“We felt a chill,” says Sebastian Zwiebel, describing the moment his team shut down the Hydra platform, the world’s largest dark web marketplace.

The site was a stronghold of cybercrime and survived for more than six years selling illegal drugs and products.

However, after a tip, German police seized the site’s servers and confiscated €23 million worth of bitcoins.

“We’ve been working on this for months, and when it finally happened, it was a tremendous, great feeling,” says Zwiebel.

Police say 17 million customers and more than 19,000 seller accounts were registered on the site, which now displays a police arrest notice.

Hydra specializes in same-day “clandestine delivery” services, where drug dealers (vendors) hide packages in public places before informing customers of the pick-up location.

Shortly after the German operation was announced, the US Treasury Department issued sanctions against Hydra “in a coordinated international effort to stop the proliferation of malicious cybercrime services, dangerous drugs and other illegal offerings available on the Russia-based website.” .

Over the past six months, many high-profile dark web marketplaces have been shut down, but Hydra was apparently immune to police attempts to bring it down.

The site was launched in 2015 to sell drugs, pirated materials, forged documents and illegal digital services such as the bitcoin mixer, which cybercriminals use to launder stolen or extorted cryptocurrencies.

The site was written in Russian, with sellers located in Russia, Ukraine, Belarus, Kazakhstan and other countries in the region.

Zwiebel says that the operation to close the platform began with a clue that pointed to the possibility that the site’s infrastructure was hosted in Germany.

“We got some leads by monitoring dark web activity by US authorities. So in July or August of last year we started to dig deep and investigate this area,” he explains.

It took many months to find which company could host Hydra in Germany.

And they ended up finding out that it was a “bulletproof” hosting company.

A bulletproof hosting company is one that doesn’t audit the websites or content it hosts, has no problem hosting criminal websites, or avoids police requests for customer information.

Zwiebel says his investigators subsequently presented the evidence to a German judge to obtain permission to approach the server company and issue a notice of closure.

Thus, the company was forced to comply — otherwise, its representatives could also have been arrested.

Website visitors are now greeted with a police banner that reads: “the platform and criminal content have been seized”.

While celebrating the feat, German officials say they fear this will not be the end of the Hydra cybercrime group, unless they can find its members and arrest them.

“We know they’re going to find another way to do business. They’re probably going to try to build a new platform, and we’re going to have to watch it. We don’t know the criminals, so that’s the next step,” says Zwiebel.

The news comes during a turbulent time for dark web markets as their most prominent sites have closed in recent months, either voluntarily or as a result of police activity.

Many of the closures stem from criminals who chose to shut down their operations and disappear with their wealth.

In January, the administrators of UniCC, a dark web site that sells stolen credit card data, withdrew citing health reasons.

Voluntary closures also led to the end of White House Market in October 2021, Cannazon in November and Torrez in December.

However, a BBC investigation earlier this year revealed that the most common way to shut down dark web sites is through so-called “exit scams”, in which administrators voluntarily close sites but steal their customers’ funds. in the process.