US Treasury Department has imposed sanctions against Garantex top managers and companies associated with the exchange
The US State Department has offered a reward of up to $5 million for assistance in arresting Garantex senior executives
15.08.2025 - 16:40
480
6 min
0
What’s new? The US Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on the Grinex crypto exchange, calling it the successor to Garantex, which was also subject to economic restrictions in 2022 for processing $100 million in criminal transactions. Sanctions were also imposed on three Garantex executives and six affiliated companies in Russia and Kyrgyzstan that supported the exchange’s operations.
What else is known? On March 6, 2025, the US Secret Service, in conjunction with German and Finnish law enforcement agencies, took action against Garantex’s infrastructure, including seizing the web domain and freezing more than $26 million in cryptocurrency.
On March 7, the US Department of Justice announced indictments against Garantex executives Alexander Mira Serda and Aleksej Besciokov, after which Besciokov was arrested in India.
In response, Garantex transferred its customer base and funds to a new platform, Grinex, in order to continue operating under sanctions and pressure from law enforcement agencies.
The big laundry: how crypto and Kyrgyzstan help Russia circumvent sanctions
Some Kyrgyz companies are completely copying the transaction structure used by the Russian sub-sanctioned exchange Garantex
Garantex was launched at the end of 2019 and registered in Estonia, but conducted most of its operations from Moscow and St. Petersburg. Transactions processed by Garantex totaling over $100 million are linked to darknet marketplaces and ransomware developers.
In February 2022, Garantex lost its Estonian license to provide crypto services because the local financial intelligence unit identified critical deficiencies in its anti-money laundering and counter-terrorist financing (AML/CFT) system and discovered links between Garantex and wallets used for criminal activities.
In response, Garantex developed infrastructure to conceal its operations and make it difficult to establish links between wallets and the exchange, allowing it to continue storing funds and providing other services to criminals.
For example, Garantex received millions of dollars in cryptocurrency from ransomware attacks by Russian groups Conti, Black Basta, LockBit, NetWalker, Phoenix Cryptolocker, and Ryuk.
Immediately after the March 6 operation, Garantex launched Grinex. The advertisement stated that the exchange was created in response to sanctions and the freezing of Garantex’s assets. Since its creation, Grinex has facilitated the transfer of billions of dollars in cryptocurrency.
The launch of Grinex allowed Garantex customers to regain access to their accounts using the ruble-pegged stablecoin A7A5, issued by the Kyrgyz company Old Vector and A7 Limited Liability Society (A7), which provides platforms for evading sanctions when conducting cross-border payments. Thus, Garantex users were paid compensation in A7A5 tokens.
The EU has imposed sanctions against the issuer of ruble-stablecoin A7A5. What’s important to know
Kyrgyz company A7, linked to Russian bank PSB, helped the sub-sanctioned crypto exchange Garantex withdraw liquidity from blocked addresses
A7 and its subsidiaries A7 Limited Liability Society (A71) and A7 Agent Limited Liability Society (A7 Agent) are owned by sanctioned Moldovan oligarch Ilan Shor and Russia’s Promsvyazbank (PSB).
The new statement says that OFAC is also imposing sanctions against Old Vector, A7, A71, and A7 Agent.
The Treasury Department emphasized that Garantex’s management contributed to the development of cybercrime and sanctions evasion while registering trademarks and participating in business development events to give the company the appearance of legitimacy. Garantex’s network of partner companies also allowed it to transfer money, including money obtained illegally, outside of Russia.
The press release states that Sergey Mendeleev is the co-founder of Garantex, Alexander Mira Serda is the co-owner and commercial director, and Pavel Karavatsky is another co-owner and regional director.
The US Department of Justice seized $2 million in cryptocurrency from Hamas terrorists. How did it happen
US authorities uncovered the infrastructure of BuyCash, a company that provided financial support to Middle Eastern terrorist organizations
Mendeleev is also the founder and head of Independent Decentralized Finance SmartBank & Ecosystem (InDeFi SmartBank) and Exved. Among other things, InDeFi SmartBank helped users purchase virtual currencies from Garantex.
Exved is a payment platform that works closely with InDeFi Bank to facilitate cryptocurrency trading between Russia and other countries to circumvent sanctions, according to a press release.
In this regard, OFAC added Mendeleev, Mira Serda, and Karavatsky, as well as InDeFi SmartBank and Exved, to the sanctions list.
Hackers from North Korea find jobs in foreign IT companies. How it happens
North Korea has found another source of funding — using large international technology and crypto companies
As part of its program to combat transnational organized crime, the US State Department has offered rewards of up to $5 million for information leading to the arrest and/or conviction of Mira Serda, and up to $1 million for other Garantex senior executives.
“Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter