https://rollingout.com/2025/08/14/treasury-sanctions-crypto-exchange/

The U.S. Treasury just delivered a crushing blow to cybercriminals who thought they could hide behind cryptocurrency exchanges. The Office of Foreign Assets Control slammed sanctions on Garantex Europe, a crypto platform that’s been washing dirty money for ransomware gangs and other digital criminals since 2019.

This isn’t just another regulatory slap on the wrist. We’re talking about a Treasury sanctions crypto exchange operation that processed over $100 million in transactions linked to some of the nastiest cybercriminal organizations on the planet.

Garantex becomes cybercriminals’ favorite money laundry

Here’s how deep this rabbit hole goes: Garantex didn’t just accidentally enable a few bad transactions. The exchange actively became the go-to destination for criminals looking to clean their digital dirty money. Founded in late 2019 and originally registered in Estonia, the platform conducted most of its shadowy operations from Moscow and Saint Petersburg.

The numbers tell a shocking story. Analysis shows that over $100 million of known Garantex transactions connect directly to illicit actors, including darknet markets and ransomware groups that have terrorized businesses worldwide. This Treasury sanctions crypto exchange action targets an operation that maintained accounts for hundreds of thousands of users while knowingly facilitating criminal activity.

Estonia’s Financial Intelligence Unit already spotted the red flags back in 2022, yanking Garantex’s license after discovering critical anti-money laundering deficiencies and connections to criminal wallets. But instead of cleaning up their act, the exchange doubled down on serving criminals.

Ransomware gangs found their perfect partner

The most disturbing aspect of this Treasury sanctions crypto exchange case involves direct connections to notorious ransomware operations. Garantex received millions of dollars in cryptocurrency directly from attacks involving Conti, Black Basta, LockBit, NetWalker and Phoenix Cryptolocker ransomware variants.

These aren’t small-time hackers working from basements. We’re talking about sophisticated criminal organizations that have crippled hospitals, shut down pipelines and held entire cities hostage for digital ransom payments. Garantex provided the essential service these groups needed — a way to convert their stolen cryptocurrency into usable funds.

The exchange also offered services to actors connected to the Ryuk ransomware gang, another group responsible for devastating attacks on critical infrastructure. When criminals needed to move money fast and quietly, Garantex was there to help.

International law enforcement strikes back

This Treasury sanctions crypto exchange action represents just one piece of a massive international effort to dismantle cybercriminal infrastructure. The U.S. Secret Service partnered with German and Finnish law enforcement to seize Garantex’s web domain and freeze over $26 million in cryptocurrency controlled by the exchange.

The Department of Justice unsealed indictments against key Garantex executives Aleksandr Mira Serda and Aleksej Besciokov. Following the indictments, Besciokov was arrested in India, showing how international cooperation can reach cybercriminals wherever they try to hide.

The Department of State sweetened the deal with reward offers up to $5 million for information leading to Mira Serda’s arrest and conviction, plus up to $1 million for other key Garantex leaders. These aren’t token gestures — they’re serious bounties that demonstrate how badly authorities want these cybercriminal enablers brought to justice.

Grinex emerges as Garantex’s shameless successor

Here’s where the Treasury sanctions crypto exchange story gets even more brazen. Instead of shutting down after getting hit with sanctions and law enforcement actions, Garantex executives simply created a new exchange called Grinex to continue their criminal operations.

Grinex’s promotional materials openly admit the exchange was formed in response to sanctions and asset freezes affecting Garantex. Since its creation, this successor platform has facilitated billions of dollars in cryptocurrency transactions, showing just how determined these operators are to keep serving criminals.

The Treasury didn’t fall for this shell game. Today’s sanctions specifically target Grinex as part of Garantex’s sanctions evasion scheme, along with multiple Russian and Kyrgyzstani companies that supported the operation.

Complex web of criminal partnerships exposed

This Treasury sanctions crypto exchange investigation uncovered a sophisticated network of partnerships designed to keep criminal money flowing. Garantex worked with entities like A7 Limited Liability Company, a Russian firm providing cross-border settlement platforms specifically for sanctions evasion.

The criminals even created a special token called A7A5 to help Garantex customers who lost access to their funds after law enforcement actions. This ruble-backed digital asset was designed by Kyrgyzstani firm Old Vector working directly with Garantex to maintain criminal operations despite international pressure.

Key executives like Sergey Mendeleev, Aleksandr Mira Serda and Pavel Karavatsky played crucial roles in building and maintaining this criminal infrastructure. Their companies InDeFi Bank and Exved specifically helped users purchase virtual currencies from Garantex and facilitated cryptocurrency trades designed to subvert U.S. sanctions.

Message sent to crypto criminals worldwide

This Treasury sanctions crypto exchange action sends an unmistakable message to anyone thinking about using digital assets for criminal purposes. The days of hiding behind supposedly anonymous cryptocurrency transactions are over.

The Treasury Department made clear it won’t tolerate abuse of the digital asset industry to support cybercrime and sanctions evasion. Legitimate cryptocurrency exchanges now have a clear example of what happens when platforms choose to serve criminals instead of following the law.

Financial institutions and other entities that engage with sanctioned crypto exchanges face serious consequences, including potential sanctions or enforcement actions themselves. The risks of working with criminal-friendly platforms now far outweigh any potential profits.

Digital assets face accountability reckoning

While innovation in digital assets continues, this Treasury sanctions crypto exchange case proves that cryptocurrency can’t remain a lawless frontier for criminals. The combination of advanced blockchain analysis, international law enforcement cooperation and serious financial penalties is closing the gap that criminals once exploited.

The ultimate goal isn’t to punish the entire cryptocurrency industry, but to force positive changes in behavior that protect legitimate users while cutting off criminal access. Exchanges that choose to serve ransomware gangs and other cybercriminals will find themselves facing the full weight of international law enforcement efforts.