Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the world’s largest and most prominent darknet market, Hydra Market (Hydra), in a coordinated international effort to disrupt the proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site.
The operation targeting Hydra was a collaborative initiative joined by the U.S. Department of Justice, Federal Bureau of Investigations, Drug Enforcement Administration, Internal Revenue Service Criminal Investigation, and Homeland Security Investigations. This action was enhanced by international cooperation with the German Federal Criminal Police, who shut down Hydra servers in Germany and seized $25 million worth of bitcoin.
“The global threat of cybercrime and ransomware that originates in Russia, and the ability of criminal leaders to operate there with impunity, is deeply concerning to the United States,” said Secretary of the Treasury Janet L. Yellen. “Our actions send a message today to criminals that you cannot hide on the darknet or their forums, and you cannot hide in Russia or anywhere else in the world. We will continue to disrupt these networks in coordination with allies and partners like Germany and Estonia.”
Darknets are Internet-based networks that individuals use special software to access in a manner designed to obscure the individuals’ identity and their associated Internet activity. Marketplaces on the darknet almost exclusively accept virtual currency as payment for an extensive range of illegal services and goods, including ransomware-as-a-service (RaaS).
Virtual currency is often the payment method of choice on darknet marketplaces because illicit actors who transact on the darknet often incorrectly believe virtual currencies to be an anonymous and untraceable means of exchange. Ransomware payments are also often demanded in virtual currency for similar reasons.
Countering ransomware is a top priority of the Administration. Today’s action supports the Administration’s counter-ransomware lines of effort to disrupt ransomware infrastructure and actors in close coordination with international partners. Today, the U.S. and German governments’ action addresses virtual currency abuse to launder ransom payments.
Russia is a haven for cybercriminals. Today’s action against Hydra and Garantex builds upon recent sanctions against virtual currency exchanges SUEX and CHATEX, both of which, like Garantex, operated out of Federation Tower in Moscow, Russia.
The Treasury is committed to taking action against actors that, like Hydra and Garantex, willfully disregard anti-money laundering and countering the financing of terrorism (AML/CFT) obligations and allow their systems to be abused by illicit actors.
Wanton disregard for regulations and compliance by persons running virtual currency exchanges will be rigorously investigated, and perpetrators will be held accountable where appropriate.
Additionally, the United States urges the international community to effectively implement international standards on AML/CFT in the virtual currency area, particularly regarding virtual currency exchanges. The virtual currency industry has a critical role in implementing appropriate AML/CFT and sanctions controls to prevent sanctioned persons and other illicit actors from exploiting virtual currencies to undermine the United States’ national security and our partners.
In addition to sanctioning Hydra, OFAC identifies over 100 virtual currency addresses associated with the entity’s operations used to conduct illicit transactions. Treasury is committed to sharing additional criminal virtual currency addresses as they become available.
As reflected in Executive Order (E.O.) 14067 of March 9, 2023, “Ensuring Responsible Development of Digital Assets,” the Administration supports responsible innovation in digital assets while prioritizing efforts to identify and mitigate illicit financing risks in the digital asset ecosystem.
In the coming month, the Department of the Treasury will publish an updated National Strategy to Combat Illicit Finance, which will highlight planned Treasury efforts further to combat the misuse of virtual currency and exchanges.
Garantex is being designated today under E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.
Today’s action also reinforces OFAC’s recent public guidance to further cut off avenues for potential sanctions evasion by Russia, supporting the G7 leaders’ commitment to maintaining the effectiveness of economic measures.
The Treasury’s expansive sanctions actions against Russia require all U.S. persons to comply with OFAC regulations, regardless of whether a transaction is denominated in traditional fiat currency or virtual currency. Sanctioned Russian persons employ various measures to evade U.S. and international sanctions. U.S. persons, including firms that process virtual currency transactions, must be vigilant against attempts to circumvent OFAC regulations and take risk-based steps to ensure they do not engage in prohibited transactions.
OFAC is closely monitoring efforts to avoid or violate Russia-related sanctions, including through virtual currency, and is committed to using its broad enforcement authorities to act against violations and promote compliance.