Garantex

🔴 High Risk

Garantex represents a critical example of how cryptocurrency exchanges can become central hubs for global illicit financial flows, particularly within Russia’s cybercrime and money laundering ecosystem. Established in 2019 and originally registered in Estonia, Garantex quickly evolved into a high-risk platform deeply involved in laundering ransomware proceeds, darknet market transactions, and other criminal proceeds exceeding billions of dollars. Despite regulatory interventions including the revocation of its license and international sanctions led by the U.S. Treasury’s OFAC, the exchange managed to continue operations through successor platforms and sophisticated evasive measures such as frequent wallet changes and cross-border shell companies. Its entanglement with sanctioned Russian cybercriminal groups and ties to politically exposed persons underline the ongoing challenges authorities face in curtailing the abuse of digital asset platforms for illicit purposes. The case of Garantex underscores the importance of coordinated global enforcement and robust AML frameworks to mitigate the risks posed by such exchanges to international financial integrity and security.​

Garantex, founded in 2019 and operating primarily from Russia despite initial Estonian registration, became a notorious cryptocurrency exchange facilitating money laundering on a massive scale. It served as a laundering conduit for proceeds from ransomware attacks, darknet markets, narcotics trafficking, sanctions evasion, and terror financing predominantly linked to Russian illicit actors. Even after losing regulatory approval and facing sanctions, Garantex continued operations through successor platforms and evasive techniques, moving over $1.3 billion in illicit cryptocurrency through complex laundering schemes involving multiple countries and criminal networks. International law enforcement efforts in 2025 led to domain seizures, arrests of key personnel, and freezing of assets, disrupting its laundering infrastructure but underscoring ongoing challenges in tackling Russian-affiliated cybercrime and illicit crypto finance.​

Countries Involved

Russia, Estonia (original registration), United States (investigations and sanctions), Kyrgyzstan, Germany, Finland, United Arab Emirates (Dubai)

First sanctions and AML failures reported in 2022; major international law enforcement actions and indictments in 2025

Bitcoin (BTC), Tether (USDT), ruble-backed tokens (A7A5), and others

Money laundering, sanctions evasion, cyber-enabled financial crimes including ransomware proceeds laundering, darknet market financing, terrorist financing, and narcotics transaction laundering

Garantex cryptocurrency exchange (originally estonian-registered but primarily based in Russia), its successor Grinex, partner companies including Old Vector (Kyrgyzstan), A7 Limited Liability Company (Russia), darknet markets like Hydra and Black Sprut, ransomware groups including Conti, Black Basta, LockBit, Ryuk, and criminal individuals such as Ekaterina Zhdanova

Yes. Notably, Ekaterina Zhdanova, a sanctioned Russian money launderer linked to Russian elites and cybercrime operators, has used Garantex extensively to launder illicit funds.

  • Use of crypto exchange accounts to convert illicit cryptocurrency proceeds into fiat or other tokens.

  • Frequent changes of wallet addresses to evade tracking and regulatory compliance.

  • Structured transactions through partner companies offshore to move funds across borders.

  • Exploiting unregulated or loosely regulated jurisdictions to provide cross-border illicit financial services.

  • Operating successor platforms (e.g., Grinex) to circumvent sanctions and continue laundering operations.

  • Misleading law enforcement authorities including Russian police with false customer data.

  • Use of Telegram-based decentralized exchange systems for money laundering post-sanctions.

  • Utilizing ruble-backed tokens to compensate exchanges’ customers for lost funds during law enforcement seizures.

  • Over $1.3 billion in illicit funds laundered through Garantex (representing 1.35% of $96 billion in processed crypto volume).

  • Over $100 million directly linked to sanctioned illicit actors.

  • $238 million worth of Bitcoin linked with darknet markets transactions since 2022.

  • Laundering over $2 million in Bitcoin by sanctioned individuals such as Ekaterina Zhdanova.

  • Billions of dollars in crypto moved through successor operations post-crackdown.

