Blog dedicated to reporting on Mexican drug cartels
on the border line between the US and Mexico

Wednesday, April 6, 2022

Russia’s Dark Web ‘Hydra Market’ with Links to Mexican Cartels is Shut Down

"Socalj" for Borderland Beat

Germany announced that the “largest” Dark Web sales platform, called “Hydra Market,” which has been operating in Russian since 2015, was dismantled and bitcoin worth more than $25 million dollars was seized.

Investigators suspect that this platform, with around 17,000,000 clients, was used for criminal activities and money laundering, through more than 19,000 active sales accounts. Sources from the Federal Bureau of Investigation (FBI) revealed to journalist Óscar Balderas that among the most active users were twelve accounts linked to drug cartels led by Ismael “El Mayo” Zambada and Nemesio “El Mencho” Osegura.

Through this platform, the two most important cartels in Mexico would have been dedicated for several years to the technique known as smurfing, through which criminals make various purchases of cryptocurrencies of less than USD $7,500, which ensures the anonymity of those who carry them out by not exceeding the limit allowed by the Mexican authorities for each operation.

“The use of bitcoin to launder money is on the rise, particularly among drug gangs such as the Jalisco New Generation Cartel and the Sinaloa Cartel, according to authorities in Mexico and the United States. Mexican cartels are believed to launder an estimated $25 billion a year in Mexico alone,” the UN disclosed in its 2021 drug control report.

"To stay below the $7,500 red flag banking transaction threshold, criminals often divide their illicit cash into small amounts and deposit it into multiple bank accounts, a technique known as 'smurfing,'" it read in the report. “Hydra Market” was one of the largest sites for this type of operation. The Russian-language device accessible through the Tor network was primarily used for trading drugs, stolen data, and false documents.

The Mexican government has also identified the way to launder money with cryptocurrencies by Mexican cartels, so in 2018 a law was implemented that forced all digital currency purchase platforms to report transfers that exceed 56 thousand pesos, the equivalent of USD $2,830.

US Sanctions Hydra Market Wallets

The US treasury simultaneously imposed new sanctions on the market and more than a hundred of its cryptocurrency wallet addresses. The DOJ also charged one of Hydra Market’s alleged operators with conspiracy to distribute narcotics and conspiracy to commit money laundering. Hydra Market enabled vendors of a wide range of drugs — including heroin, other opioids, cocaine, methamphetamine, and LSD to connect with customers of those narcotics, who could rate sellers on a five-star system, according to U.S. prosecutors.

In total, Hydra facilitated more than $5 billion dollars in illicit cryptocurrency transactions since it launched in 2015, according to blockchain analysis firm Elliptic. The majority of those transactions, Elliptic says, were sales of illegal drugs, which were strictly limited to Hydra's target market of former Soviet states. But Hydra also played a significant and more global role for cybercriminals: It offered "mixing" services designed to launder crypto and make it more difficult to trace, alongside exchange services that allowed clients to trade in the crypto proceeds from all manner of crime for Russian rubles in some cases, even for cash bundles buried in the ground for customers to dig up later.

“It has this dual function of being a drugs market and a service for cybercriminals—and particularly Russian cybercriminals,” says Jess Symington, Elliptic's research lead. “So it does impact more than just the drugs community, and it forces these individuals to now potentially reconsider how they're going to launch their funds or cash out.”

Around half of the roughly $2 billion in transactions going into Hydra's cryptocurrency addresses in 2021 and early 2022 were from illicit or “risky” sources, such as stolen funds, dark-web markets, ransomware, online gambling, scams, and individuals and organizations facing sanctions, according to cryptocurrency tracing firm Chainalysis. In other words, close to a billion dollars worth of the money entering Hydra over that time wasn't clean money used to buy drugs or other contraband available for sale on the site, but rather dirty money that Hydra was helping to launder and exchange for rubles.

Another major chunk of the site's incoming payments during that time, close to $310 million, were from dark-web markets—including some funds from Hydra recycled back into the site—as users sought to launder the proceeds from the sales of drugs and other illegal products and services and cash out. In keeping with its many-headed name, a joint report from Flashpoint and Chainalysis last year counted at least 11 administrators and operators who have run the market under pseudonyms like Ironman, Deus, Handsome Jack, Glavred, Fatality, and Satoshi Nakamoto.

In conjunction with the shutdown of Hydra, the department also announced criminal charges against Dmitry Olegovich Pavlov, 30, a resident of Russia, for conspiracy to distribute narcotics and conspiracy to commit money laundering, in connection with his operation and administration of the servers used to run Hydra. Starting in or about November 2015, Pavlov is alleged to have operated a company, Promservice Ltd., also known as Hosting Company Full Drive, All Wheel Drive, and, that administered Hydra’s servers (Promservice). During that time, Pavlov, through his company Promservice, administered Hydra’s servers, which allowed the market to operate as a platform used by thousands of drug dealers and other unlawful vendors to distribute large quantities of illegal drugs and other illicit goods and services to thousands of buyers and to launder billions of dollars derived from these unlawful transactions.

As an active administrator in hosting Hydra’s servers, Pavlov allegedly conspired with the other operators of Hydra to further the site’s success by providing the critical infrastructure that allowed Hydra to operate and thrive in a competitive darknet market environment. In doing so, Pavlov is alleged to have facilitated Hydra’s activities and allowed Hydra to reap commissions worth millions of dollars generated from the illicit sales conducted through the site.


  1. Question #1 Is the multi billions underground economy essentially impossible to trace other than little busts here and there?
    Question #2, anyone know what exact service offered in paragraph 5 or 6 states: "for cash bundles buried in the ground for customers to dig up later" ?? What does this mean?
    Vacca and Truther, your welcome, now I will be the one accused of having Downs Syndrome and eating lead paint chips as a child. Serious questions though.📼💾📷💻💿📀

    1. The leaving for customers to dig up later is the dark web practice in Russia. Essentially a dead drop where the drugs/etc they ordered online aren’t mailed to them but left at a designated place in this case out in the forest somewhere.

    2. Miss H
      You have the IQ of 100
      No one would ever say you have Downs Syndrome.😷😷😷

    3. 6:38 in spite of her intelligence, Miss H only has one pair of chichis,
      not 3 chichis.

    4. Actually I have 17 chichi's, thank you for noticing, as most people don't bother to mention it.
      Thank you Soja for answering question. I have heard of this being used with GPS coordinates in areas. Very smart tactic, indeed.10 gold stars go to criminals🌠⚡🌠⚡🌠⚡🌠⚡🌠⚡

    5. 8:46 Madam, you surprise me!!!
      I kinda know what you mean,
      stay lovely.


Comments are moderated, refer to policy for more information.
Envía fotos, vídeos, notas, enlaces o información
Todo 100% Anónimo;