On March 7, 2025, the US Department of Justice (DOJ), in an operation alongside authorities in Germany and Finland, announced the disruption of Garantex, a Russia-based cryptocurrency exchange allegedly known for its deep ties to the global cybercrime economy.
This coordinated effort resulted in the seizure of Garantex’s domains and servers in Germany and Finland, the freezing of over $26 million in illicit funds, and criminal charges against its administrators, Aleksej Besciokov and Aleksandr Mira Serda.
The duo allegedly oversaw the laundering of hundreds of millions of dollars in cryptocurrency, cementing Garantex’s role as a critical hub for financial crime.
For years, Garantex operated as a key player in the illicit cryptocurrency ecosystem, facilitating money laundering for ransomware groups, darknet markets (DNMs), and entities under international sanctions.
Despite being sanctioned by the US Treasury’s Office of Foreign Asset Control (OFAC) in April 2022, the exchange continued to thrive, evading restrictions and even processing transactions with U.S.-based entities.
The takedown marks a significant escalation in multinational efforts to curb the misuse of cryptocurrency, a victory underscored by detailed insights from blockchain analytics firm Chainalysis, which has tracked Garantex’s activities since its inception.
According to Chainalysis, Garantex was founded in 2019 and quickly became a go-to platform for Russian cybercriminals.
By 2021, it had processed over $20 billion in transactions, with a staggering portion linked to illicit activities.
The exchange’s appeal lay in its lax know-your-customer (KYC) policies and its willingness to handle funds from high-risk sources.
Chainalysis data reveals that Garantex facilitated laundering for major players, including ransomware operators like Conti and darknet marketplaces such as Hydra, which was dismantled in 2022.
Even after OFAC sanctions, Garantex reportedly processed more than $6 billion in transactions, with illicit flows—including $1.5 billion tied to sanctioned entities—continuing unabated.
The March 2025 operation exposed Garantex’s operational vulnerabilities.
While headquartered in Russia, the exchange relied on servers and domains in Germany and Finland, likely to maintain access to Western markets and enhance its legitimacy.
The seizure of this infrastructure crippled its ability to function, while the freezing of $26 million in funds dealt a direct financial blow.
The charges against Besciokov and Serda, who face allegations of orchestrating a sprawling laundering network, signal a broader intent to hold individual actors accountable, even if their arrest hinges on future international cooperation.
Garantex’s post-sanction resilience highlights the challenges of policing cryptocurrency.
Chainalysis notes that after the 2022 OFAC designation, the exchange shifted tactics, leveraging nested services—third-party platforms operating within larger exchanges—to obscure its activities.
It also continued to process significant volumes of stablecoins like Tether (USDT), with over $900 million in USDT inflows since 2022, much of it from illicit sources.
This adaptability allowed Garantex to remain a vital cog in the cybercrime machine, laundering proceeds from scams, hacks, and sanctions evasion schemes tied to Russian elites and North Korean actors.
The takedown’s implications are potentially far-reaching, the report from Chainalysis revealed.
For cybercriminals, losing Garantex disrupts a trusted laundering channel, potentially driving them toward riskier, less established alternatives like decentralized mixers or peer-to-peer networks.
For regulators, it’s a proof-of-concept for multinational enforcement, building on successes like the Hydra bust and signaling that sanctioned exchanges face existential threats.
Chainalysis emphasizes that blockchain’s transparency aided this effort—by tracing Garantex’s on-chain activity, authorities pinpointed its infrastructure and collaborators, a testament to the power of public ledger analysis.
Yet challenges persist. Russia’s reluctance to crack down on domestic platforms like Garantex limits full accountability, and cybercriminals are likely to adapt, as they have before.
The broader crypto market, while unaffected in terms of volatility, may face tighter scrutiny as regulators push for compliance.
The Garantex takedown may be considered a decisive win, but the ongoing battle against illicit crypto activity is going to go on, as bad actors leverage the latest technology and AI to carry out malicious activities.
As Chainalysis cautions in its latest update, sustained pressure—and global cooperation—will be key to staying ahead of this evolving threat.