Silhouette of anonymous man with question mark

Who might face sanctions after Bitzlato?

Getting your Trinity Audio player ready...

This is report is a guest contribution from the Global Ledger team.

Executive summary

  • The Department of Justice (DOJ) sanctioned Bitzlato in 2023 for transmission of illicit funds, including over $700 million in cryptocurrency from Hydra Market
  • The Global Ledger team analyzed cryptocurrency traffic on the Hydra darknet marketplace to discover other companies with similar exposure to Hydra
  • The research identified the entities that might catch regulators’ attention for the same exposure
  • Several exchanges were identified that continued to process transactions with Hydra-related wallets even after the marketplace was closed

Regulatory bodies and law enforcement agencies have massively shifted their focus towards entities engaged in laundering illicit funds obtained through illegal activities such as ransomware attacks, scams, and operations conducted on darknet marketplaces involving cryptocurrency. Specifically, in the year 2022, Blender.io, Tornado Cash, Hydra, and Garantex were subjected to sanctions for their involvement in such activities. Similarly, this year, Bitzlato.io has already faced sanctions on the same grounds. Irrespective of the considerable duration required for a thorough collection of evidence and investigation, the regulators’ message is clear: laundering funds using cryptocurrencies will not be tolerated. In this regard, the primary focus of Global Ledger research was to explore: Who might get regulators’ attention next?

To address this question, the Global Ledger team analyzed the flow of funds from services and exchanges sent to and received directly from the Hydra darknet marketplace. The facilitation of deposit and withdrawal transactions with the Hydra darknet marketplace wallets previously served as the primary catalyst for the subsequent imposition of sanctions for the above-mentioned organizations.

The provided image showcases an aggregated chart displaying the prominent sending and receiving counterparties of the Hydra darknet marketplace. The data on the left side represents exchanges from which users deposited funds into Hydra, while on the right side, the withdrawals made by users and vendors are illustrated.

GL protocol data analysis
GL protocol data analysis that shows received and withdrawn sums in BTC using Hydra Marketplace wallets for the period from 05.04.2021 to 05.04.2022
GL protocol data analysis
GL protocol data analysis that shows received and withdrawn sums in BTC using Hydra Marketplace wallets for the period from 05.04.2022 to 05.04.2023

The research encompassed the timeframe spanning from 2021 to 2023, which includes one year before May 4, 2022, and one year after the day when the DOJ made an official announcement regarding the seizure of Hydra Market (Hydra) and includes more than 6,030,749 wallets addresses analysis.

The operation to close the marketplace resulted in a traffic halt of more than 98% in received amounts and 96% in sent amounts, which practically stopped the activity of Hydra.

If we pay attention to the traffic itself, then its data also differ significantly. A year before the closure of Hydra, the main traffic to wallets consisted of transactions from regulated exchanges. But the situation changed in the next year, since 04/05/22, mostly the traffic from other darknet marketplaces, such as Blacksprut, OMG!OMG!, Nova, and Mega went to Hydra wallets when the number of exchanges that took part in proceeding with these transactions was greatly reduced.

The data provided also makes it possible to suggest who might be on the list of the next exchanges at risk of being sanctioned. The total amount of BTC sent to Hydra wallets from Bitzlato was 2140.7401 BTC, and the total amount of funds received was 2182.6648 BTC. Let us imagine that this amount is an indicator that marks the potential attention of law enforcement agencies to the exchange. Thus, according to the data, the top 5 exchanges that sent or received a similar amount of funds to the Hydra marketplace can be identified as:

1. Binance

Binance Exchange has been investigated numerous times for funds linked to Hydra and has denied any connection to the darknet marketplace multiple times, justifying its involvement in such stories with “indirect transactions” or “strong investigation assistance” in cases of laundering large stolen amounts. A year before the shutdown of Hydra, 4403.3860 BTC were sent to Hydra wallets using Binance, and about 3640.1423 BTC were sent from Hydra wallets to Binance. In addition, according to GL data, Binance continued to provide the ability to send and receive funds from darknet marketplace wallets even after its official imposition of sanctions and its closure.

2. Garantex and Bitzlato

Garantex and Bitzlato are representatives of exchanges that have already been sanctioned for improper supervision of transactions with Hydra. For the period from 04/05/2021 to 04/05/2022, about 2505.7890 BTC were sent from Garantex to Hydra wallets and 966.3620 BTC from Hydra wallets to Garantex. As for Bitzlato, 2140.7401 BTC were sent to Hydra wallets from Hydra wallets to Bitzlato – 2182.6648 BTC in the same period. But according to the U.S. Department of the Treasury, despite the loss of the Estonian license and the opportunity to provide services after the local regulator revealed serious shortcomings in the field of AML / CFT, Garantex continues to function. The new Bitzlato, according to co-founder Anton Shkurenko, will be based in Russia and “not available to law enforcement agencies.” Therefore, they still could be on this list as exchanges subject to potential further sanctions.

