The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has again sanctioned cryptocurrency exchange Garantex Europe OU for facilitating illicit transactions. This second designation highlights the exchange's continued role in enabling cybercrime and sanctions evasion. OFAC is also targeting Garantex's successor, Grinex, along with three executives and six associated companies in Russia and the Kyrgyz Republic.
Garantex, originally registered in Estonia but operating primarily from Moscow and Saint Petersburg, has been identified as a key player in processing over $100 million in transactions linked to illicit activities since 2019. These activities include facilitating transactions for ransomware actors and darknet markets. According to the U.S. Secret Service and FBI, Garantex processed at least $96 billion in cryptocurrency transactions between April 2019 and March 2025 and was used to facilitate various crimes, including hacking, ransomware, terrorism, and drug trafficking, often with substantial harm to U.S. victims.
In February 2022, Garantex lost its Estonian license due to critical anti-money laundering (AML) and countering the financing of terrorism (CFT) deficiencies. Despite this, the exchange continued to operate, developing infrastructure to prevent financial institutions from tracing cryptocurrency wallet addresses back to the exchange. This allowed Garantex to continue serving entities and individuals involved in illicit activities.
Following the initial OFAC designation and the Estonian Financial Intelligence Unit's enforcement action in 2022, Garantex created Grinex to continue providing services and evade sanctions. Grinex's promotional materials state that the exchange was formed in response to sanctions and asset freezes affecting Garantex.
The recent OFAC action also targets key individuals associated with Garantex. Sergey Mendeleev, a co-founder, Aleksandr Mira Serda, a co-owner and chief commercial officer, and Pavel Karavatsky, a co-owner and regional director, have been sanctioned for supporting Garantex's ability to enable cybercrime and sanctions evasion. These individuals have been involved in procuring computer infrastructure, registering trademarks, and engaging in business development to legitimize Garantex's activities. Two companies founded by Mendeleev—InDeFi Bank and Exved—were also designated for their roles in facilitating cryptocurrency transactions and sanctions evasion. The State Department is offering rewards of up to $5 million for information leading to Mira Serda's arrest and up to $1 million for information on other key Garantex leaders.
On March 6, 2025, the U.S. Secret Service, in partnership with German and Finnish law enforcement, took disruptive measures against Garantex's computer infrastructure, seizing its web domain and freezing over $26 million in cryptocurrency. The following day, the Department of Justice unsealed indictments against Garantex executives Aleksandr Mira Serda and Aleksej Besciokov, with Besciokov subsequently arrested in India.
OFAC's actions are taken under its cyber authorities pursuant to Executive Order 13694, as further amended. These measures aim to disrupt the use of cryptocurrency exchanges for money laundering, ransomware attacks, and sanctions evasion. As a result of these actions, all U.S.-based property and interests of the designated individuals and entities are blocked, and U.S. persons are generally prohibited from transacting with them.
The Treasury also designated Grinex for being controlled by Garantex and facilitating billions in cryptocurrency transactions. Additionally, OFAC targeted several companies involved in Garantex's scheme to help customers recover funds through the A7A5 token, a ruble-backed digital asset issued by Kyrgyzstani firm Old Vector. This token is backed by deposits at sanctioned Russian bank Promsvyazbank (PSB) and has processed over $51.17 billion.
