Solutions
Learn
Company
Request a demo
Search
Search
Insights
November 14, 2024

How Russian-style “Dead Drops” are Transforming Online Drug Sales

TRM InsightsInsights
How Russian-style “Dead Drops” are Transforming Online Drug Sales

A highly effective distribution technique for illicit drugs that pioneered on Russian-speaking darknet markets (DNMs) is now gaining ground in Asia and Western Europe. 

According to TRM's threat intelligence team — which researches crypto-enabled illicit activity including DNMs and the illicit drug trade — “dead drops,” by which drugs are hidden in public places for customers to find, are steadily growing in popularity. And with them come far-reaching implications for law enforcement and public safety.

In North America, Western Europe, and Australia, drugs bought on DNMs are generally mailed to customers. By contrast, Russian-language DNMs serving the post-Soviet states use dead drops as part of the zakladka or “stash” system — bringing together networks of couriers, wholesalers, drug producers, DNM management teams, and even customer service operatives.

The same efficiency that enabled DNM vendors operating over Tor and Telegram to displace street dealers as the main source of illegal drugs in Russia is now driving dead drop proliferation internationally. Dead drops offer these actors three key advantages over postal delivery: speed, profitability, and convenience. While mail deliveries generally take several days to arrive, dead drops can occur within minutes. That’s because the drugs advertised by dead drop-based online marketplaces are usually pre-packaged and hidden in advance: once payment is made, the vendor simply reveals their location to the buyer.

{{fyicard-russiandeaddrops-1}}

Dead drops arrive in the Republic of Korea (ROK)

For decades, a combination of strict laws, police vigilance, and societal consensus has kept the ROK’s rates of illicit drug use significantly lower than in comparable countries. Yet drug-related offenses have risen by nearly 50% between 2018 and 2022, according to the Korean Supreme Prosecutor's Office “White Paper on Drug Offenses.” 

The proliferation of dead drop sales is likely to have contributed to this trend. Over the past two years, dead drop dealing over Telegram has become a key method of distributing illicit drugs sold online in the ROK. Vendors specialize in methamphetamine, cannabis, ecstasy, MDMA, LSD, ketamine, and THC products, and use a range of channels to advertise their stores. 

As in Russia, dead drops are carried out by young people who are often made to provide their real ID documents as security to the vendors. Vendors in the ROK also require prospective customers to photograph themselves holding drug paraphernalia. Those who steal drugs or break other rules are named and shamed in public Telegram channels, which could open them up to the kinds of violent reprisals that occur in Russia.

For example, in Russia, freelance thugs known as “sportsmen” track down and brutalize delivery workers, or “kladmen,” who are accused of stealing. The sportsmen then often post these videos on public Telegram channels. In one such channel, there are over 800 videos showing people being beaten, raped, dismembered, set on fire, and even crucified as retribution for their actions.

Korean law enforcement have shown that they have the motivation, resources, and skills to catch entire networks of these vendors. However, online drug dealers in the ROK are more committed than their Russian counterparts to operational security measures — as demonstrated by their adoption of tactics like one-time use wallets. This makes it difficult for authorities to track funds and transactions and link them to individual vendors and customers. 

But even experienced drug vendors make mistakes that can be spotted and exploited by law enforcement armed with the right tools. For example, the chart below shows transactions involving an online drugs vendor traced to the ROK, who receives customer funds from mainstream cryptocurrency exchanges. 

However, while the vendor used mixing services to anonymize the onward transfer of proceeds from the drug sales, they did not do so consistently: on at least two occasions, funds were also sent directly to both custodial and non-custodial exchanges, as shown in the graph below. Using a blockchain tracing tool, a law enforcement agency could subpoena the exchange, which may ultimately result in the funds being frozen and seized. 