3. Huobi

Already in December 2021, the British National Bureau of Economic Research indicated in their research that looking at the darknet marketplace Hydra Market, the researchers Igor Makarov and Antoinette Schoar discovered that no- or low KYC (Know Your Customer) exchanges like Binance and Huobi could be used for money laundering.

GL data to date shows that between 04/05/2021 and 04/05/2022, 1913.5069 BTC were sent from Huobi to Hydra wallets, and about 1500.8395 BTC were sent from Hydra wallets to Huobi. Furthermore, as per the data provided, Huobi, as well as Binance, persisted in facilitating the transfer of funds to and from wallets associated with Hydra darknet marketplace, even following the official imposition of sanctions.

4. MINE.exchange

MINE.exchange is an exchange operated by Fidelity Limited, and according to the site itself, their office is located in Cyprus at Boumpoulinas, 1, 3rd floor, Office 31, 1060, Nicosia, Cyprus. The site of this exchange has only two languages, Russian and English, and according to similarweb.com, most of the traffic to the site comes from Russia (more than 50%). In addition, this exchange is in the top 50 providers on the Bestchange.com website that display the current rates of OTC providers in various regions of Russia with an available reserve of about $20,000,000. According to the research for the period from 04/05/2021 to 04/05/2022 with MINE About 1459.3658 BTC were sent from .exchange to Hydra wallets and 724.3052 BTC from Hydra wallets to MINE.exchange over the same period.

5. Treddr.org

The situation with Tredd.org is very similar to MINE.exchange. More than 881.9886 BTC were sent from Tredd.org to Hydra wallets from 04/05/2021 to 04/05/2022. In addition, on the main page of the exchange, the main offer is to exchange Bitcoins BTC for rubles RUB to a Sberbank, Tinkoff, Alfa BankVTB card, and others, most of which have already been subject to international sanctions. Based on the provided data, it could be seen that Treddr.org emerged as another exchange that continued to enable the transfer of funds to and from wallets associated with Hydra, after the official imposition of sanctions.

6. WhiteBIT

Whitebit Platform – a Ukrainian exchange that belongs to the group of companies “WhiteBIT Group,” which refers to all parties that manage the Platform – the companies UAB Clear White Technologies (Republic of Lithuania), WhiteBIT Financial Company s.r.o. (Czech Republic), WhiteBIT Tech Sp. Z.o.o (Republic of Poland), WhiteBIT Solutions LLP (England and Wales), WhiteBIT Operations Australia PTY LTD (Australia), WhiteBIT Georgia LLC (Georgia), Clear White Technologies Limited (Hong Kong), Clear White Solutions Limited (BVI), unincorporated organizations and teams that provide WhiteBIT services and are responsible for such services. According to the study, for the period from 04/05/2021 to 04/05/2022, about 711.8721 BTC were sent to Hydra wallets from Whitebit, and 1674.4040 BTC were received from Hydra.

Some exchanges continued to allow users to make transactions to Hydra wallets even after the shutdown operation. If we pay attention to the traffic from 05.04.2022 to 05.04.2023, among them are Huobi, FixedFloat, Binance, Treddr.org, and Bitpapa:

  • Huobi – 101,4254 BTC
  • FixedFloat – 52,7390 BTC
  • Binance – 31,6126 BTC
  • Treddr.org – 12,6680 BTC
  • Bitpapa – 2,5521 BTC

These volumes are not as large as the volumes before the closure of the marketplace, but the very fact of the existence of such transactions to already known wallets that belong to Hydra may be a reason for closer attention of law enforcement and regulatory authorities to these exchanges.

Based on the data obtained, there are multiple exchanges that might face potential scrutiny from regulators due to their involvement in deposit and withdrawal transactions associated with the Hydra darknet marketplace. These exchanges can be categorized into two groups: those whose users engaged with Hydra prior to its closure and those whose users persisted in interacting even after the marketplace’s shutdown. However, as it is important to say, the Hydra exposure data does not represent whenever these entities identified, blocked, and reported these transactions as a suspicious activity to the regulatory bodies. Considering the increasing focus on combating money laundering stemming from illicit activities and the enhanced coordination between law enforcement agencies and regulatory bodies, it is highly likely that both groups of such exchanges can come under close scrutiny and control. Such actions will definitely result in a further decrease in the operations of exchanges collaborating with malicious actors, which will positively affect the development of the entire industry.

***

1. The analysis focuses on transactions in BTC, as it’s proved to be the main currency used for conducting transactions on the dark web all over the world and Hydra transactions are no exception.

2. It is worth taking into account that if funds entered the exchange from the Hydra darknet marketplace, this does not always mean that the exchange is directly involved in money laundering activities. In such cases, compliance officers could block such funds and send a corresponding report to the regulator.

Also, if deposits were sent from the exchange to Hydra when sending withdrawals, some, especially the new wallets of the Hydra darknet marketplace, might not be associated with it, and therefore further monitoring of funds after the withdrawal is important to identify such activity.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple,
Ethereum, FTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.