Russian marketplaces on the dark web have continued to operate despite Western sanctions and efforts to shut them down, according to a report accessing the illicit blockchain space amid the world’s “first crypto war.” Ransomware actors and high-risk crypto exchanges have also remained active.
Underground Russian Crypto Platforms Adapting to Disruptions Caused by Ukraine War
Before Russia invaded Ukraine a year ago, cryptocurrency exchanges linked to the two countries accounted for over half of the international volumes of illicit crypto funds. Cybercrime organizations were full of Russian-speaking members and Russian-language darknet markets (DNMs) dominated the global drugs trade in cryptocurrency, TRM Labs noted in a new report.
Over the past year, the blockchain intelligence firm analyzed changes in the illicit crypto ecosystem to find out how cybercriminals are adjusting to the financial, political, and logistical disruptions caused by the conflict. The company describes the latter as “the world’s first crypto war,” with the two sides relying on donations in digital assets to fund their military and humanitarian campaigns and the West trying to limit the opportunities for Moscow to use coins to bypass restrictions.
When the war broke out, Western governments and law enforcement agencies went after Russia-linked DNMs, ransomware syndicates and crypto exchanges exposing users to increased risks. However, these have continued to thrive even after the unprecedented actions against them, the researchers were able to establish.
In April, German authorities seized the servers of the largest darknet market, Hydra, while the U.S. Treasury Department imposed sanctions on Hydra and Garantex, a Russia-based crypto exchange accused of processing $100 million of illicit transactions. The total includes $6 million from the Russian ransomware group Conti and around $2.6 million from Hydra.
Despite the crackdown, Garantex not only continues to operate but has more than doubled its trading volumes over the course of 2022, TRM Labs revealed. Meanwhile, newly founded Russian DNMs have quickly filled the gap left by the dismantling of Hydra. Sales on these platforms between May and Dec. 2022, surpassed those in the first four months of the year.
At the same time, while Conti officially shut down in May, it has actually rebranded and is still operating through several smaller groups. Although, a study published by Chainalysis in January of this year showed that sanctions have played a role in reducing ransomware revenue.
The TRM report also highlights the politicization of some Russian and Ukrainian hackers providing an example with Killnet. The group, which conducts malware and distributed denial-of-service (DDoS) attacks, pledged allegiance to the Russian state, threatening entities linked to unfriendly nations. The pro-Ukrainian Dump Forums have also hit Russian targets. Both have been raising crypto on Telegram for their respective causes. DNMs and darknet forums have largely remained politically neutral.
Do you think the authorities in Russia, Ukraine, and other countries in the region will crack down on such platforms in the future? Share your thoughts on the subject in the comments section below.