U.S. authorities have imposed sanctions on Grinex — the successor to the Garantex cryptocurrency exchange, which had previously come under sanctions and was allegedly linked to darknet marketplaces and helped criminals launder money.
In the spring of this year, researchers at TRM Labs reported that Grinex is closely linked to Garantex’s previous activities, although their report did not include any factual evidence that the exchange was used for illicit transactions.
Grinex began actively promoting itself in Telegram channels associated with Garantex shortly after U.S. authorities seized the Garantex domains in March 2025.
“A few days after Garantex was shut down, Telegram channels associated with the exchange began promoting Grinex — a platform with an almost identical interface, registered in Kyrgyzstan in December 2024,” TRM Labs noted.
The fact is that back in 2022, U.S. authorities stated that they had managed to link Garantex transactions (totaling more than $100 million) to money laundering for cybercriminals, darknet marketplaces, and hackers, including the Conti ransomware group and the Hydra marketplace. At that time, the Office of Foreign Assets Control (OFAC) imposed sanctions on the exchange.
In addition, in the spring of this year, two Garantex administrators — Aleksandr Mira Serda and Lithuanian citizen Aleksej Besciokov — were charged. Just a few days later, Besciokov was arrested in India, where he was on vacation.
As OFAC representatives now report, last week sanctions were extended against Garantex and its three co-founders — Sergey Mendeleev, the previously mentioned Aleksandr Mira Serda, and Pavel Karavatsky. Sanctions were also imposed on Grinex and six exchange-related companies in Russia and Kyrgyzstan, including InDeFi Bank, Exved, Old Vector, A7, A71, and A7 Agent.
“Immediately after the law enforcement actions of March 6, 2025, carried out under the direction of the U.S. Secret Service, the leadership of Garantex created infrastructure to continue providing key services, in particular to transfer Garantex customer deposits to Grinex,” the official OFAC statement reads. “Grinex’s promotional materials state that the exchange was created in response to the sanctions and asset freezes that affected Garantex. Since its inception, Grinex has processed billions of dollars in cryptocurrency transactions.”
Following the publication of this statement, the U.S. Department of State separately announced a reward of up to $6 million for any information leading to the arrest or conviction of Garantex executives.
According to the U.S. Department of State, from April 2019 through March 2025, Garantex processed over $96 billion worth of cryptocurrency transactions.
“The use of cryptocurrency exchanges to launder money and facilitate ransomware attacks not only threatens our national security, but also undermines the reputation of legitimate virtual asset service providers,” commented John K. Hurley, the Under Secretary of the Treasury for Terrorism and Financial Intelligence. “By exposing these malicious actors, the Treasury Department continues to support the legitimate operations of the digital asset industry.”
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →