Accessing Illegal Blockchain Space Amid World’s First “Crypto War” According to reports, Russian marketplaces on the Dark Web, despite Western sanctions and efforts to shut them down Despite this, they continue to operate. Ransomware actors and high-risk crypto exchanges also continue to operate.
Russian underground crypto platforms
adapting to the disruption caused by the war in Ukraine.
Before Russia invaded Ukraine a year ago, cryptocurrency exchanges linked to the two countries accounted for more than half of the international volume of illicit crypto funds. Cybercrime organizations were awash with Russian-speaking members, and Russian-language darknet markets (DNMs) dominated the global drug trade in cryptocurrencies, TRM Labs noted in a newreport.
Over the past year, the blockchain intelligence firm has analyzed changes in the illicit crypto ecosystem, revealing how cybercriminals are adapting to the financial, political, and logistical disruption caused by the conflict. Describing the latter as “the world’s first crypto war,” the company said that both sides are relying on donations in digital assets to fund military and humanitarian campaigns, while the West is trying to limit Moscow’s opportunities to use coins to circumvent restrictions.
When war broke out, Western governments and law enforcement agencies went after Russia-linked DNMs, ransomware syndicates, and crypto exchanges, exposing users to increased risk. However, researchers were able to establish that these continued to thrive even after unprecedented actions against them.
In April, German authorities seized the servers of Hydra, the largest darknet marketplace, and the U.S. Treasury Department imposed sanctions on Hydra and Garantex, a Russia-based crypto exchange that allegedly processed $100 million in fraudulent transactions. This total includes $6 million from the Russian ransomware group Conti and approximately $2.6 million from Hydra.
Despite the crackdown, Garantex not only continues to operate, but has more than doubled its transaction volume during 2022, TRM Labs found. Meanwhile, the newly formed Russian DNM quickly filled the gap left by Hydra’s dismantling: from May to December 2022, sales on these platforms exceeded those of the first four months of the year.
At the same time, Conti was officially shut down in May, but actually rebranded and is still active through several smaller groups. However, a study published by Chainalysis in January of this year showed that sanctions have played a role in the decline in ransomware revenue.
The TRM report highlights the political influence of Russian and Ukrainian hackers, citing the example of Killnet. The group, which conducts malware and distributed denial-of-service (DDoS) attacks, has pledged allegiance to the Russian state and threatens to