The U.S. Treasury's pursuit of Garantex founders and their new exchange Grinex indicates that the initial sanctions merely forced criminals to reshape their $100 million illegal financial network rather than abandon it.
The U.S. Treasury has intensified its crackdown on illegal cryptocurrency activities, redesignating the cryptocurrency exchange Garantex Europe OU, and sanctioning its successor platform Grinex.
Previously, for many years, Garantex has been accused of processing over $100 million in transactions related to ransomware groups, dark web markets, and other cybercriminal activities.
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has launched a crackdown on cryptocurrency crime involving Garantex leaders.
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions on three executives of cryptocurrency exchange Garantex and its six affiliates in Russia and Kyrgyzstan. These measures, announced by the OFAC cyber division on Thursday, accuse the platform of playing a significant role in laundering digital assets for cybercriminals.
Treasury officials state that despite being sanctioned in April 2022 for operating in the Russian financial services sector, Garantex continued to provide services to ransomware operators.
John Hurley, Deputy Secretary for Terrorism and Financial Intelligence at the U.S. Treasury, stated: "Using cryptocurrency exchanges to launder and conduct ransomware attacks not only threatens our national security but also undermines the reputation of legitimate virtual asset service providers."
Authorities state that the exchange is responsible for handling transactions related to groups behind Conti, LockBit, and Black Basta ransomware, as well as sanctioned money launderer Ekaterina Zhdanova.
This new action follows a joint operation by the U.S. Secret Service with German and Finnish authorities on March 6, which seized Garantex's web domain, froze $26 million worth of cryptocurrency, and dismantled its infrastructure.
The U.S. Department of Justice also announced indictments against executives Aleksandr Mira Serda and Aleksej Beščokov, charging them with conspiracy to commit money laundering, operating an unlicensed money transfer business, and violating U.S. sanctions.
Beščokov was arrested while on vacation with family in Kerala, India. Russian citizen and Garantex co-owner Mira Serda remains at large.
Prosecutors allege that Garantex transferred wallets to evade detection and provided misleading data to conceal account ownership, even in cases where Russian law enforcement sought information. If convicted, the two could face up to 20 years in prison (for money laundering), up to 20 years in prison (for violating sanctions), and 5 years in prison (for operating without a license).
Additionally, the U.S. State Department announced two rewards under the Transnational Organized Crime Rewards Program, offering up to $5 million for information leading to the arrest and/or conviction of Mira Serda, and up to $1 million for other key leaders of Garantex.
The U.S. Treasury states that Garantex transferred funds to Grinex to evade sanctions.
U.S. Treasury officials stated that after the seizure operation in March, Garantex transferred its customer funds to the newly established exchange Grinex in an attempt to circumvent sanctions. Grinex's promotional materials openly claim that it was established to address freezing and restrictions. Since its inception, Grinex has processed billions of dollars in cryptocurrency transactions.
Investigators also found that Garantex and Grinex used the ruble-backed digital token A7A5 to return funds to Russian clients whose assets were frozen.
The token is linked to the Russian company A7 and its subsidiaries, which U.S. officials claim are controlled by sanctioned individuals, including Moldovan oligarch Ilan Shor and Russian bank Promsvyazbank.
OFAC has now imposed sanctions on Grinex, A7, its subsidiaries, and Old Vector for assisting Garantex in evading sanctions.
Treasury officials state that the leadership of Garantex is key to the illegal operation of the exchange. Allegedly, co-founders Sergey Mendeleev, co-owner Mira Serda, and regional director Pavel Karavatsky procure infrastructure, register trademarks, and engage in business expansion to maintain its legitimacy.
Two other companies, InDeFi Bank and Exved, have also been sanctioned. Both companies are controlled by Mendeleev and have been accused of facilitating cross-border cryptocurrency transactions that circumvent U.S. restrictions.
The new sanctions mean that all individuals and entities named have their property and interests in property within U.S. jurisdiction frozen. Without authorization, U.S. citizens are generally prohibited from engaging in any transactions with them.
Financial institutions that continue to do business with sanctioned parties face the risk of enforcement actions.
The U.S. Treasury Department emphasizes that sanctions are intended to change behavior, not merely to punish. OFAC has procedures to remove individuals from the Specially Designated Nationals (SDN) list who can demonstrate compliance with U.S. law.
Garantex took action following the takedown of BidenCash and BlackSuit ransomware.
The Garantex case is one of a series of recent actions by the U.S. targeting cybercrime infrastructure. On June 5, law enforcement seized cryptocurrency related to BidenCash. BidenCash is a dark web marketplace accused of selling over 15 million stolen credit cards and personal data.
This international operation involved the U.S., the Netherlands, and other agencies, shutting down about 145 domain names associated with the site.
Police also dismantled the BlackSuit ransomware gang, seizing over $1 million in digital assets associated with the malware. BlackSuit is accused of targeting critical infrastructure sectors in the U.S. and abroad.
U.S. authorities have repeatedly emphasized the growing connections between ransomware, illegal cryptocurrency use, and state-related actors.
The United Nations estimates that North Korea's Lazarus Group has stolen over $3 billion in digital assets globally, much of which has been used to fund weapons programs.
