• The report from TRM Labs shows that despite Western sanctions and efforts to shut them down, Russian marketplaces on the dark web have continued to operate.
• Ransomware actors and high-risk crypto exchanges have also remained active, with Garantex even doubling its trading volumes in 2022.
• New Russian DNMs have filled the gap left by the dismantling of Hydra, with sales surpassing those in the first four months of the year. Conti has also rebranded as several smaller groups and is still operating.
Russian Darknet Markets Thrive Despite Sanctions
A report from blockchain intelligence firm TRM Labs has revealed that Russian marketplaces on the dark web are continuing to operate despite Western sanctions and efforts to shut them down. Ransomware actors and high-risk crypto exchanges have also remained active, with Garantex even doubling its trading volumes in 2022.
Ukraine War Disruptions Lead to Adaptations
Before Russia invaded Ukraine a year ago, cryptocurrency exchanges linked to the two countries accounted for over half of the international volumes of illicit crypto funds. Cybercrime organizations were full of Russian-speaking members and Russian-language darknet markets (DNMs) dominated the global drugs trade in cryptocurrency. In response to disruptions caused by this conflict, which TRM Labs calls “the world’s first crypto war”, changes have been seen in this illicit crypto ecosystem as cybercriminals adjust accordingly.
Western Authorities Take Action Against Crypto Platforms
In April, German authorities seized servers from Hydra – previously one of the largest darknet markets – whilst U.S Treasury Department imposed sanctions on Hydra and Garantex – a Russia-based crypto exchange accused of processing $100 million of illicit transactions which included $6 million from ransomware group Conti and around $2.6 million from Hydra itself.
New Platforms Fill Gap Left by Dismantling of Hydra
Despite this crackdown however, both Garantex and Conti are still operating; Garantex more than doubling its trading volumes over 2022 whilst Conti simply rebranded as several smaller groups. Newly founded Russian DNMs have also filled any gaps left by Hydra’s demise with sales between May 2022 – Dec 2022 surpassing those in Jan-April 2022 alone.
Conclusion: Sanctions Have Failed To Stop Cybercriminals
Overall then it appears that these sanctions imposed by Western governments against Russia-linked DNMs, ransomware syndicates and crypto exchanges have failed to stop cybercriminals who continue to thrive despite these measures being taken against them.