The U.S. Division of the Treasury’s Workplace of International Property Management (OFAC) on Thursday renewed sanctions in opposition to Russian cryptocurrency alternate platform Garantex for facilitating ransomware actors and different cybercriminals by processing greater than $100 million in transactions linked to illicit actions since 2019.
The Treasury stated it is also imposing sanctions on Garantex’s successor, Grinex, in addition to three executives of Garantex and 6 related firms in Russia and the Kyrgyz Republic which have enabled these actions –
- Sergey Mendeleev (Co-founder)
- Aleksandr Mira Serda (Co-founder)
- Pavel Karavatsky (Co-founder)
- Unbiased Decentralized Finance Smartbank and Ecosystem (InDeFi Financial institution)
- Exved
- Previous Vector
- A7 LLC
- A71 LLC
- A7 Agent LLC
“Digital belongings play an important function in international innovation and financial growth, and the US is not going to tolerate abuse of this trade to assist cybercrime and sanctions evasion,” stated Below Secretary of the Treasury for Terrorism and Monetary Intelligence, John Ok. Hurley.
“Exploiting cryptocurrency exchanges to launder cash and facilitate ransomware assaults not solely threatens our nationwide safety, but in addition tarnishes the reputations of professional digital asset service suppliers.”
Garantex was first sanctioned by the U.S. in April 2022 for facilitating transactions from darknet markets and illicit actors reminiscent of Hydra and Conti. The cryptocurrency alternate’s web site was seized as a part of a coordinated regulation enforcement operation again in March 2025, and its co-founder, Aleksej Besciokov, was arrested in India.
Merely months later, TRM Labs revealed that Garantex might have rebranded as Grinex, seemingly in an effort to evade sanctions, with the previous persevering with to course of greater than $100 million in transactions for the reason that sanctions have been levied. Eighty-two % of its whole quantity was linked to sanctioned entities worldwide.
“Days after Garantex’s takedown, Telegram channels affiliated with the alternate started selling Grinex, a platform with an almost an identical interface, registered in Kyrgyzstan in December 2024,” TRM Labs famous in Could.
The U.S. Treasury stated felony customers use Garantex to launder their ill-gotten funds, processing funds from these associated to Conti, Black Basta, LockBit, NetWalker, and Phoenix Cryptolocker ransomware variants. It additionally stated Garantex moved its infrastructure and buyer deposits to Grinex shortly after the March regulation enforcement actions.
Moreover, Garantex is claimed to have labored with affected prospects to regain entry to their accounts utilizing a ruble-backed stablecoin referred to as A7A5 token, which is issued by a Kyrgyzstani agency referred to as Previous Vector. The token’s creator is A7 LLC.
In line with a report from Elliptic, A7A5 has been used to switch a minimum of $1 billion per day, with the combination worth of A7A5 transfers pegged at $41.2 billion. In all, Grinex is estimated to have facilitated the switch of billions of {dollars} in cryptocurrency transactions throughout the few months it has been operational.
“Garantex has additionally supplied account and alternate companies to actors related to the Ryuk ransomware gang,” the company stated. “Ekaterina Zhdanova, a prolific cash launderer, exchanged over $2 million in Bitcoin for Tether (USDT) through Garantex.”
 |
| Garantex’s outgoing funds from September 2024 by Could 2025 |
Zhdanova was beforehand sanctioned by the U.S. in November 2023 for laundering digital forex for the nation’s elites and cybercriminal crews, together with Ryuk.
“Garantex’s senior executives have supported its capability to allow cybercrime and sanctions evasion by procuring pc infrastructure for Garantex, registering its emblems, and fascinating in enterprise growth efforts to make its actions seem professional,” the Treasury added. “Garantex’s community of companion firms has additionally enabled it to maneuver cash, together with illicit funds, exterior of Russia.”
The U.S. Division of State has introduced a $5 million reward for data resulting in the arrest of Serda and $1 million for data on different key leaders of Garantex. It is price noting that A7 was sanctioned by the U.Ok. in Could 2025 and by the European Union final month.
“The March 2025 multinational takedown didn’t halt these actions,” TRM Labs stated. “As an alternative, Garantex’s management shortly activated a contingency plan that seems to have been in place for months.”
“The mixing of A7A5 into Grinex represents solely the latest chapter in Garantex’s long-standing function in illicit finance. Each earlier than and after its designation by the U.S. Treasury, Garantex operated as a key conduit for ransomware laundering, darknet market transactions, sanctions evasion, and the motion of funds by high-risk Russian monetary networks.”
The brand new wave of sanctions comes because the U.S. Division of Justice (DoJ) unsealed six warrants authorizing the seizure of over $2.8 million in cryptocurrency, $70,000 in money, and a luxurious car.
The cryptocurrency, the DoJ stated, was seized from a cryptocurrency pockets managed by Ianis Aleksandrovich Antropenko, who has been charged within the U.S. for allegedly utilizing Zeppelin ransomware to focus on people, companies, and organizations worldwide.
“The cryptocurrency and different belongings are proceeds of (or have been concerned in laundering the proceeds of) ransomware exercise,” in line with the DoJ.
“These belongings have been laundered in numerous methods, together with through the use of the cryptocurrency mixing service ChipMixer, which was taken down in a coordinated worldwide operation in 2023. Antropenko additionally laundered cryptocurrency by exchanging cryptocurrency for money and depositing the money in structured money deposits.”
In a associated growth, greater than $300 million in cryptocurrency belongings linked to cybercrime and fraud schemes, together with romance baiting (aka pig butchering) scams, have been frozen as a part of an ongoing effort to determine and disrupt felony networks.
