Unmasking the New Sanctions: How a Crypto Exchange Evaded Authorities and Supported Ransomware

by · Published · Updated

U.S. authorities have once again imposed sanctions on the cryptocurrency exchange Garantex, accusing it of facilitating the laundering of more than $100 million in illicit funds and supporting the operations of ransomware groups. Founded in 2019, the exchange had already been sanctioned by the U.S. Treasury in 2022, yet continued its activities. Following a law enforcement crackdown in March, it migrated its clients and assets to a new platform, Grinex. Alongside Garantex, the sanctions list now includes Grinex, six affiliated companies, and three senior executives—among them co-founder and Chief Commercial Officer Alexander “Mira” Serda, who remains a wanted fugitive.

According to investigators, Garantex became a central hub in the ransomware ecosystem, processing transactions linked to Conti, Black Basta, Ryuk, LockBit, NetWalker, and Phoenix Cryptolocker. Millions of dollars generated by cybercriminals and darknet market vendors were funneled through the platform. After its shutdown in March, users who lost access to their funds were offered compensation in the form of A7A5 tokens, issued by the Kyrgyz firm Old Vector, which has also been placed under sanctions.

The U.S. Department of Justice alleges that Garantex executives knowingly concealed the criminal origins of these funds. Alexey Beschyokov and Mira Serda are charged with running the exchange from its inception until 2025. Beschyokov has been detained in India, while Serda remains at large. The State Department has announced a $5 million reward for information leading to Serda’s capture, and an additional $1 million bounty for intelligence on other key figures involved.

Despite the 2022 sanctions, Garantex continued servicing American firms by employing a method of daily cryptocurrency wallet rotation, complicating U.S. exchange efforts to block its transactions. Europol confirmed its support in the March operation to seize Garantex servers and shut down its websites. Yet, according to U.S. authorities, Grinex—its successor—has already facilitated transactions worth billions of dollars, while the web of affiliated companies allowed the network to effectively evade restrictions.