U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million in transactions linked to illicit activities since 2019.

The Treasury said it’s also imposing sanctions on Garantex’s successor, Grinex, as well as three executives of Garantex and six associated companies in Russia and the Kyrgyz Republic that have enabled these activities –

• Sergey Mendeleev (Co-founder)
• Aleksandr Mira Serda (Co-founder)
• Pavel Karavatsky (Co-founder)
• Independent Decentralized Finance Smartbank and Ecosystem (InDeFi Bank)
• Exved
• Old Vector
• A7 LLC
• A71 LLC
• A7 Agent LLC

“Digital assets play a crucial role in global innovation and economic development, and the United States will not tolerate abuse of this industry to support cybercrime and sanctions evasion,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence, John K. Hurley.

“Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers.”

Garantex was first sanctioned by the U.S. in April 2022 for facilitating transactions from darknet markets and illicit actors such as Hydra and Conti. The cryptocurrency exchange’s website was seized as part of a coordinated law enforcement operation back in March 2025, and its co-founder, Aleksej Besciokov, was arrested in India.

Merely months later, TRM Labs revealed that Garantex may have rebranded as Grinex, likely in an effort to evade sanctions, with the former continuing to process more than $100 million in transactions since the sanctions were levied. Eighty-two percent of its total volume was linked to sanctioned entities worldwide.

“Days after Garantex’s takedown, Telegram channels affiliated with the exchange began promoting Grinex, a platform with a nearly identical interface, registered in Kyrgyzstan in December 2024,” TRM Labs noted in May.

The U.S. Treasury said criminal users use Garantex to launder their ill-gotten funds, processing funds from those related to Conti, Black Basta, LockBit, NetWalker, and Phoenix Cryptolocker ransomware variants. It also said Garantex moved its infrastructure and customer deposits to Grinex shortly after the March law enforcement actions.

Furthermore, Garantex is said to have worked with affected customers to regain access to their accounts using a ruble-backed stablecoin called A7A5 token, which is issued by a Kyrgyzstani firm called Old Vector. The token’s creator is A7 LLC.

According to a report from Elliptic, A7A5 has been used to transfer no less than $1 billion per day, with the aggregate value of A7A5 transfers pegged at $41.2 billion. In all, Grinex is estimated to have facilitated the transfer of billions of dollars in cryptocurrency transactions within…