The U.S. Division of the Treasury’s Workplace of International Belongings Management (OFAC) on Thursday renewed sanctions towards Russian cryptocurrency trade platform Garantex for facilitating ransomware actors and different cybercriminals by processing greater than $100 million in transactions linked to illicit actions since 2019.
The Treasury stated it is also imposing sanctions on Garantex’s successor, Grinex, in addition to three executives of Garantex and 6 related corporations in Russia and the Kyrgyz Republic which have enabled these actions –
Sergey Mendeleev (Co-founder)
Aleksandr Mira Serda (Co-founder)
Pavel Karavatsky (Co-founder)
Impartial Decentralized Finance Smartbank and Ecosystem (InDeFi Financial institution)
Exved
Previous Vector
A7 LLC
A71 LLC
A7 Agent LLC
“Digital belongings play an important position in international innovation and financial improvement, and the USA won’t tolerate abuse of this business to assist cybercrime and sanctions evasion,” stated Beneath Secretary of the Treasury for Terrorism and Monetary Intelligence, John Ok. Hurley.
“Exploiting cryptocurrency exchanges to launder cash and facilitate ransomware assaults not solely threatens our nationwide safety, but in addition tarnishes the reputations of respectable digital asset service suppliers.”
Garantex was first sanctioned by the U.S. in April 2022 for facilitating transactions from darknet markets and illicit actors reminiscent of Hydra and Conti. The cryptocurrency trade’s web site was seized as a part of a coordinated legislation enforcement operation again in March 2025, and its co-founder, Aleksej Besciokov, was arrested in India.
Merely months later, TRM Labs revealed that Garantex might have rebranded as Grinex, seemingly in an effort to evade sanctions, with the previous persevering with to course of greater than $100 million in transactions because the sanctions had been levied. Eighty-two % of its complete quantity was linked to sanctioned entities worldwide.
“Days after Garantex’s takedown, Telegram channels affiliated with the trade started selling Grinex, a platform with an almost similar interface, registered in Kyrgyzstan in December 2024,” TRM Labs famous in Could.
The U.S. Treasury stated prison customers use Garantex to launder their ill-gotten funds, processing funds from these associated to Conti, Black Basta, LockBit, NetWalker, and Phoenix Cryptolocker ransomware variants. It additionally stated Garantex moved its infrastructure and buyer deposits to Grinex shortly after the March legislation enforcement actions.
Moreover, Garantex is claimed to have labored with affected clients to regain entry to their accounts utilizing a ruble-backed stablecoin referred to as A7A5 token, which is issued by a Kyrgyzstani agency referred to as Previous Vector. The token’s creator is A7 LLC.
In line with a report from Elliptic, A7A5 has been used to switch a minimum of $1 billion per day, with the combination worth of A7A5 transfers pegged at $41.2 billion. In all, Grinex is estimated to have facilitated the switch of billions of {dollars} in cryptocurrency transactions inside the few months it has been operational.
“Garantex has additionally offered account and trade providers to actors related to the Ryuk ransomware gang,” the company stated. “Ekaterina Zhdanova, a prolific cash launderer, exchanged over $2 million in Bitcoin for Tether (USDT) by way of Garantex.”
Garantex’s outgoing funds from September 2024 via Could 2025
Zhdanova was beforehand sanctioned by the U.S. in November 2023 for laundering digital foreign money for the nation’s elites and cybercriminal crews, together with Ryuk.
“Garantex’s senior executives have supported its potential to allow cybercrime and sanctions evasion by procuring pc infrastructure for Garantex, registering its logos, and fascinating in enterprise improvement efforts to make its actions seem respectable,” the Treasury added. “Garantex’s community of associate corporations has additionally enabled it to maneuver cash, together with illicit funds, exterior of Russia.”
The U.S. Division of State has introduced a $5 million reward for data resulting in the arrest of Serda and $1 million for data on different key leaders of Garantex. It is price noting that A7 was sanctioned by the U.Ok. in Could 2025 and by the European Union final month.
“The March 2025 multinational takedown didn’t halt these actions,” TRM Labs stated. “As an alternative, Garantex’s management shortly activated a contingency plan that seems to have been in place for months.”
“The combination of A7A5 into Grinex represents solely the latest chapter in Garantex’s long-standing position in illicit finance. Each earlier than and after its designation by the U.S. Treasury, Garantex operated as a key conduit for ransomware laundering, darknet market transactions, sanctions evasion, and the motion of funds via high-risk Russian monetary networks.”
The brand new wave of sanctions comes because the U.S. Division of Justice (DoJ) unsealed six warrants authorizing the seizure of over $2.8 million in cryptocurrency, $70,000 in money, and a luxurious car.
The cryptocurrency, the DoJ stated, was seized from a cryptocurrency pockets managed by Ianis Aleksandrovich Antropenko, who has been charged within the U.S. for allegedly utilizing Zeppelin ransomware to focus on people, companies, and organizations worldwide.
“The cryptocurrency and different belongings are proceeds of (or had been concerned in laundering the proceeds of) ransomware exercise,” in response to the DoJ.
“These belongings had been laundered in numerous methods, together with by utilizing the cryptocurrency mixing service ChipMixer, which was taken down in a coordinated worldwide operation in 2023. Antropenko additionally laundered cryptocurrency by exchanging cryptocurrency for money and depositing the money in structured money deposits.”
In a associated improvement, greater than $300 million in cryptocurrency belongings linked to cybercrime and fraud schemes, together with romance baiting (aka pig butchering) scams, have been frozen as a part of an ongoing effort to determine and disrupt prison networks.