Expats and holidaymakers drive dead drops in Sri Lanka, Indonesia, and Thailand 

In contrast to the ROK — where dealers appear to be largely Korean nationals — the dead drop networks in South East Asia are dominated by the Russian-speaking diaspora, which has grown since the start of the Russia-Ukraine war in 2022. Darknet forums like RuTor have even hosted dedicated discussion areas for Russian-speaking expats living in Sri Lanka, Thailand, Indonesia, and Dubai. The vast majority of drug stores identified by TRM Labs appear to be run by Russian-speaking vendors mostly targeting tourists.

To date, the commercial success of these stores has been mixed. For example, on one occasion, the admin of ShriMarket — a drugs market in Sri Lanka — publicly complained about the lack of takeup for their Telegram service. However, such markets may gain traction with time as they become more established.

Dead drops spill into Western Europe

TRM research found that vendors using dead drops in Hungary, the Czech Republic, and Greece prefer Telegram, Session, and other end-to-end encrypted messenger services to DNMs. One Greece-based vendor tracked by TRM uses Telegram bots to arrange dead drops across Thessaloniki, relying on online geocoding services to provide customers with unique reference points for dead drops and posting the successful pickup in their channel.

In the UK, the “Breaking Bad” drugs forum launched its own dead drop initiative with a video advertisement. Borrowing marketing practices from Russian-speaking DNMs, graffiti with the “Breaking Bad” logo and URL has recently been sighted in Liverpool, as well as other British and EU cities. Breaking Bad’s online forum hosts videos relating to the production of drugs, and provides a platform for sales reps from known Chinese drug precursor manufacturers.

{{blogad-comradesincrime-report-2}}

The collateral damage of dead drops

DNMs using dead drops already make up 95% of total global DNM revenue, according to TRM research. Given current trends, this figure is likely to grow. 

As dead drops proliferate worldwide, they bring with them significant risks to the public. Stashes can be discovered by children, animals, and opportunistic drug users, leading to potential overdoses and death. Individuals have also been reported trespassing on private property to pick up dead drops.

Yet perhaps the greatest danger affects the individuals who deliver the goods, often vulnerable young people who face violent reprisals from their bosses. Due to their large numbers and low status in the illicit drug economy, these couriers also make up a disproportionate number of arrests and imprisonments relative to senior operatives. And in countries with less robust human rights records, they are also at risk of brutality from inmates and correctional officials.

{{fyicard-russiandeaddrops-2}}

The road ahead

While postal-based darknet drug markets pose significant problems for law enforcement and society, the harm from dead drop systems is potentially much greater still. Russian-style drug distribution models involve larger volumes of drugs, higher numbers of people participating in criminal activity, and greater danger of physical risk — both from violence and consumption of discovered drug stashes. And due to their greater efficiency and lack of reliance on a single distribution channel (the postal service) that can be surveilled and policed, dead drop systems are faster growing and more difficult to contain. 

However, the widespread use of the Russian template internationally allows authorities to anticipate many of the features of dead drop activity and leverage the expertise of blockchain intelligence companies with experience tracking Russian-language DNMs. Increased social awareness of the dead drop phenomenon and close cooperation between law enforcement and their private sector partners can help counter this rising threat.

{{horizontal-line}}

To learn more about Russian dead drop dealing, read the latest GI-TOC report, featuring research from TRM's analysts: Breaking Klad: Russia's Dead Drop Drug Revolution.

This is some text inside of a div block.
Subscribe and stay up to date with our insights
arrow right
September 27, 2024

The Rise of Cryptocurrency in the Synthetic Drug Trade

arrow right
June 10, 2024

Beyond Fentanyl: TRM Report Reveals Cryptocurrency’s Role in the International Drug Precursor Market

arrow right
July 10, 2024

Detroit Man Sentenced to Over Ten Years For Drug Trafficking and Crypto-Related Money Laundering

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Eight Months After Hydra Shutdown, New Russian-language Darknet Markets Are Filling the Void

<a id="callout-link" href="https://www.trmlabs.com/post/eight-months-after-the-hydra-shutdown-new-russian-language-darknet-markets-fill-the-void">Read the post on TRM's blog →</a>

There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia

Read the article on VICE →

Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT