U.S. and European law enforcement agencies have seized the infrastructure of Garantex, a cryptocurrency exchange accused of laundering billions in criminal proceeds, in a sweeping international operation that signals heightened focus on illicit financial flows in cryptocurrency markets.
According to Justice Department documents unsealed Friday, the Moscow-based exchange processed approximately $96 billion in cryptocurrency transactions since its founding in April 2019, with hundreds of millions allegedly tied to criminal enterprises ranging from ransomware attacks to terrorism financing.
The operation involved authorities from the United States, Germany, Finland, the Netherlands, and Estonia, with additional support from Europol. U.S. law enforcement seized three domain names — Garantex.org, Garantex.io, and Garantex.academy — while German and Finnish authorities confiscated servers hosting the exchange’s operations.
Additionally, the Justice Department indicted two Garantex executives: Aleksej Besciokov, 46, a Lithuanian national residing in Russia, and Aleksandr Mira Serda (previously known as Aleksandr Ntifo-Siaw), 40, a Russian national living in the United Arab Emirates.
Both face conspiracy to commit money laundering charges, which carry maximum penalties of 20 years imprisonment. Besciokov faces additional charges of conspiracy to violate sanctions and operating an unlicensed money transmitting business.
Prosecutors allege Besciokov served as Garantex’s primary technical administrator, overseeing critical infrastructure and transaction approvals, while Mira Serda co-founded the exchange and operated as its chief commercial officer.
Court documents describe how the pair allegedly knew criminal proceeds were being laundered through their platform and took deliberate steps to conceal these activities, including providing incomplete information to Russian law enforcement when questioned about suspicious accounts.
The action represents the culmination of a years-long investigation by U.S. authorities. The Treasury Department’s Office of Foreign Assets Control (OFAC) had initially sanctioned Garantex in April 2022, citing its role in facilitating ransomware payments and transactions linked to dark web marketplace.
Despite these sanctions, court documents allege Besciokov and co-conspirators deliberately evaded restrictions by implementing technical countermeasures, including moving operational cryptocurrency wallets to different addresses daily to complicate detection by U.S.-based exchanges.
Blockchain analytics firm Elliptic, which helped with the investigation, found that North Korea’s Lazarus Group used Garantex to launder over $30 million of the Horizon Bridge theft in early 2023.
In addition to domain seizures, U.S. authorities have frozen more than $26 million in funds allegedly used to facilitate Garantex’s money laundering activities and obtained copies of the exchange’s servers containing customer and accounting databases.
Tether, the company behind the world’s largest stablecoin, cooperated with authorities and also froze approximately $27 million (2.5 billion rubles) in assets held in Garantex wallets, according to statements from the exchange.
The freeze prompted Garantex to suspend all services, including cryptocurrency withdrawals. In a message on its Telegram channel, Garantex warned users that “all USDT in Russian wallets is currently under threat” while vowing to “fight and not give up.”
The operation against Garantex follows similar enforcement actions targeting other cryptocurrency services suspected of facilitating money laundering. In recent months, U.S. authorities have sanctioned several exchanges and mixing services including Cryptex, PM2BTC, Bitpapa, TOEP, Crypto Explorer, Sinbad, Tornado Cash, and Blender.io.
The European Union added Garantex to its sanctions list on Feb. 26 as part of its 16th package of sanctions related to “Russia’s war of aggression against Ukraine,” specifically noting the exchange’s close associations with EU-sanctioned Russian banks including Sberbank, T-Bank, and Alfa-Bank.
Reacting to the developments, Russian lawmaker Anton Gorelkin, deputy head of the parliament’s committee on information policy, acknowledged on Telegram that while this would not be “the last case when Western countries put pressure” on the crypto industry, “it should be recognized that it is impossible to completely block this market for Russia.”
You can read the full indictment here.
