U.S. seizes Russian crypto exchange popular with cybercriminals
Add Axios as your preferred source to
see more of our stories on Google.
Screenshot: Garantex exchange website on March 6.
The U.S. has indicted two people and seized the web infrastructure tied to Russian cryptocurrency exchange Garantex as part of a sweeping international law enforcement operation.
Why it matters: Garantex has long been a go-to exchange for Russian ransomware gangs, darknet marketplaces and other cybercriminals who need to launder the cryptocurrencies they earn through their schemes.
- Since April 2019, Garantex has processed at least $96 billion in cryptocurrency transactions, according to the Secret Service.
Driving the news: Law enforcement placed a seizure notice on Garantex's website on Thursday, catching the attention of cybersecurity and cryptocurrency researchers.
- The notice acknowledged that the Secret Service led the investigation, alongside the U.S. Justice Department's criminal division, the FBI, Europol and law enforcement authorities in the Netherlands, Germany, Finland and Estonia.
- On Wednesday, Garantex told users in a Telegram message that it was "temporarily suspending all services," including withdrawals, after Tether blocked digital wallets on its platform holding more than 2.5 billion rubles.
- The European Union unveiled sanctions against Garantex last week. The U.S. Treasury Department previously sanctioned Garantex in 2022.
Zoom in: The Justice Department unsealed indictments against Aleksej Besciokov and Aleksandr Mira Serda for allegedly running Garantex between 2019 and 2025.
- According to the indictment, the operators redesigned Garantex's operations in 2023 to evade U.S. sanctions and trick unsuspecting American businesses into transacting with its exchange.
- The Secret Service said it seized three web domains — Garantex[.]org, Garantex[.]io and Garantex academy — used to support Garantex's operations, and it froze $26 million worth of cryptocurrency transactions.
- Law enforcement officials said they also obtained copies of Garantex's customer and accounting databases before the takedown — suggesting they'll use the information for future cybercrime investigations.
The intrigue: The takedown deals a major blow to the Russian cybercriminal ecosystem amid questions about whether the U.S. is still committed to fighting Russian hackers.
- Last week, multiple outlets reported that U.S. Cyber Command had been directed to pause all offensive cyber operations against Russian threats. However, the Pentagon has denied those reports.
Reality check: Besciokov lives in Russia and Mira Serda lives in the United Arab Emirates. Both countries are highly unlikely to extradite them to the United States to face prosecution.
Editor's note: This story has been updated with news from Friday's announcement by the Secret Service.
