U.S. Treasury Intensifies Crackdown on Illicit Crypto Activities
The United States Treasury Department has heightened its efforts to combat illicit cryptocurrency activities by redesignating the Russian-linked cryptocurrency exchange Garantex Europe OU and imposing sanctions on its successor platform, Grinex.
This action comes in response to years of accusations claiming that Garantex facilitated over $100 million in transactions associated with ransomware groups, darknet markets, and other cybercriminal activities.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three senior executives from the crypto exchange Garantex and six connected companies in Russia and Kyrgyzstan. This announcement, made on Thursday under OFAC’s cyber authorities, highlights the platform’s involvement in laundering digital assets for cybercriminals.
Treasury officials stated that Garantex has continued to assist ransomware operators despite existing sanctions imposed in April 2022 for its operations in Russia’s financial services sector.
“Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security but also tarnishes the reputations of legitimate virtual asset service providers,” remarked John K. Hurley, Under Secretary for Terrorism and Financial Intelligence.
Authorities claim that the exchange processed transactions for groups responsible for the Conti, LockBit, and Black Basta ransomware strains, as well as sanctioned money launderer Ekaterina Zhdanova.
The recent action follows a coordinated operation on March 6 involving the U.S. Secret Service along with authorities from Germany and Finland, resulting in the seizure of Garantex’s web domain, freezing $26 million in cryptocurrency, and disrupting its infrastructure.
Additionally, the U.S. Department of Justice has unsealed indictments against executives Aleksandr Mira Serda and Aleksej Bešciokov, charging them with conspiracy to commit money laundering, operating an unlicensed money transmission business, and violating U.S. sanctions.
Bešciokov was detained in Kerala, India, while vacationing with his family. Meanwhile, Mira Serda, a Russian national and co-owner of Garantex, remains at large.
Prosecutors allege that Garantex moved wallets to avoid detection and provided deceptive information to obscure account ownership, even when approached by Russian law enforcement. If found guilty, both could face up to 20 years in prison for money laundering, an additional 20 years for sanctions violations, and five years for operating without a license.
Furthermore, the Department of State has announced two reward offers under the Transnational Organized Crime Rewards Program: up to $5 million for information leading to the arrest and/or conviction of Mira Serda, and up to $1 million for other key leaders at Garantex.
In the aftermath of the March seizures, U.S. Treasury officials indicate that Garantex transferred its customer assets to a newly established exchange, Grinex, to circumvent sanctions. Promotional materials for Grinex explicitly stated it was created in response to the freezes and restrictions. Since launching, it has processed billions in cryptocurrency transactions.
Investigators also found that Garantex and Grinex employed a ruble-backed digital token, A7A5, to return funds to Russian clients whose assets had been frozen.
This token was associated with the Russian firm A7 and its subsidiaries, which U.S. officials allege are controlled by sanctioned individuals, including Moldovan oligarch Ilan Shor and Russian bank Promsvyazbank.
More Read
OFAC has now imposed sanctions on Grinex, A7, its subsidiaries, and Old Vector for their roles in assisting Garantex’s efforts to evade sanctions.
Treasury officials assert that the leadership of Garantex played a crucial role in enabling the exchange’s illicit operations. Co-founder Sergey Mendeleev, co-owner Mira Serda, and regional director Pavel Karavatsky reportedly secured infrastructure, registered trademarks, and participated in business development to maintain an appearance of legitimacy.
Additionally, two other companies, InDeFi Bank and Exved, were sanctioned. Both are controlled by Mendeleev and accused of facilitating cross-border crypto transactions that circumvent U.S. restrictions.
The new sanctions mean that all property and interests in property of the named individuals and entities that fall under U.S. jurisdiction are now blocked. U.S. persons are generally prohibited from engaging in any transactions with them unless authorized.
Financial institutions that continue to engage with the sanctioned parties may face enforcement actions.
The Treasury emphasized that the aim of sanctions is to influence behavior, not merely to punish. OFAC has a process for removing entities from its Specially Designated Nationals (SDN) List for those who can demonstrate compliance with U.S. laws.
The Garantex case arises in the context of a series of recent U.S. operations targeting cybercriminal infrastructure. On June 5, law enforcement seized cryptocurrency associated with BidenCash, a dark web marketplace accused of offering over 15 million stolen credit cards and personal data.
This international operation, involving U.S., Dutch, and other agencies, resulted in the takedown of around 145 domains linked to the site.
Officials also disrupted the BlackSuit ransomware group, seizing over $1 million in digital assets connected to the malware scheme. BlackSuit is alleged to have targeted critical infrastructure sectors in the U.S. and around the world.
U.S. authorities have consistently underscored the escalating connection between ransomware, illicit crypto usage, and state-linked actors.
The United Nations has estimated that North Korea’s Lazarus Group has stolen over $3 billion in digital assets globally, a significant portion of which is believed to be funding weapons programs.
