Journalist
Hassan Shittu
Journalist
Hassan Shittu
Share
The United States Treasury Department has escalated its crackdown on illicit crypto activity, redesignating the Russian-linked cryptocurrency exchange Garantex Europe OU and sanctioning its successor platform, Grinex.
The move follows years of allegations that Garantex processed more than $100 million in transactions tied to ransomware groups, darknet markets, and other cybercriminal operations.
OFAC Targets Garantex Leaders in Crackdown on Crypto Crime
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three senior executives of crypto exchange Garantex and six associated companies in Russia and Kyrgyzstan. The measures, announced Thursday under OFAC’s cyber authorities, cite the platform’s role in laundering digital assets for cybercriminals.
Treasury officials said Garantex has continued to serve ransomware operators despite being sanctioned in April 2022 for operating in Russia’s financial services sector.
“Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers,” said John K. Hurley, Under Secretary for Terrorism and Financial Intelligence.
Authorities say the exchange handled transactions for groups behind the Conti, LockBit, and Black Basta ransomware strains, as well as sanctioned money launderer Ekaterina Zhdanova.
The new action follows a March 6 coordinated operation involving the U.S. Secret Service and German and Finnish authorities, which seized Garantex’s web domain, froze $26 million in cryptocurrency, and disrupted its infrastructure.
The U.S. Department of Justice has also unsealed indictments against executives Aleksandr Mira Serda and Aleksej Bešciokov, charging them with money laundering conspiracy, operating an unlicensed money-transmitting business, and violating U.S. sanctions.
Bešciokov was arrested in Kerala, India, while on vacation with his family. Mira Serda, a Russian national and co-owner of Garantex, remains at large.
Prosecutors allege Garantex moved wallets to evade detection and provided misleading data to conceal account ownership, even in cases where Russian law enforcement sought information. If convicted, both face up to 20 years in prison for money laundering, another 20 for sanctions violations, and five years for operating without a license.
Additionally, the Department of State has announced two reward offers under the Transnational Organized Crime Rewards Program of up to $5 million for information leading to the arrest and/or conviction of Mira Serda and up to $1 million for other key leaders of Garantex.
U.S. Treasury Says Garantex Shifted Funds to Grinex to Evade Sanctions
Following the March seizures, U.S. Treasury officials say Garantex moved its customer funds to a newly created exchange, Grinex, in an effort to bypass sanctions. Promotional materials for Grinex openly stated it was formed in response to the freezes and restrictions. Since its launch, it has processed billions in cryptocurrency transactions.
Investigators also uncovered that Garantex and Grinex used a ruble-backed digital token, A7A5, to return funds to Russian customers whose assets were frozen.
The token was tied to Russian firm A7 and its subsidiaries, which U.S. officials say are controlled by sanctioned individuals, including Moldovan oligarch Ilan Shor and Russian bank Promsvyazbank.
OFAC has now sanctioned Grinex, A7, its subsidiaries, and Old Vector for aiding Garantex’s sanctions evasion efforts.
Treasury officials say Garantex’s leadership was key to enabling the exchange’s illicit operations. Co-founder Sergey Mendeleev, co-owner Mira Serda, and regional director Pavel Karavatsky allegedly procured infrastructure, registered trademarks, and engaged in business development to maintain the appearance of legitimacy.
Two other companies, InDeFi Bank and Exved, were also sanctioned. Both are controlled by Mendeleev and are accused of helping facilitate cross-border crypto transactions that bypass U.S. restrictions.
The new sanctions mean all property and interests in property of the named individuals and entities that fall under U.S. jurisdiction are blocked. U.S. persons are generally prohibited from engaging in any transactions with them unless authorized.
Financial institutions that continue to do business with the sanctioned parties risk enforcement actions.
The Treasury stressed that sanctions are intended to change behavior, not simply punish. OFAC maintains a process for removal from its Specially Designated Nationals (SDN) List for those who demonstrate compliance with U.S. laws.
Garantex Action Follows Takedowns of BidenCash, BlackSuit Ransomware
The Garantex case comes amid a series of recent U.S. operations targeting cybercriminal infrastructure. On June 5, law enforcement seized crypto linked to BidenCash, a dark web marketplace accused of selling over 15 million stolen credit cards and personal data.
The international operation, involving U.S., Dutch, and other agencies, took down around 145 domains linked to the site.
Officials also disrupted the BlackSuit ransomware group, seizing over $1 million in digital assets tied to the malware scheme. BlackSuit is accused of targeting critical infrastructure sectors in the U.S. and abroad.
U.S. authorities have repeatedly highlighted the growing nexus between ransomware, illicit crypto use, and state-linked actors.
The United Nations has estimated that North Korea’s Lazarus Group has stolen more than $3 billion in digital assets worldwide, with much of the money funding weapons programs.
