Russian markets on the dark web have continued to operate despite Western sanctions and efforts to shut them down, according to a report that accessed the illicit blockchain space amid the world’s “first crypto war.” Ransomware actors and high-risk crypto exchanges have also remained active.
Russian Crypto Crypto Platforms Adapt To Disruptions Caused By Ukraine War
Before Russia invaded Ukraine a year ago, cryptocurrency exchanges linked to the two countries accounted for more than half of the international volumes of illicit crypto funds. Cybercrime organizations were full of Russian-speaking members and Russian-language darknet marketplaces (DNMs) dominated the global cryptocurrency drug trade, TRM Labs noted in a new report.
Over the past year, the blockchain intelligence firm has analyzed changes in the illicit crypto ecosystem to find out how cybercriminals are adapting to financial, political, and logistical disruptions caused by the conflict. The company describes the latter as “the world’s first crypto war,” in which both sides rely on donations in digital assets to finance their military and humanitarian campaigns and the West tries to limit opportunities for Moscow to use currencies to circumvent restrictions.
When war broke out, Western governments and law enforcement agencies went after Russia-linked DNMs, ransomware syndicates, and crypto exchanges, exposing users to further risk. However, they have continued to thrive even after the unprecedented actions against them, investigators were able to establish.
In April, German authorities seized the servers of the largest dark web marketplace, Hydra, while the US Treasury Department imposed sanctions on Hydra and Garantex, a Russia-based cryptocurrency exchange accused of processing USD. 100 million in illegal transactions. The total includes $6 million from the Russian ransomware group Conti and around $2.6 million from Hydra.
Despite the crackdown, Garantex not only continues to operate but has more than doubled its trading volumes over the course of 2022, TRM Labs revealed. Meanwhile, the newly founded Russian DNMs have quickly filled the void left by the dismantlement of Hydra. Sales on these platforms between May and December 2022 exceeded those of the first four months of the year.
At the same time, although Conti officially closed in May, it has actually changed names and continues to operate through several smaller groups. Although, a study published by Chainalysis in January this year showed that sanctions have played a role in reducing ransomware revenue.
The TRM report also highlights the politicization of some Russian and Ukrainian hackers and provides an example with Killnet. The group, which carries out malware and distributed denial-of-service (DDoS) attacks, pledged allegiance to the Russian state and threatened entities linked to hostile nations. Pro-Ukrainian dump forums have also hit Russian targets. Both have been raising cryptocurrency on Telegram for their respective causes. DNMs and dark web forums have largely remained politically neutral.
Do you think that the authorities in Russia, Ukraine and other countries in the region will crack down on these types of platforms in the future? Share your thoughts on the subject in the comments section below.
image credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or a solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.