Garantex

🔴 High Risk

Garantex, a cryptocurrency exchange originally registered in Estonia but primarily operated out of Russia, has become a notorious hub for illicit finance and international money laundering. Since its inception in 2019, the platform processed billions of dollars in cryptocurrency, with investigations revealing over $100 million linked to illicit actors such as ransomware groups, darknet markets, and sanctioned entities. Despite having its Estonian license revoked in 2022 for AML deficiencies, Garantex adapted by building decentralized infrastructures that enabled it to evade sanctions and continue laundering funds. It has facilitated the movement of criminal proceeds for high-profile ransomware gangs like Conti and LockBit, Russian elites, and other sanctioned individuals, intricately linking its operations to global cybercrime and geopolitical sanction evasion. This troubling nexus of technology, crime, and international finance exemplifies the growing challenge of regulating cryptocurrencies in the face of sophisticated laundering schemes connected to Russia and beyond.

Garantex was a prominent Russian-linked cryptocurrency exchange recognized as one of the largest facilitators of crypto-related money laundering globally. Founded in 2019 and initially registered in Estonia, it quickly became a hub for laundering criminal proceeds from ransomware gangs, darknet markets, and sanctioned entities. The platform processed over $96 billion in crypto transactions by 2025, with illicit activity accounting for over $1.3 billion in laundered funds. Despite being sanctioned by OFAC in 2022 and facing international law enforcement seizures, Garantex adapted by decentralizing its operations through platforms like Grinex, Exved, and MKAN Coin, operating across multiple countries and jurisdictions including Dubai and Russia. The network facilitated sanctions evasion and illegal financial flows for Russia-linked cybercriminal organizations and political elites, employing sophisticated laundering techniques to obscure illicit money trails worldwide. This case exemplifies the ongoing challenge regulators face in combating crypto-enabled financial crime tied to geopolitical conflicts and transnational organized crime.

Countries Involved

Russia, United States, Estonia, Germany, Finland, Netherlands, United Arab Emirates, United Arab Emirates, UAE, Brazil, Kyrgyzstan, Spain, Thailand, Georgia, Hong Kong

Initially sanctioned in April 2022; major enforcement and disruption operations through 2023 and 2024; ongoing reports and investigations through 2025

Bitcoin (BTC), Ethereum (ETH), USDT (Tether), other tokens

Money laundering, sanctions evasion, facilitating ransomware payments, darknet market transactions, terrorist financing, violations of economic sanctions, unlicensed money transmitting business

Garantex cryptocurrency exchange; Grinex (its successor platform); Exved (cross-border payment processor); MKAN Coin (Telegram-based crypto exchange); ransomware groups Conti, Black Basta, Play, LockBit, Ryuk, NetWalker, Phoenix Cryptolocker; darknet markets including Hydra Market, OMG!OMG! Market, Solaris Market; sanctioned individuals including Ekaterina Valeryevna Zhdanova; and offshore companies such as Feilian Company Limited

Yes; Russian elites and politically exposed persons (PEPs) have been linked to laundering activities via Garantex networks

Garantex operated a sophisticated laundering network that included frequent wallet address changes for obfuscation; use of offshore financial hubs and cross-border payment platforms; decentralized Telegram-based exchanges; fake commercial transactions (e.g., import/export fronts with companies like Feilian) to disguise illicit flows; layering through multiple cryptocurrency accounts; evasion of sanctions by migrating operations between platforms; provision of services to ransomware affiliate groups and darknet marketplaces; and avoiding traditional banking scrutiny by concealing crypto-based transfers from Russian banks

At least $1.3 billion in illicit funds funneled through Garantex based on an illicit transaction share of 1.35% of $96 billion total processed transaction volume since 2019; total transaction volume processed has exceeded $96 billion

Analysis reveals Garantex as a major hub actively laundering proceeds from ransomware groups, darknet markets, illicit scams, stolen cryptocurrencies, and terrorist financing. The exchange facilitated multimillion-dollar transfers for criminal actors globally while evading regulatory controls. Illicit transactions formed a disproportionately large share (almost ten times that of compliant exchanges) of Garantex’s volume. The platform covertly supported Russian cybercriminal forums and enabled cross-border illicit money flows via intricate layering and shell entity networks. Notably, it was linked to major cybercriminal and terror groups such as Lazarus Group and Russian ransomware gangs, and involved in laundering narcotics proceeds and child sexual abuse material revenues.

Garantex was sanctioned by the U.S. Treasury Office of Foreign Assets Control (OFAC) in April 2022 for facilitating tens of millions in illicit transactions, including ransomware and darknet market proceeds. Subsequently, an international law enforcement operation involving the U.S., Germany, Finland, the Netherlands, and Estonia seized Garantex’s servers, domain names, and infrastructure. Two executives—Aleksej Besciokov and Aleksandr Mira Serda—were indicted for conspiracy to commit money laundering and sanctions violations. Additional sanctions targeted affiliated networks including Grinex, Exved, and MKAN Coin. More than $26 million in illicit funds linked to the exchange have been frozen. Despite enforcement actions, the exchange restructured into decentralized entities operating via Telegram and multiple jurisdictions, continuing laundering activities and evading sanctions.

  1. U.S. Treasury OFAC Sanctions Garantex and Successor Entities (2022, 2025)

  2. US widens sanctions on Russian crypto exchange Garantex, with indictments and asset seizures

  3. Justice Department announces disruption of Garantex online infrastructure

Garantex
Case Title / Operation Name:
Garantex Cryptocurrency Exchange Money Laundering Case
Country(s) Involved:
Brazil, China, Estonia, Finland, Georgia, Germany, Kyrgyzstan, Netherlands, Spain, United Arab Emirates
Platform / Exchange Used:
Garantex, Grinex, Exved, MKAN Coin
Cryptocurrency Involved:

Bitcoin (BTC), Ethereum (ETH), USDT (Tether), other tokens

Volume Laundered (USD est.):
At least $1.3 billion
Wallet Addresses / TxIDs :
Multiple wallet addresses frequently changed for obfuscation; specific TxIDs not publicly disclosed
Method of Laundering:

Wallet obfuscation via frequent changes, layering among wallets, fake commercial transactions, offshore structures, decentralized Telegram-based exchanges, sanctions evasion techniques, darknet market facilitation

Source of Funds:

Ransomware payments, darknet market proceeds, stolen cryptocurrencies, narcotics proceeds, child sexual abuse material revenues, sanctions evasion

Associated Shell Companies:

Feilian Company Limited and other offshore entities linked to illicit crypto fund flows

PEPs or Individuals Involved:

Russian political elites and sanctioned persons including Ekaterina Valeryevna Zhdanova

Law Enforcement / Regulatory Action:
U.S. OFAC sanctions (2022), international law enforcement seizures of servers and domains, indictments of executives, freezing of over $26 million in illicit assets, ongoing enforcement efforts
Year of Occurrence:
2022 - 2025
Ongoing Case:
Ongoing
AML Network Risk Rating:
🔴 High Risk
Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube Pinterest-p Instagram Tiktok
© 2025 AML Network. – All Rights Reserved.