The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has recently renewed sanctions against the Russian cryptocurrency exchange platform Garantex, citing its role in facilitating cybercrime and ransomware operations. Since 2019, Garantex has been linked to over $100 million in illicit transactions. Additionally, sanctions have been imposed on Garantex’s successor, Grinex, along with three of its executives and six associated companies operating in Russia and the Kyrgyz Republic.
Under Secretary of the Treasury for Terrorism and Financial Intelligence, John K. Hurley, emphasized the importance of maintaining integrity in the digital asset space, stating,
“Digital assets play a crucial role in global innovation and economic development, and the United States will not tolerate abuse of this industry to support cybercrime and sanctions evasion.”
He further noted that the exploitation of cryptocurrency exchanges for money laundering and ransomware attacks poses significant threats to national security and undermines the credibility of legitimate virtual asset service providers.
Garantex was initially sanctioned by the U.S. in April 2022 due to its involvement with darknet markets and notorious actors like Hydra and Conti. In March 2025, a coordinated law enforcement operation led to the seizure of Garantex’s website and the arrest of its co-founder, Aleksej Besciokov, in India. Shortly after these actions, reports from TRM Labs indicated that Garantex had rebranded as Grinex to evade sanctions, continuing to process illicit transactions.
According to TRM Labs, 82% of Garantex’s total transaction volume was linked to sanctioned entities globally. Following the takedown of Garantex, channels on Telegram began promoting Grinex, which features a similar interface and was registered in Kyrgyzstan in December 2024. The U.S. Treasury has indicated that criminal elements have utilized Garantex to launder funds associated with various ransomware gangs, including Conti and LockBit, and that the exchange shifted its infrastructure and customer deposits to Grinex soon after the March law enforcement actions.
Moreover, Garantex reportedly assisted affected customers in regaining access to their accounts using a ruble-backed stablecoin known as the A7A5 token, issued by the Kyrgyzstani firm Old Vector. A report from Elliptic disclosed that A7A5 has been used to transfer at least $1 billion daily, with the total value of transactions estimated at $41.2 billion.
Furthermore, Garantex has been linked to significant money laundering activities, including transactions by Ekaterina Zhdanova, who exchanged over $2 million in Bitcoin for Tether (USDT) via Garantex. Zhdanova was sanctioned by the U.S. in November 2023 for laundering virtual currency for cybercriminal groups. The Treasury has noted that Garantex’s executives facilitated its operations by procuring computer infrastructure and engaging in business development to legitimize its activities.
The U.S. Department of State has announced a reward of $5 million for information leading to the arrest of key Garantex figures, while the U.K. sanctioned A7 in May 2025, followed by the European Union imposing sanctions last month. Despite the March 2025 takedown efforts, TRM Labs reported that Garantex’s leadership activated a contingency plan to continue operations under the new Grinex brand.
In related news, the U.S. Department of Justice has unsealed warrants to seize over $2.8 million in cryptocurrency and cash linked to individuals involved in ransomware activities. This continued crackdown on cybercrime has led to the freezing of more than $300 million in cryptocurrency assets connected to various fraud schemes.
For further insights into the evolving landscape of cybersecurity and the impact of AI, join our upcoming webinar featuring Karl Henrik Smith from Okta, where industry leaders will share strategies and resources to safeguard enterprises against emerging threats.
For more detailed information, please refer to the original article on The Hacker News.
