Case Study: Take-down of Hydra

by the Crystal investigations team

Crystal Investigations teamed with law enforcement to provide essential data to aid the take-down of the biggest illegal marketplace 

Hydra was a darknet marketplace with around 17 million customers and over 19,000 seller accounts being registered on the market. Its sales amounted to at least 1.23 billion in 2020 alone. In particular, the Bitcoin Bank Mixer, a service for obfuscating digital transactions provided by the platform, made crypto investigations extremely difficult for law enforcement agencies.  

Crystal’s team was instrumental providing detail related to key wallets related to Hydra. 

The Hydra Problem: Hydra, an illegal marketplace, was a Russian-language Darknet platform that had been accessible via the Tor network since at least 2015. Their focus was on the trading of illicit narcotics. In addition, stolen data, forged documents, and digital services were sold via the platform.  

Legal Action: Seizures carried out were preceded by extensive investigations conducted by the BKA (Federal Criminal Police Office) and the ZIT (Central Office for Combating Cybercrime). Since August 2021, several authorities have been involved.  

Crystal Investigations liaised with LE and provided details of Hydra’s active darknet wallets, then VASP wallets that had received funds directly from Hydra.   

IMAGE: Visualization showing flow of funds being seized from Hydra. 

The Right Result: This information was shared with German LE, who, in conjunction with other LE, used that information to secure the server infrastructure in Germany and take down the Hydra market. Bitcoins, in the amount of EUR 23 million, were seized. 

IMAGE: Visualization showing some withdrawals from Hydra showing linked activity to a multitude of illegal activities.

Crystal’s investigation team provides comprehensive cryptocurrency analysis and investigates crypto fund flows. Our detailed reports offer deep insights into financial crimes to partners such as financial institutions, government agencies, and other linked enterprises. 

  • We help identify and track illicit activities, like ransomware payments and show attribution. 
  • We link pseudonymous blockchain transactions to real-world organizations, including exchanges and mixer services, and reveal the real-world names of those entities in a user-friendly format. 
  • We provide evidence for the legal pursuance of charges and LEA action. 

If you have a case for us to look into, please book some time with our team at