The U.S. Department of the Treasury has imposed sanctions on Grinex, a cryptocurrency exchange identified as the successor to the Russian-based Garantex platform. This action, announced on August 14, 2025, targets what officials describe as a “sanctions evasion network” facilitating billions in illicit transactions for ransomware groups and darknet markets1. The move follows earlier sanctions against Garantex in 2022 for similar activities.
TL;DR: Key Points for Security Professionals
- Grinex designated as Garantex’s successor, processing billions in crypto transactions
- Linked to A7A5 token network with $51B cumulative volume
- Executives indicted including Sergey Mendeleev and Aleksandr Mira Serda
- $6M rewards offered via Transnational Organized Crime Rewards Program
- Secondary sanctions risk for entities transacting with Grinex/A7A5
Operational Details of the Sanctioned Entities
Garantex had processed $96 billion in transactions between 2019-2025 according to State Department estimates2, with 70% of flows connecting to sanctioned entities per TRM Labs analysis. The exchange was particularly active in laundering funds for ransomware groups including Conti, LockBit, and Black Basta. After initial sanctions in 2022 and the March 2025 takedown that seized $26M in crypto assets3, operators established Grinex in Kyrgyzstan in December 2024.
Grinex replicated Garantex’s interface and migrated user funds using the A7A5 token, a ruble-backed stablecoin tied to sanctioned Russian bank Promsvyazbank. Chainalysis data shows the token reached $1B in daily volume with $51B cumulative transactions4. The Treasury specifically flagged wallet address TNDjh6WGLYyWmkh8vfu42bXVHUqFNQ3rDq in its designation.
Technical Infrastructure and Evasion Tactics
The operation utilized a network of shell companies including InDeFi Bank, Exved (registered in Kyrgyzstan), and Old Vector (A7A5 issuer). Kyrgyzstan’s lax virtual asset service provider (VASP) regulations enabled this structure, with 126 licenses issued by 20245. The A7A5 token provided an on/off ramp between rubles and cryptocurrency while obscuring transaction trails.
Law enforcement tracking identified several technical indicators:
| Indicator | Type | Source |
|---|---|---|
| TNDjh6WGLYyWmkh8vfu42bXVHUqFNQ3rDq | BTC Wallet | OFAC/TRM Labs |
| a7a5[.]io | Domain | Elliptic Report |
| 194.87.48[.]0/24 | IP Range | FBI Bulletin |
Security Implications and Response Recommendations
The Treasury’s action creates secondary sanctions risk for any entity transacting with Grinex or the A7A5 token. Financial institutions and crypto services should implement the following measures:
- Update transaction monitoring rules to flag A7A5 token movements
- Block OFAC-designated wallet addresses and domains
- Review any exposure to Kyrgyzstan-based VASPs
- Monitor for Garantex/Grinex user migration patterns
John K. Hurley, Treasury Under Secretary, stated in the announcement:
“Exploiting crypto exchanges to launder money threatens national security and tarnishes legitimate VASPs.”6
Ongoing Law Enforcement Actions
The August 2025 sanctions build on March 2025 actions where the FBI, U.S. Secret Service, and European partners seized domains and froze assets. Key developments include:
- Extradition of executive Besciokov to the U.S.
- Active $6M bounty for CCO Aleksandr Mira Serda
- Reissued arrest warrant for Serda by U.S. District Court
- Kyrgyzstan’s pledge (but no action yet) to review VASP licensing7
Post-sanctions data from Elliptic shows the A7A5 token volume spiked to $1.2B daily, indicating possible panic movements or continued illicit use.
Conclusion
The Grinex sanctions demonstrate continued U.S. focus on cryptocurrency networks enabling ransomware and sanctions evasion. The technical infrastructure described – particularly the A7A5 token mechanism – represents an evolution in laundering techniques that warrants close monitoring by financial crime units. Future enforcement will likely target the Kyrgyzstan VASP ecosystem and additional stablecoin-based evasion methods.
References
- “Treasury Sanctions Cryptocurrency Exchange Network Facilitating Ransomware Payments and Sanctions Evasion.” U.S. Department of the Treasury, 14 Aug. 2025.
- “Garantex, Grinex, and the A7A5 Token Network.” TRM Labs, Aug. 2025.
- “U.S. Treasury Reissues Arrest Warrant for Garantex Executive Following Sanctions.” CoinTelegraph, 14 Aug. 2025.
- “OFAC Targets Use of Stablecoins for Russian Sanctions Evasion.” Elliptic, 14 Aug. 2025.
- “OFAC Sanctions Crypto Network Behind Ruble-Backed Stablecoin and Shuttered Exchange Garantex.” CoinDesk, 14 Aug. 2025.
- “U.S. Sanctions Russia’s Crypto Exchange Executives Over $100 Million in Illicit Transactions.” Finance Magnates, 14 Aug. 2025.
- “U.S. Targets Cryptocurrency Exchange, Offering Rewards Totaling Up to $6 Million.” U.S. Department of State, 14 Aug. 2025.
