Garantex, a sanctioned Russian crypto exchange now operating as Grinex, has delayed the disposal of over $28 million in frozen Bitcoin (BTC) and Ethereum (ETH) assets until July 2025. This follows coordinated international sanctions targeting its role in laundering criminal proceeds, including ransomware, narcotics trafficking, and sanctions evasion. Despite domain seizures and asset freezes, the exchange continues illicit operations through rebranding and obfuscation tools like Tornado Cash.
Background: Garantex’s Illicit Operations
Garantex operated as a Moscow-based exchange with an Estonian crypto license since 2019, processing at least $96 billion in transactions between 2019–2025. Key findings:
- Criminal facilitation: Laundered proceeds for ransomware groups (e.g., Conti), darknet markets, and terrorist organizations.
- Sanctions evasion: Deliberately misled Russian law enforcement about client identities while servicing EU-sanctioned Russian banks.
- Infrastructure: Operated via domains
garantex.io,garantex.org, andgarantex.academyuntil U.S. seizures in March 2025.
Sanctions and Enforcement Actions
| Action Date | Authority | Measure | Impact |
|---|---|---|---|
| March 2025 | U.S. Secret Service | Seized domains; froze $26M in assets (Tether/USDT) | Disrupted operations |
| March 2025 | EU Council | Added to sanctions list for ties to Russian banks and criminal entities | First EU crypto exchange designation |
| June 2025 | Tether | Frozen assets expanded to $28M (BTC/ETH/USDT) | Liquidity crisis |
Current Status: Rebranding and Ongoing Laundering
- Rebrand to Grinex:
- Garantex relaunched as Grinex within days of U.S. domain seizures, using identical operational tactics.
- Users instructed to retrieve funds in person at Moscow offices, bypassing digital freezes.
- Continued Illicit Activity:
- Active wallets: At least $15M in BTC, ETH, and ruble-pegged stablecoins (A7A5) remain unfrozen.
- Obfuscation tools: Over $261,000 in ETH laundered via Tornado Cash since May 2025.
- Cross-chain activity: Funds moved across Ethereum, Bitcoin, and BNB Chain networks.
Compliance Risks and Recommendations
- Systemic vulnerabilities: Garantex/Grinex exploits jurisdictional gaps and mixing services to evade tracing.
- Stablecoin exposure: A7A5 (ruble-backed) enables ruble conversion despite sanctions.
- Mitigation steps:
- Monitor wallets linked to Grinex (e.g.,
0x7d3a...c43a). - Flag transactions involving Tornado Cash or A7A5 stablecoins.
- Collaborate with German/Finnish authorities for server seizure replication.
- Monitor wallets linked to Grinex (e.g.,
Conclusion
Garantex’s asset disposal delay reflects persistent sanctions evasion and operational resilience. The rebrand to Grinex underscores the challenge of containing sanctioned entities that pivot swiftly. Compliance efforts must prioritize real-time blockchain surveillance and international coordination to intercept residual laundering channels.