Garantex functioned as a high-risk laundering hub for funds associated with Russian ransomware groups (Conti, Black Basta, Ryuk), darknet markets (Hydra, Black Sprut, OMG!OMG!), criminal forums, and entities engaged in terrorist financing. This facilitated international movement of illicit proceeds by obscuring origin through frequent wallet rotations and structuring transactions using offshore partners. The exchange provided laundering services to both Russian cybercriminals and sanctioned entities, successfully evading regulatory controls even after losing its European license. Despite measures, Garantex’s continued use of infrastructural adaptations allowed for ongoing illicit activity, including cross-border payments via new platforms leveraging Telegram and crypto tokens.

  • Estonian Financial Intelligence Unit revoked Garantex’s license in 2022 due to AML/CFT deficiencies.

  • U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Garantex in 2022 and its successor Grinex in 2025 under multiple executive orders for sanctions evasion and material support to cybercrime.

  • International law enforcement including U.S. Secret Service, FBI, German and Finnish authorities conducted coordinated actions in 2025 including domain seizures and arrest of executives.

  • Over $26 million in cryptocurrency assets frozen.

  • Indictments filed against senior executives Aleksandr Mira Serda and Aleksej Besciokov.

  • Reward offers of up to $5 million for information on key operatives.

  • Continuing investigations into partner companies and laundering networks linked to Russia.

  1. U.S. Treasury OFAC Sanctions Announcement on Garantex and successors (2025)

  2. International Consortium of Investigative Journalists report on Garantex sanctions and illicit finance (2025)

  3. U.S. Department of Justice on disruption of Garantex exchange and indictments (2025)

Garantex
Case Title / Operation Name:
Garantex Cryptocurrency Laundering Case
Country(s) Involved:
Estonia, Finland, Germany, Kyrgyzstan, Russia, United Arab Emirates, United States
Platform / Exchange Used:
Garantex (and successor platform Grinex)
Cryptocurrency Involved:

Bitcoin (BTC), Tether (USDT), ruble-backed tokens (A7A5), and others

Volume Laundered (USD est.):
Over $1.3 billion in illicit funds laundered via Garantex; $100 million+ linked to illicit actors; $26 million frozen by authorities
Wallet Addresses / TxIDs :
Multiple wallet addresses frequently changed by Garantex to evade detection; linked to ransomware groups, darknet markets, and sanctioned individuals
Method of Laundering:

Structuring and layering via frequent wallet address changes, offshore shell companies, successor platforms, Telegram-based crypto payment networks; mixing illicit proceeds with legitimate transactions; using ruble-backed tokens to compensate customers; evasion of AML controls and FinCEN registration

Source of Funds:

Ransomware groups (Conti, Ryuk, Black Basta, LockBit), darknet markets (Hydra, Black Sprut, OMG!OMG!), narcotics trafficking, terrorist financing, sanctions evasion

Associated Shell Companies:

Old Vector (Kyrgyzstan), A7 Limited Liability Company, A71 LLC, A7 Agent LLC (Russia), entities linked to Moldovan oligarch Ilan Shor and Promsvyazbank PSB

PEPs or Individuals Involved:

Ekaterina Zhdanova (Russian sanctioned money launderer), Aleksandr Mira Serda and Aleksej Besciokov (Garantex senior executives, indicted), Ilan Mironovich Shor (Moldovan oligarch linked to partner companies)

Law Enforcement / Regulatory Action:
License revoked by Estonia in 2022; sanctioned by U.S. OFAC in 2022 and 2025; domain seizures and $26 million asset freezes by U.S., Germany, Finland authorities in 2025; indictments and arrests of executives; international multi-agency takedowns; reward offers for key operatives
Year of Occurrence:
2019 (Founding and initial illicit operations) to 2025 (major sanctions and takedown)
Ongoing Case:
Ongoing
AML Network Risk Rating:
🔴 High Risk
Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube Pinterest-p Instagram Tiktok
© 2025 AML Network. – All Rights Reserved.