The U.S. Division of the Treasury’s Workplace of International Belongings Management (OFAC) on Thursday renewed sanctions towards Russian cryptocurrency change platform Garantex for facilitating ransomware actors and different cybercriminals by processing greater than $100 million in transactions linked to illicit actions since 2019.
The Treasury mentioned it is also imposing sanctions on Garantex’s successor, Grinex, in addition to three executives of Garantex and 6 related firms in Russia and the Kyrgyz Republic which have enabled these actions –
- Sergey Mendeleev (Co-founder)
- Aleksandr Mira Serda (Co-founder)
- Pavel Karavatsky (Co-founder)
- Unbiased Decentralized Finance Smartbank and Ecosystem (InDeFi Financial institution)
- Exved
- Outdated Vector
- A7 LLC
- A71 LLC
- A7 Agent LLC
“Digital property play a vital position in world innovation and financial improvement, and the US won’t tolerate abuse of this trade to assist cybercrime and sanctions evasion,” mentioned Below Secretary of the Treasury for Terrorism and Monetary Intelligence, John Ok. Hurley.
“Exploiting cryptocurrency exchanges to launder cash and facilitate ransomware assaults not solely threatens our nationwide safety, but additionally tarnishes the reputations of reliable digital asset service suppliers.”
Garantex was first sanctioned by the U.S. in April 2022 for facilitating transactions from darknet markets and illicit actors equivalent to Hydra and Conti. The cryptocurrency change’s web site was seized as a part of a coordinated legislation enforcement operation again in March 2025, and its co-founder, Aleksej Besciokov, was arrested in India.
Merely months later, TRM Labs revealed that Garantex could have rebranded as Grinex, probably in an effort to evade sanctions, with the previous persevering with to course of greater than $100 million in transactions for the reason that sanctions had been levied. Eighty-two p.c of its whole quantity was linked to sanctioned entities worldwide.
“Days after Garantex’s takedown, Telegram channels affiliated with the change started selling Grinex, a platform with a virtually similar interface, registered in Kyrgyzstan in December 2024,” TRM Labs famous in Might.
The U.S. Treasury mentioned felony customers use Garantex to launder their ill-gotten funds, processing funds from these associated to Conti, Black Basta, LockBit, NetWalker, and Phoenix Cryptolocker ransomware variants. It additionally mentioned Garantex moved its infrastructure and buyer deposits to Grinex shortly after the March legislation enforcement actions.
Moreover, Garantex is alleged to have labored with affected clients to regain entry to their accounts utilizing a ruble-backed stablecoin known as A7A5 token, which is issued by a Kyrgyzstani agency known as Outdated Vector. The token’s creator is A7 LLC.
In accordance with a report from Elliptic, A7A5 has been used to switch at least $1 billion per day, with the combination worth of A7A5 transfers pegged at $41.2 billion. In all, Grinex is estimated to have facilitated the switch of billions of {dollars} in cryptocurrency transactions inside the few months it has been operational.
“Garantex has additionally supplied account and change providers to actors related to the Ryuk ransomware gang,” the company mentioned. “Ekaterina Zhdanova, a prolific cash launderer, exchanged over $2 million in Bitcoin for Tether (USDT) by way of Garantex.”
 |
| Garantex’s outgoing funds from September 2024 by way of Might 2025 |
Zhdanova was beforehand sanctioned by the U.S. in November 2023 for laundering digital forex for the nation’s elites and cybercriminal crews, together with Ryuk.
“Garantex’s senior executives have supported its skill to allow cybercrime and sanctions evasion by procuring laptop infrastructure for Garantex, registering its emblems, and fascinating in enterprise improvement efforts to make its actions seem reliable,” the Treasury added. “Garantex’s community of associate firms has additionally enabled it to maneuver cash, together with illicit funds, outdoors of Russia.”
The U.S. Division of State has introduced a $5 million reward for data resulting in the arrest of Serda and $1 million for data on different key leaders of Garantex. It is value noting that A7 was sanctioned by the U.Ok. in Might 2025 and by the European Union final month.
“The March 2025 multinational takedown didn’t halt these actions,” TRM Labs mentioned. “As a substitute, Garantex’s management rapidly activated a contingency plan that seems to have been in place for months.”
“The mixing of A7A5 into Grinex represents solely the newest chapter in Garantex’s long-standing position in illicit finance. Each earlier than and after its designation by the U.S. Treasury, Garantex operated as a key conduit for ransomware laundering, darknet market transactions, sanctions evasion, and the motion of funds by way of high-risk Russian monetary networks.”
The brand new wave of sanctions comes because the U.S. Division of Justice (DoJ) unsealed six warrants authorizing the seizure of over $2.8 million in cryptocurrency, $70,000 in money, and a luxurious car.
The cryptocurrency, the DoJ mentioned, was seized from a cryptocurrency pockets managed by Ianis Aleksandrovich Antropenko, who has been charged within the U.S. for allegedly utilizing Zeppelin ransomware to focus on people, companies, and organizations worldwide.
“The cryptocurrency and different property are proceeds of (or had been concerned in laundering the proceeds of) ransomware exercise,” in accordance with the DoJ.
“These property had been laundered in numerous methods, together with by utilizing the cryptocurrency mixing service ChipMixer, which was taken down in a coordinated worldwide operation in 2023. Antropenko additionally laundered cryptocurrency by exchanging cryptocurrency for money and depositing the money in structured money deposits.”
In a associated improvement, greater than $300 million in cryptocurrency property linked to cybercrime and fraud schemes, together with romance baiting (aka pig butchering) scams, have been frozen as a part of an ongoing effort to determine and disrupt felony networks.
