U.S. Sanctions Garantex, Grinex for Ransomware Ties and Sanctions Evasion

Generated by AI AgentCoin World
Thursday, Aug 14, 2025 9:56 pm ET2min read
USDT
--
Aime RobotAime Summary

- U.S. Treasury sanctions Garantex, Grinex, and 9 affiliates for laundering ransomware proceeds and evading sanctions via A7A5 stablecoin.

- Two Garantex executives face indictments; $5M rewards offered for capturing fugitive leader Mira Serda and others.

- Platforms processed transactions for Conti, LockBit, and Black Basta groups after March 2023 domain seizure and $53M crypto freeze.

- Sanctions block U.S. transactions with targeted entities and penalize institutions continuing business with them.

- Action follows BidenCash takedown, highlighting U.S. strategy to disrupt state-linked cybercrime infrastructure networks.

The U.S. Treasury has intensified its campaign against illicit cryptocurrency activity, redesignating the Russian-linked exchange Garantex Europe OU and imposing new sanctions on its successor platform, Grinex [1]. The Office of Foreign Assets Control (OFAC) has also targeted three senior executives and six affiliated companies in Russia and Kyrgyzstan for their role in laundering digital assets for cybercriminals [2]. Officials stated that Garantex continued to support ransomware operators despite being sanctioned in April 2022 for operating in Russia’s financial sector [3].

The Treasury emphasized that the platform had handled transactions for groups behind the Conti, LockBit, and Black Basta ransomware strains, as well as for the sanctioned money launderer Ekaterina Zhdanova [4]. U.S. officials revealed that Garantex had moved customer funds to Grinex to evade sanctions after a March 6 coordinated operation involving the U.S. Secret Service and authorities from Germany and Finland froze $26 million in cryptocurrency and seized its web domain [5]. Tether also froze $27 million in

USDT
on Garantex [6].

Prosecutors have unsealed indictments against two Garantex executives, Aleksandr

Mira
Serda and Aleksej Bešciokov, charging them with money laundering conspiracy and operating an unlicensed money-transmitting business [7]. Bešciokov was arrested in India, while Mira Serda remains at large. The Department of State has offered rewards of up to $5 million for information leading to the arrest and conviction of Mira Serda and $1 million for other key leaders [8].

Investigators found that Garantex and Grinex used a ruble-backed stablecoin, A7A5, to return funds to Russian customers whose assets were frozen [9]. The token is tied to a Russian firm, A7, and its subsidiaries, which are allegedly controlled by sanctioned individuals [10]. OFAC has now sanctioned Grinex, A7, its subsidiaries, and Old Vector for assisting in sanctions evasion [11].

Garantex’s leadership, including co-founder Sergey Mendeleev, co-owner Mira Serda, and regional director Pavel Karavatsky, reportedly procured infrastructure and registered trademarks to maintain the exchange’s appearance of legitimacy [12]. Two other companies, InDeFi Bank and Exved, were also sanctioned for helping facilitate cross-border crypto transactions that bypass U.S. restrictions [13].

The new sanctions block all property and interests in property of the named individuals and entities under U.S. jurisdiction and prohibit U.S. persons from engaging in transactions with them [14].

Financial institutions
that continue to do business with the sanctioned parties face potential enforcement actions [15].

The Treasury emphasized that sanctions are meant to change behavior, not merely punish. OFAC maintains a process for removal from its Specially Designated Nationals (SDN) List for those who demonstrate compliance with U.S. laws [16].

The Garantex case is part of a broader U.S. effort to dismantle cybercriminal infrastructure, including the recent takedown of the BidenCash dark web marketplace and the

BlackSuit
ransomware group [17]. These operations highlight the expanding link between ransomware, illicit crypto use, and state-linked actors [18].

---

[1] US Treasury Doubles Down, Hits Crypto Exchange Garantex with Second Sanction (https://cryptonews.com/news/us-treasury-doubles-down-hits-crypto-exchange-garantex-with-second-sanction/)

[2] OFAC Targets Garantex Leaders in Crackdown on Crypto Crime

[3] Garantex processed transactions for ransomware groups like Conti, LockBit, and Black Basta

[4] Garantex continued to operate despite initial sanctions in 2022

[5] March 6 coordinated operation led to domain seizure and $26 million in frozen crypto

[6] Tether freezes $27 million in USDT on Garantex

[7] Indictments unsealed against two Garantex executives

[8] Reward offers for information leading to arrest and conviction of Garantex leadership

[9] Garantex and Grinex used A7A5 stablecoin to return funds to Russian customers

[10] A7 and its subsidiaries are tied to sanctioned individuals

[11] OFAC sanctions Grinex, A7, subsidiaries, and Old Vector

[12] Garantex leadership engaged in business development to maintain legitimacy

[13] InDeFi Bank and Exved were also sanctioned for facilitating crypto transactions

[14] Sanctioned property is blocked, and U.S. persons are prohibited from transactions

[15] Financial institutions face enforcement actions for continuing business with sanctioned entities

[16] Treasury emphasizes sanctions as a behavioral deterrent

[17] Garantex takedown follows BidenCash and BlackSuit operations

[18] U.S. authorities highlight link between ransomware, illicit crypto, and state actors