The U.S. Department of the Treasury has re-designated the Russian-based cryptocurrency exchange Garantex with new sanctions, accusing the platform of processing over $100 million in transactions tied to ransomware attacks and other cybercrimes. The move is part of a broader effort to disrupt the financial networks that enable malicious cyber actors and sanctions evasion.
The Treasury’s Office of Foreign Assets Control (OFAC) stated that Garantex has served as a critical conduit for illicit funds, including proceeds from notorious ransomware variants such as Conti, Black Basta, LockBit, and Ryuk. The sanctions also target Garantex’s successor platform, Grinex, which officials say was created to circumvent previous enforcement actions.
“Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence, John K. Hurley.
This new wave of sanctions follows a coordinated international law enforcement operation in March that saw U.S., German, and Finnish authorities seize Garantex’s web domains, freeze more than $26 million in cryptocurrency, and indict two of its executives. One of the executives, Aleksej Besciokov, was arrested in India.
However, blockchain intelligence firms have noted that despite the March takedown, Garantex quickly activated a contingency plan. The exchange’s leadership moved its customer base and funds to Grinex, a platform with a nearly identical interface that was registered in Kyrgyzstan. This rapid migration, which included the use of a ruble-backed stablecoin called A7A5, demonstrates the sophisticated methods used by these illicit networks to evade detection and continue operations.
In addition to Garantex and Grinex, OFAC sanctioned three of the exchange’s executives and six associated companies in Russia and the Kyrgyz Republic that allegedly provided material support to the illicit enterprise. The U.S. Department of State has also offered a reward of up to $5 million for information leading to the arrest and/or conviction of co-founder Aleksandr Mira Serda and up to $1 million for other key leaders.
This action underscores the U.S. government’s commitment to holding accountable the financial infrastructure that supports cybercrime and reinforces the need for greater vigilance within the digital asset industry.
