Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) is re-designating the cryptocurrency exchange Garantex Europe OU (Garantex), which has directly facilitated notorious ransomware actors and other cybercriminals by processing over $100 million in transactions linked to illicit activities since 2019. OFAC is also designating Garantex’s successor, Grinex, and taking action against three executives of Garantex and six associated companies in Russia and the Kyrgyz Republic that have supported the exchange’s involvement in malicious cyber activities.
“Digital assets play a crucial role in global innovation and economic development, and the United States will not tolerate abuse of this industry to support cybercrime and sanctions evasion. Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “By exposing these malicious actors, Treasury remains committed to and supportive of the digital asset industry’s integrity.”
OFAC previously designated Garantex on April 5, 2022 pursuant to Executive Order (E.O.) 14024 for operating or having operated in the financial services sector of the Russian Federation economy. As a result of its central role in facilitating malicious cyber-enabled activities and operating as the exchange of choice for cybercriminals, OFAC is also taking actions under its cyber authorities to designate Garantex pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306 (“E.O. 13694, as further amended”). Grinex, along with Garantex’s executives and partner companies, are also being designated pursuant to E.O. 13694, as further amended.
This designation builds on OFAC’s September 2024 sanctions against Cryptex and the Financial Crimes Enforcement Network’s identification of PM2BTC, two other cryptocurrency exchanges that have provided financial services to cybercriminals, as well as OFAC designations of five cryptocurrency exchanges-SUEX, Chatex, Bitpapa, NetEx24, and AWEX-that have facilitated illicit activity since as early as September 2021.
AN INTERNATIONAL EFFORT TO STOP CYBERCRIMINALS
Today’s action is taken in collaboration with the U.S. Secret Service’s Cyber Investigative Section, with assistance from the Federal Bureau of Investigation.
On March 6, 2025, the U.S. Secret Service, in partnership with German and Finnish law enforcement, took disruptive measures against Garantex’s computer infrastructure, including seizing its web domain and freezing over $26 million in cryptocurrency controlled by Garantex. On March 7, 2025, the Department of Justice unsealed indictments against Garantex executives Aleksandr Mira Serda and Aleksej Besciokov. Following the unsealing of the indictments, Aleksej Besciokov was arrested in India. After these disruptive measures were taken, Garantex moved its customer base and funds to its successor exchange, Grinex, in an attempt to continue operating despite sanctions and law enforcement actions.
Additionally, the Department of State has announced two reward offers under the Transnational Organized Crime Rewards Program of up to $5 million for information leading to the arrest and/or conviction of Mira Serda and up to $1 million for other key leaders of Garantex.
GARANTEX IS USED TO LAUNDER ILLICT FUNDS
Garantex is a cryptocurrency exchange founded in late 2019, originally registered in Estonia, that conducts most of its operations from Moscow and Saint Petersburg. Analysis shows that over $100 million of known Garantex transactions are associated with illicit actors, including darknet markets and ransomware groups. In February 2022, Garantex lost its Estonian license to provide digital asset services after Estonia’s Financial Intelligence Unit revealed critical anti-money laundering and countering the financing of terrorism (AML/CFT) deficiencies and found connections between Garantex and wallets used for criminal activity.
Most of the funds sent to Garantex, which has maintained accounts for hundreds of thousands of users, came from other cryptocurrency exchanges used for criminal conduct. Once criminal users place their funds with Garantex, these actors launder their ill-gotten funds using Garantex’s exchange services. After OFAC’s designation and the Estonian Financial Intelligence Unit’s enforcement action in 2022, Garantex developed infrastructure intended to prevent financial institutions from attributing cryptocurrency wallet addresses back to the exchange, in an attempt to insulate itself and its customers from sanctions. This has allowed the exchange to continue to custody funds and provide other services to entities and individuals involved in illicit activities.
For example, Garantex has received millions of dollars in cryptocurrency directly from the proceeds of various Russia-linked ransomware attacks, including those involving the Conti, Black Basta, LockBit, NetWalker, and Phoenix Cryptolocker ransomware variants. Garantex has also provided account and exchange services to actors associated with the Ryuk ransomware gang. Ekaterina Zhdanova, a prolific money launderer, exchanged over $2 million in Bitcoin for Tether (USDT) via Garantex. OFAC previously designated Ekaterina Zhdanova on November 3, 2023, pursuant to E.O. 14024 for operating or having operated in the financial services sector of the Russian Federation economy.
