August 15, 2025 — The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has intensified its actions against cryptocurrency platforms linked to ransomware and cybercrime. On Thursday, the agency reaffirmed sanctions against Garantex, a Russian-based crypto exchange, for processing over $100 million in illicit transactions since 2019.

Alongside Garantex, the Treasury has also sanctioned its successor, Grinex, and three of Garantex’s co-founders — Sergey Mendeleev, Aleksandr Mira Serda, and Pavel Karavatsky — as well as six affiliated companies in Russia and Kyrgyzstan, including:

• Independent Decentralized Finance Smartbank and Ecosystem (InDeFi Bank)
• Exved
• Old Vector
• A7 LLC
• A71 LLC
• A7 Agent LLC

“Digital assets are vital for innovation and economic growth, but the U.S. will not tolerate their misuse to fuel cybercrime or evade sanctions,” stated John K. Hurley, Under Secretary of the Treasury for Terrorism and Financial Intelligence.

A Long History of Criminal Facilitation

Garantex was first sanctioned in April 2022 for enabling transactions from darknet markets and groups like Hydra and Conti. The platform’s domain was seized during a coordinated law enforcement action in March 2025, leading to the arrest of co-founder Aleksej Besciokov in India.

Shortly afterward, intelligence firm TRM Labs suggested Garantex had rebranded as Grinex to circumvent sanctions. Despite the new name, the operation continued handling massive illicit volumes — with 82% of transactions tied to already sanctioned entities.

Reports show Grinex emerged within days of Garantex’s takedown, sharing a nearly identical interface and being registered in Kyrgyzstan in December 2024.

Criminal Ties and Stablecoin Usage

According to the Treasury, Garantex facilitated money laundering for ransomware variants such as Conti, Black Basta, LockBit, NetWalker, and Phoenix Cryptolocker. After its March seizure, the platform moved infrastructure and client funds to Grinex and worked with users to recover accounts using a ruble-backed stablecoin, the A7A5 token, issued by Old Vector and created by A7 LLC.

Blockchain analytics firm Elliptic estimates A7A5 transfers exceed $1 billion per day, with a cumulative total of $41.2 billion.

Additionally, the platform has been linked to laundering for Ryuk ransomware affiliates, with money launderer Ekaterina Zhdanova exchanging over $2 million in Bitcoin for Tether (USDT) via Garantex. Zhdanova was sanctioned in November 2023 for facilitating financial flows for Russian elites and cybercriminal groups.

International and Ongoing Enforcement

The U.S. State Department has announced a $5 million reward for information leading to Serda’s arrest and $1 million for other key Garantex leaders. The U.K. sanctioned A7 in May 2025, followed by the European Union in July.

TRM Labs noted that Garantex’s leadership had contingency plans ready long before its March takedown, enabling continued operations in high-risk financial networks.

Wider Cybercrime Crackdown

The U.S. Department of Justice (DoJ) has also unsealed six warrants to seize over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle. The funds were tied to Ianis Aleksandrovich Antropenko, accused of deploying Zeppelin ransomware worldwide.

The seized crypto was allegedly laundered through methods including ChipMixer — dismantled in 2023 — and cash structuring.

In a related operation, more than $300 million in cryptocurrency connected to cybercrime schemes — including “pig butchering” romance scams — has been frozen, as authorities ramp up efforts to disrupt criminal financial networks.

Source: https://thehackernews.com/2025/08/us-sanctions-garantex-and-grinex-over.html