A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex (“garantex[.]org”), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022.
“The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney’s Office for the Eastern District of Virginia under the authority of 18 U.S.C. §§ 981 and 982,” reads a seizure banner on the website.
The operation was carried out in coordination with the U.S. Department of Justice’s Criminal Division, the Federal Bureau of Investigation, Europol, the Dutch National Police, the German Federal Criminal Police Office (Bundeskriminalamt aka BKA), the Frankfurt General Prosecutor’s Office, the Finnish National Bureau of Investigation, and the Estonian National Criminal Police.
Founded in 2019, Garantex was previously subject to U.S. sanctions for facilitating transactions from darknet markets and illicit actors such as Hydra and Conti. In late 2023, sanctions were also imposed against a Russian national named Ekaterina Zhdanova for her role in laundering the proceeds of ransomware groups like Ryuk via Garantex.
The development comes weeks after the European Union announced similar sanctions against the crypto exchange late last month for its close association with already sanctioned Russian banks such as Sberbank, T-Bank, and Alfa-Bank, prompting Tether to block its crypto wallets.
In a message posted on its Telegram channel, Garantex said: “Dear users! We have bad news. Tether has entered the war against the Russian crypto market and blocked our wallets worth more than 2.5 billion rubles.”
“We are temporarily suspending all services, including cryptocurrency withdrawals, while our entire team solves this problem. We are fighting and will not give up!”
The Moscow-headquartered exchange has since openly published the list of cryptocurrency wallets that have been blocked by Tether.
Update
The U.S. Department of Justice (DoJ) on Friday formally announced the disruption of Garantex for allegedly facilitating money laundering by transnational criminal organizations. In all, the exchange is estimated to have processed at least $96 billion in cryptocurrency transactions.
The following websites have been seized as part of the effort –
- Garantex[.]org
- Garantex[.]io, and
- Garantex[.]academy
In conjunction with the takedown, the DoJ also announced the unsealing of an indictment against a 46-year-old Lithuanian national and Russian resident, Aleksej Besciokov, and a 40-year-old Russian national and United Arab Emirates resident, Aleksandr Mira Serda, for their involvement in operating the business.
“Besciokov was Garantex’s primary technical administrator and responsible for obtaining and maintaining critical Garantex infrastructure, as well as reviewing and approving transactions,” the DoJ said. “Mira Serda was Garantex’s co-founder and chief commercial officer.”
Garantex is said to have received hundreds of millions in criminal proceeds, enabling various forms of cybercrime such as hacking, ransomware, terrorism, and drug trafficking. The DoJ further accused the two defendants of running the platform despite knowledge that the ill-gotten funds were being routed through it.
On top of that, Besciokov and his co-conspirators are alleged to have transacted with U.S.-based entities in violation of the 2022 sanctions, while also failing to register with the Financial Crimes Enforcement Network (FinCEN) as required by U.S. laws.
Besciokov and Mira Serda are each charged with one count of conspiracy to commit money laundering. Besciokov is also charged with one count of conspiracy to violate the International Emergency Economic Powers Act, and with conspiracy to operate an unlicensed money transmitting business.
Alongside the charges, over $26 million in funds used to facilitate Garantex’s money laundering activities have been frozen by U.S. law enforcement authorities.
Blockchain intelligence firm Elliptic said it developed proprietary techniques to flag cryptocurrency wallets controlled by Garantex, and that the exchange engaged in crypto transactions worth more than $60 billion since it was sanctioned in 2022. The highest volume of transactions occurred in the USDT stablecoin, on the TRON blockchain.
“Garantex has been used in sanctions evasion by Russian elites, as well as to launder proceeds of crime including ransomware, darknet market trade, and thefts attributed to North Korea’s Lazarus Group,” Dr. Tom Robinson, Elliptic co-founder and chief scientist, told The Hacker News in a statement.
Cryptocurrency assets from ransomware gangs like Conti, Lockbit, and Black Basta have been found to be sent to Garantex after sanctions were imposed, as well as those related to dark web markets such as Blacksprut, Solaris, Mega and OMG!OMG!.
“Cryptoassets stolen by North Korea’s Lazarus Group have been laundered through Garantex,” Elliptic said. “Transactions totaling over $30 million from the $100 million hack of the Horizon Bridge were sent to Garantex in February 2023.”
In a new message posted on Telegram, Garantex said it intends to make an “important announcement,” and that it’s working on addressing some unspecified technical issues. It has also warned its customers to remain vigilant against scammers who it said are claiming to help withdraw funds using bogus sites.
“Their goal is to gain access to users’ personal data, wallet addresses, and other sensitive information,” it cautioned. “Do not enter your credentials on unverified websites and do not follow dubious links.”
(The story was updated after publication to include additional information about the takedown.)