OFAC is designating Garantex pursuant to E.O. 13694, as further amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, cyber-enabled activities originating from, or directed by persons located, in whole or substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose of or involve causing a misappropriation of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.
GRINEX WAS CREATED TO AVIOD SANCTIONS PLACED ON GARANTEX
OFAC is designating Grinex, another cryptocurrency exchange created by Garantex employees to support the company’s sanctions evasion efforts. Immediately following the March 6, 2025 law enforcement actions led by the U.S. Secret Service, Garantex officers created the infrastructure to continue to provide key services to Garantex, specifically transferring Garantex customer deposits to Grinex. Grinex’s promotional materials state that the exchange was formed in response to sanctions and asset freezes that affected Garantex. Since its creation, Grinex has facilitated the transfer of billions of dollars in cryptocurrency transactions. OFAC is designating Grinex pursuant to E.O. 13694, as further amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Garantex, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended.
Garantex carried out this scheme to move its funds to Grinex and allow its customers who lost their funds following the law enforcement disruptions to regain access to their accounts using the A7A5 token, a ruble-backed digital asset. The A7A5 token is issued by Kyrgyzstani firm Old Vector. Old Vector worked with Garantex and others in the creation of the A7A5 token. Garantex users who lost revenue were provided the equivalent of their losses in the A7A5 token. The token was created for Russian customers of A7 Limited Liability Company (A7), a Russian firm that provides cross-border settlement platforms used for sanctions evasion. A7 and its subsidiaries A71 Limited Liability Company (A71) and A7 Agent Limited Liability Company (A7 Agent) are owned by sanctioned Moldovan oligarch Ilan Mironovich Shor (Shor) and sanctioned Russian bank Promsvyazbank Public Joint Stock Company (PSB). Prior to the March 6, 2025 law enforcement actions, representatives for Shor met with Garantex officers to establish A7A5 trading on Garantex.
OFAC is designating A7 pursuant to E.O. 13694, as further amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods and services to or in support of, Garantex, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended. OFAC is also designating A71 and A7 Agent pursuant to E.O. 13694, as further amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, A7, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended. Further, OFAC is designating Old Vector pursuant to E.O. 13694, as further amended, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods and services to or in support of, A7, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended.
KEY GARANTEX PERSONNEL AND PARTNER ENTITIES
Garantex’s senior executives have supported its ability to enable cybercrime and sanctions evasion by procuring computer infrastructure for Garantex, registering its trademarks, and engaging in business development efforts to make its activities appear legitimate. Garantex’s network of partner companies has also enabled it to move money, including illicit funds, outside of Russia.
Sergey Mendeleev (Mendeleev)is a co-founder of Garantex, Aleksandr Mira Serda (Mira Serda) is a co-owner and the chief commercial officer of Garantex, and Pavel Karavatsky (Karavatsky)is a co-owner and regional director of Garantex.
Independent Decentralized Finance Smartbank and Ecosystem (InDeFi Bank) and Exved were co-founded and are controlled by Mendeleev. InDeFi Bank provides decentralized financial services outside of traditional finance applications, including helping users to purchase virtual currencies from Garantex. Exved is a payment platform that works closely with InDeFi Bank to facilitate cryptocurrency-mediated trade between Russia and other countries to subvert U.S. sanctions on Russia’s financial services sector.
OFAC is designating Mendeleev, Mira Serda, and Karavatsky pursuant to E.O. 13694, as further amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Garantex, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended. OFAC is designating InDeFi Bank and Exved pursuant to E.O. 13694, as further amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Mendeleev, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended.
SANCTIONS IMPLICATIONS
As a result of today’s action, all property and interests in property of the blocked persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.
In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. The prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person.
Violations of OFAC regulations may result in civil or criminal penalties. OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. sanctions, including the factors that OFAC generally considers when determining an appropriate response to an apparent violation.