The U.S. government has once again sanctioned the Russian cryptocurrency exchange Garantex, citing its ongoing role in facilitating cybercrime and money laundering. U.S. officials state that the platform has processed more than $100 million in illicit funds since 2019, directly benefiting ransomware gangs and other cybercriminals. This action follows a previous round of sanctions in 2022 and a recent law enforcement operation that seized the exchange’s servers. The renewed sanctions aim to disrupt the network of individuals and companies that have allowed Garantex to continue its operations, including its successor platform, Grinex.
In a coordinated effort to dismantle Garantex’s operations, the U.S. Treasury Department has also redesignated the exchange’s successor, Grinex, along with three executives and six associated companies in Russia and the Kyrgyz Republic. This move comes after a multi-agency law enforcement action, including the FBI and other U.S. agencies, which saw the seizure of Garantex’s servers in Finland and Germany. The U.S. government has revealed that Garantex’s co-founder Aleksandr Mira Serda and another individual, Aleksej Besciokov, were responsible for running the exchange and were aware of its use for illicit activities. Besciokov has since been arrested in India, while Serda remains at large, with the State Department offering a significant reward for information leading to his arrest.
Despite the initial sanctions in 2022, Garantex and its associates allegedly continued to conduct transactions with U.S. entities by constantly changing their operational cryptocurrency wallets to evade detection. Court documents reveal this systematic attempt to circumvent the sanctions, making it difficult for U.S. exchanges to block transactions. In a further attempt to evade law enforcement, officials said the March 2025 indictment prompted Garantex to move its customer base and funds to Grinex. This new platform has taken over Garantex’s operations, facilitating billions of dollars in cryptocurrency transactions and continuing the network’s role in the Russian ransomware ecosystem.
The scale of Garantex’s involvement in illicit finance is significant. U.S. officials have traced a substantial portion of the laundered funds to various darknet markets and prominent ransomware gangs, including Conti, Black Basta, Ryuk, LockBit, and NetWalker. Following the law enforcement action in March, Garantex reportedly worked with its users to help them regain access to their funds through a new ruble-backed digital asset called the A7A5 token, which is issued by a Kyrgyzstani firm. This new scheme has also been targeted by the renewed sanctions, which now include the company issuing the token, along with several other Russian firms and key individuals like co-founder Sergey Mendeleev.
The international community, including the European Union and Europol, has also taken action against Garantex, highlighting the global effort to combat cybercrime and sanctions evasion. The recent U.S. sanctions, which target the entire web of companies and individuals supporting Garantex, are seen as a positive step by blockchain security experts. The move addresses the evolving tactics of sanctioned entities, such as the use of stablecoins to bypass financial restrictions, and underscores the commitment of international law enforcement to hold these platforms and their operators accountable.
Reference:
