U.S. Targets Garantex and Grinex for Over $100 Million in Ransomware-Linked Crypto Transactions
The United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has renewed sanctions on the Russian cryptocurrency exchange Garantex, accusing it of processing over $100 million in transactions tied to ransomware groups and other cybercriminal activities since 2019.
The Treasury also imposed fresh sanctions on Grinex (considered Garantex’s successor) along with three of Garantex’s co-founders and six affiliated companies operating in Russia and Kyrgyzstan. These individuals and entities allegedly played a direct role in enabling illicit transactions:
- Sergey Mendeleev (Co-founder)
- Aleksandr Mira Serda (Co-founder)
- Pavel Karavatsky (Co-founder)
- Independent Decentralized Finance Smartbank and Ecosystem (InDeFi Bank)
- Exved
- Old Vector
- A7 LLC
- A71 LLC
- A7 Agent LLC
Under Secretary of the Treasury for Terrorism and Financial Intelligence, John K. Hurley, emphasized that while digital assets contribute to innovation and economic growth, the U.S. will not allow them to be exploited for cybercrime or sanctions evasion. He noted that using crypto exchanges for laundering and ransomware operations threatens national security and damages the credibility of legitimate virtual asset service providers.
Background on Garantex’s Operations
Garantex was initially sanctioned in April 2022 for enabling transactions from darknet marketplaces and actors such as Hydra and Conti. In March 2025, the platform’s website was seized in a multinational law enforcement operation, leading to the arrest of co-founder Aleksej Besciokov in India.
Shortly after, blockchain intelligence firm TRM Labs reported that Garantex had likely rebranded as Grinex in an attempt to circumvent sanctions, continuing to process over $100 million in transactions. According to TRM Labs, 82 percent of Grinex’s transaction volume has been tied to sanctioned entities worldwide.
TRM Labs also noted that days after Garantex’s takedown, Telegram channels linked to the exchange began advertising Grinex, which had a nearly identical platform design and was registered in Kyrgyzstan in December 2024.
The Treasury stated that Garantex was used to launder proceeds from ransomware strains like Conti, Black Basta, LockBit, NetWalker, and Phoenix Cryptolocker. After the March 2025 crackdown, Garantex allegedly transferred its infrastructure and customer assets to Grinex.
It also helped customers recover account access using a ruble-backed stablecoin called A7A5 token, issued by Kyrgyzstani firm Old Vector and created by A7 LLC. Reports from blockchain analytics company Elliptic suggest that A7A5 has been moving no less than $1 billion daily, with total transfers estimated at $41.2 billion.
In addition, Garantex has been linked to facilitating transactions for the Ryuk ransomware group. Russian money launderer Ekaterina Zhdanova allegedly exchanged over $2 million in Bitcoin for Tether (USDT) through Garantex. She was sanctioned by the U.S. in November 2023 for laundering funds for Russian elites and cybercriminal syndicates.
The Treasury further claimed that Garantex executives supported illicit operations by securing infrastructure, registering trademarks, and presenting business activities as legitimate. Partner companies reportedly helped move both legal and illegal funds outside Russia.
International Sanctions and Bounty Offers
The U.S. State Department has offered a $5 million reward for information leading to the arrest of Aleksandr Mira Serda, and $1 million for details on other Garantex leaders. A7 was also sanctioned by the U.K. in May 2025 and the European Union in July 2025.
TRM Labs stated that the March 2025 takedown did not stop Garantex’s operations, as its leadership activated a pre-planned contingency strategy. The integration of A7A5 into Grinex is seen as part of Garantex’s ongoing role in ransomware laundering, darknet transactions, sanctions evasion, and movement of funds through high-risk Russian financial systems.
Recent Law Enforcement Actions
The U.S. Department of Justice (DoJ) has unsealed six warrants to seize over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle. These assets were allegedly tied to Ianis Aleksandrovich Antropenko, who faces charges for deploying Zeppelin ransomware against victims worldwide.
According to the DoJ, the seized assets were proceeds of ransomware activity and were laundered through services such as ChipMixer (dismantled in 2023) as well as structured cash deposits.
In a related crackdown, authorities have frozen over $300 million in cryptocurrency linked to cybercrime and fraud schemes, including “pig butchering” romance scams, as part of ongoing efforts to dismantle criminal networks.
