Russia's Darknet Criminals Have Novel Crypto Cash-Out System: 'Buried Treasure'

A darknet ad flagged by the crypto sleuths at Elliptic says vendors will bury vacuum-packed physical cash “5-20 cm under the ground.”

AccessTimeIconMar 22, 2021 at 2:10 p.m. UTC
Updated May 9, 2023 at 3:17 a.m. UTC

Cybercriminals in Russia are going to extreme lengths to untraceably cash out cryptocurrency: The word used in online ads is “клад,” literally “buried treasure.”  

Cashing out crypto on Hydra, the sprawling Russian darknet marketplace, has evolved to include services that offer to hide large volumes of physical cash at a specified location, where the cash can be retrieved by the customer.

  • Meme Coin Liquidity Hits Record High
    Meme Coin Liquidity Hits Record High
  • How Ledger Stax Plans to Make Self-Custody More Mainstream
    How Ledger Stax Plans to Make Self-Custody More Mainstream
  • Why Dogecoin Is a 'Weird' Investment
    Why Dogecoin Is a 'Weird' Investment
  • AI Tokens Surge as Nvidia Becomes World’s Most Valuable Company
    AI Tokens Surge as Nvidia Becomes World’s Most Valuable Company
  • Ransomware, darknet markets and exchange thefts generate large volumes of cryptocurrencies such as bitcoin. The criminals behind this activity, however, face a challenge in terms of how to remove any link to identity when turning the proceeds into cash. Darknet users that are proficient in laundering crypto are willing to provide fiat off-ramps for a fee, according to new research from blockchain analytics firm Elliptic.

    Russia’s illicit treasure hunts are not an entirely novel idea. The physical exchange of rubles for crypto using a GPS location is adapted from Hydra’s very sophisticated drug selling and delivery methods, which work like a secret gig economy based on reputation, courier vetting, potency testing and so on.

    Hydra’s army of illicit sellers and buyers sometimes handle a bitcoin payment by topping up a prepaid debit card, or sending rubles to an online wallet service or bank account. 

    But burying cash is increasingly seen as a fail-safe fiat off-ramp for criminals looking to avoid the long arm of cybercops (and analytics firms like Elliptic working on their behalf).

    “It’s an interesting way of cashing out that people are starting to use,” Elliptic CEO Tom Robinson said in an interview. “It’s difficult to do at scale and requires that you are in Russia, but that’s where a lot of Hydra users are based.”

    Outrunning AML

    In the early days, when many crypto exchanges were not checking the provenance of customers closely and blockchain analytics tools were in their infancy, cashing in cryptocurrency proceeds of crime was less of a challenge. 

    The situation today, involving global anti-money laundering (AML) regulators armed with blockchain sleuthing tools to trace and screen transactions is dramatically different, said Robinson.   

    One of Hydra's payout options.
    One of Hydra's payout options.

    The darknet listing above advertises a service where, in return for a cryptocurrency payment, the vendor will bury vacuum-packed (all drugs and cash are vacuum packed to prevent dogs sniffing them out) physical cash “5-20 cm under the ground.”  

    The service is costly, with fees of around 7% of the amount being exchanged, according to Elliptic. There are also other risks because thieves known as “seekers” sometimes trail the treasure men and steal the deliveries. 

    Hydra is by far the biggest darknet marketplace to have ever existed, with about $125 million worth of transactions per week. (At its peak, Alphabay, the nearest rival, clocked between $50 million and $60 million per week.)

    “I’m surprised Hydra hasn't had more coverage because it's absolutely huge,” Robinson said. “I think it's probably because it's Russian language that people don't really think about it as much as that Western problem.”

    Russian darknet markets are all about innovation, said Patrick Shortis, an expert on such marketplaces from the University of Manchester, citing the continually updated rule book known as the Kladman’s (Treasure man’s) Bible. 

    “Russian dark markets differ from their Western counterparts in that the postal service in Russia is not as reliable, and so the dead-drop method is preferred,” Shortis said in an interview. “Also, in the West we care a lot about using PGP (pretty good privacy) and cleaning our coins and using monero and whatnot. Whereas in Russia, they generally tend to be more relaxed when it comes to a threat from the state.”


    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.