The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has re-designated Garantex Europe OU, a cryptocurrency exchange, for its role in facilitating transactions linked to ransomware and other cybercriminal activities. According to the Treasury, Garantex processed over $100 million in illicit transactions since 2019. The department also designated Grinex, Garantex’s successor exchange, and took action against three executives as well as six companies based in Russia and the Kyrgyz Republic that supported these activities.
“Digital assets play a crucial role in global innovation and economic development, and the United States will not tolerate abuse of this industry to support cybercrime and sanctions evasion. Exploiting cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also tarnishes the reputations of legitimate virtual asset service providers,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “By exposing these malicious actors, Treasury remains committed to and supportive of the digital asset industry’s integrity.”
Garantex was previously sanctioned by OFAC on April 5, 2022 under Executive Order (E.O.) 14024 for operating within Russia’s financial services sector. Due to its ongoing involvement with cyber-enabled crime and use by criminal groups, OFAC is now taking further action under E.O. 13694 (as amended), which targets entities supporting significant malicious cyber activities.
These new measures follow earlier actions against other crypto exchanges such as Cryptex, PM2BTC, SUEX, Chatex, Bitpapa, NetEx24, and AWEX—each identified for providing services used by cybercriminals or facilitating illicit activity since September 2021.
The current designations are part of an international effort involving agencies such as the U.S. Secret Service Cyber Investigative Section and the Federal Bureau of Investigation. On March 6, 2025, U.S., German, and Finnish authorities disrupted Garantex’s computer infrastructure by seizing its web domain and freezing more than $26 million in cryptocurrency held by Garantex. The following day saw indictments unsealed against executives Aleksandr Mira Serda and Aleksej Besciokov; Besciokov was subsequently arrested in India.
After these law enforcement actions were taken against Garantex's operations—including seizure of assets—the company transferred customer accounts to Grinex in an attempt to bypass restrictions imposed through sanctions.
Additionally, the State Department announced rewards up to $5 million for information leading to Mira Serda’s arrest or conviction; up to $1 million is offered for information about other key leaders at Garantex.
Founded in late 2019 with registration initially in Estonia but most operations centered in Moscow and Saint Petersburg, Garantex lost its Estonian license after anti-money laundering deficiencies were uncovered alongside links between exchange wallets and criminal activity. Analysis found that much of Garantex’s business involved handling funds from other crypto exchanges known for criminal conduct; these funds were then laundered through its platform.
Garantex reportedly received millions directly from proceeds associated with various Russian-linked ransomware variants such as Conti, Black Basta, LockBit, NetWalker, Phoenix Cryptolocker—and provided services for those tied to Ryuk ransomware group operations. Notably, money launderer Ekaterina Zhdanova exchanged over $2 million worth of Bitcoin via Garantex before her own designation under E.O. 14024 on November 3, 2023.
Following law enforcement disruptions on March 6-7 this year—led by seizure actions—Garantex employees established Grinex specifically so customers could regain access using A7A5 tokens issued by Old Vector (a Kyrgyzstani firm). This token was created mainly for Russian clients associated with A7 Limited Liability Company—a cross-border settlement provider owned by Moldovan oligarch Ilan Mironovich Shor (already sanctioned) along with Promsvyazbank Public Joint Stock Company (PSB).
Senior figures at Garantex include co-founder Sergey Mendeleev; co-owner/chief commercial officer Aleksandr Mira Serda; regional director Pavel Karavatsky; their network includes InDeFi Bank (offering decentralized finance outside traditional channels) and Exved (facilitating crypto-based trade designed to evade sanctions).
As a result of today’s designations: all property or interests belonging to named individuals or entities within U.S jurisdiction are blocked; U.S persons are generally prohibited from engaging in transactions involving them unless authorized otherwise; violations may lead to civil or criminal penalties under OFAC guidelines.
For additional details about sanctioned individuals/entities: https://home.treasury.gov/news/press-releases/jy2128
For information on removal from an OFAC list: https://ofac.treasury.gov/faqs/897
For details on submitting a request: https://ofac.treasury.gov/sanctions-processes/request-removal-sanctions-list
