers” said FBI Director Christopher Wray. “Today’s announcement is a testament to the strength and potency of our law enforcement partnerships here and around the world – and another example of our strategy to broadly target the entire illicit ecosystem that drives and enables crime.”

“This coordinated action sends a clear message to anyone attempting to operate or support an online criminal enterprise under the cover of the dark web,” said Stephanie M. Hinds, U.S. Attorney for the Northern District of California  “The dark web is not a place criminals can operate with impunity or hide from U.S. law enforcement, and we will continue to use our sophisticated tools and expertise to dismantle and disable darknet markets.”

“This action also underscores the importance of international law enforcement collaboration. The Department of Justice will not allow darknet markets and cryptocurrency to be a safe haven for money laundering and the sale of hacking tools and services,” said Deputy Attorney General Lisa O. Monaco. “Our message should be clear: we will continue to go after darknet markets and those who exploit them. Together with our partners in Germany and around the world, we will continue our work to disrupt the ecosystem that allows these criminal actors to operate.”

Hydra was an online criminal marketplace that enabled users in mainly Russian-speaking countries to buy and sell illicit goods and services, including illegal drugs, stolen financial information, fraudulent identification documents, and money laundering and mixing services, anonymously and outside the reach of law enforcement., according to prosecutors.

Transactions on Hydra were conducted in cryptocurrency and Hydra’s operators charged a commission for every transaction conducted on Hydra.

In conjunction with the shutdown of Hydra, justice officials dalso announced criminal charges against Dmitry Olegovich Pavlov, 30, a resident of Russia, for conspiracy to distribute narcotics and conspiracy to commit money laundering in connection with his operation and administration of the servers used to run Hydra.

Starting in or about November 2015, Pavlov is alleged to have operated a company, Promservice Ltd., also known as All Wheel Drive and 4x4host.ru, that administered Hydra’s servers (Promservice).

During that time, Pavlov, through his company Promservice, administered Hydra’s servers, which allowed the market to operate as a platform used by thousands of drug dealers and other unlawful vendors to distribute large quantities of illegal drugs and other illicit goods and services to thousands of buyers, and to launder billions of dollars derived from these unlawful transactions.

As an active administrator in hosting Hydra’s servers, Pavlov allegedly conspired with the other operators of Hydra to further the site’s success by providing the critical infrastructure that allowed Hydra to operate and thrive in a competitive darknet market environment. In doing so, Pavlov is alleged to have facilitated Hydra’s activities and allowed Hydra to reap commissions worth millions of dollars generated from the illicit sales conducted through the site.

“The darknet has been a key online marketplace for the sale of deadly drugs worldwide,” said Administrator Anne Milgram of the Drug Enforcement Administration (DEA).

“The availability of illicit substances and money laundering services offered by Hydra threaten the safety and health of communities far and wide,” she said. “Criminals on the darknet hide behind the illusion of anonymity, but DEA and our partners across the globe are watching. We will continue to investigate, expose, and take action against criminal networks no matter where they operate.”

Milgram praised investigative work by DEA’s Miami Counternarcotic Cyber Investigations Task Force, Cyber Support Section, and Special Operations Division.

“The Hydra darknet site provided a platform for criminals who thought they were beyond the reaches of law enforcement to buy and sell illegal drugs and services,” said Chief Jim Lee of IRS-Criminal Investigation.

He said the IRS Cyber Crimes Unit used the cryptocurrency tracking expertise to help take down this site, Lee said.

“The dismantling of the Hydra Market, the dark web’s largest supplier of illicit goods and services, sends a message to these electronic criminal kingpins that think they can operate with impunity,” said Special Agent in Charge Anthony Salisbury of Homeland Security Investigations (HSI) Miami.

According to the indictment, vendors on Hydra could create accounts on the site to advertise their illegal products, and buyers could create accounts to view and purchase the vendors’ products, federal prosecutors said.

Hydra vendors offered a variety of illicit drugs for sale, including cocaine, heroin, methamphetamine, LSD, and other opioids, according to prosecutors. The vendors openly advertised their drugs on Hydra, typically including photographs and a description of the controlled substance. Buyers rated the sellers and their products on a five-star rating system, and the vendors’ ratings and reviews were prominently displayed on the Hydra site.

Hydra also featured numerous vendors selling false identification documents. Users could search for vendors selling their desired type of identification document, from U.S. passports to drivers’ licenses, and filter or sort by the item’s price. Many vendors of false identification documents offered to customize the documents based on photographs or other information provided by the buyers, the Justice Department said in its press release this week.

Numerous vendors also sold hacking tools and hacking services through Hydra. Hacking vendors commonly offered to illegally access online accounts of the buyer’s choosing. In this way, buyers could select their victims and hire professional hackers to gain access to the victims’ communications and take over the victims’ accounts.

Hydra vendors also offered a robust array of money laundering and so-called “cash-out” services, which allowed Hydra users to convert their bitcoin (BTC) into a variety of forms of currency supported by Hydra’s wide array of vendors. In addition, Hydra offered an in-house mixing service to launder and then process vendors’ withdrawals.

Mixing services allowed customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin. Hydra’s money laundering features were so in-demand that some users would set up shell vendor accounts for the express purpose of running money through Hydra’s bitcoin wallets as a laundering technique.

Assistant U.S. Attorneys Claudia A. Quiroz and Robert S. Leach of the U.S. Attorney’s Office for the Northern District of California and Trial Attorneys C. Alden Pelker and Christen M. Gallagher of the Criminal Division’s Computer Crime and Intellectual Property Section  are prosecuting the case.


Three decades of journalism experience, as a writer and editor with Gannett, Knight-Ridder and Lee newspapers, as a business journal editor and publisher and as a weekly newspaper editor in Scotts Valley and Gilroy; with the Weeklys group since 2017. Recipient of several first-place writing and editing awards, California News Publishers Association.


  1. This is empire baby. We bombed Somalia last week because we can bomb anybody we want. We can charge anyone, anywhere for an American crime. Ooh, selling illegal cigarettes in Budapest, you’re going to an American Jail MF.

  2. Scam in cryptocurrency is a problem and I would even say quite a big one, but it is clearly no bigger than in the fiat world. I am more concerned about the problem in cryptocurrency software. I almost came across a scam trading robot recently, good thing I decided to read reviews and came across https://cryptodaily.se/bitcoin-billionaire-bot-recension/ where they described it in detail as a scam bot.
    So I hope with the measure of cryptocurrency development there will be less scam projects.

Leave a Reply

Your email address will not be published. Required fields are marked *