In less than two weeks after being shut down by global law enforcement agencies, Garantex — a Russian cryptocurrency platform favored by ransomware operators and oligarchs looking to bypass sanctions — has seemingly made a comeback under the new name Grinex.
A recent report from a Swiss blockchain analytics company indicates that extensive on-chain and off-chain evidence suggests Grinex is the direct continuation of Garantex. Notably, liquidity from Garantex, including its entire reserves of a ruble-pegged stablecoin known as A7A5, has already been transferred to wallets controlled by Grinex.
The CEO of the analytics firm stated that there are numerous off-chain signals, alongside the on-chain data, which point to a close relationship between the two exchanges. Notably, Grinex has seen rapid growth, achieving over $40 million in trading volume within just two weeks, accompanied by various social media connections tying the two platforms together.
While other leading blockchain analytics firms have not yet validated these findings, a representative from Chainalysis noted that several indicators suggest Grinex could indeed be a rebranding of Garantex.
This representative referred to a recent comment made on Telegram by Sergey Mendeleev, one of Garantex’s original founders. In it, he announced the formation of Grinex, claiming any perceived similarities between the two platforms were coincidental, followed by laughing emojis. Both industry observers indicated reports of Garantex users traveling to Garantex’s physical offices in Europe and the Middle East to transfer their assets to Grinex, highlighting the similarities in user interfaces on both platforms.
While the findings are certainly persuasive, the representative stressed that until a thorough examination of Grinex’s system is conducted, no definitive conclusions can be drawn.
If Grinex is indeed a rebranding of Garantex, it wouldn’t be the first instance of a sanctioned exchange reinventing itself following a crackdown. A notable example includes Russian crypto exchange BTC-E, which was seized by U.S. authorities in 2017 and subsequently rebranded as WEX. However, WEX fell short, closing a year later due to internal disputes among its leadership. Similarly, Suex, another sanctioned Russian exchange, rebranded itself as Chatex, only to face sanctions once more.
The challenges of enforcement
The swift resurrection of Garantex highlights the difficulties posed by sanctions, particularly against illicit operations such as non-compliant exchanges, darknet markets, and ransomware groups that simply adapt to evade scrutiny.
“Sanctions evasion is inevitable,” the representative remarked. “If you’re sanctioned, you’re not likely to accept the end of your financial dealings. You’ll find ways to avoid detection, whether that means setting up shell companies or developing new cryptocurrency wallets. Larger and more prominent operations need to be increasingly sophisticated to succeed.”
This issue extends beyond the crypto realm, although sanctions related to cryptocurrencies afford law enforcement unique avenues to trace financial flows after sanctions are enacted.
“Blockchain’s transparency and immutability present a unique situation after a company is shut down,” the representative observed. “Take Garantex for example: even if their Tether assets are seized, they can still manipulate other resources. This creates a chance to monitor what these entities do with their funds post-closure.”
A complex web of potential replacements
Regardless of whether Grinex is a new incarnation of Garantex, numerous other non-compliant Russian crypto exchanges are eager to step into the void.
An expert in policy and government affairs noted that it is still “premature” to make firm determinations about Grinex’s ties to Garantex. “That said, it’s evident that other risky non-compliant exchanges will attempt to capitalize on the space left by Garantex,” he added.
A recent report from an analytics firm identified several potential successors, including high-risk exchanges such as ABCEX and Keine-Exchange.
The Garantex shutdown
Garantex was dismantled earlier this month in a coordinated effort by international law enforcement from the U.S., Germany, and Finland, which involved the seizure of its domain and servers.
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) first imposed sanctions on the exchange in 2022, claiming it knowingly facilitated money laundering for ransomware groups such as Black Basta and Conti, as well as darknet markets like Hydra.
Court documents indicated that Garantex served clients that included North Korea’s state-sponsored hacking group, The Lazarus Group, responsible for the recent $1.4 billion Bybit hack, and Russian oligarchs who utilized the platform to dodge sanctions post-Russia’s invasion of Ukraine.
Two operators of Garantex, a Lithuanian and a Russian national, have faced charges for money laundering conspiracy linked to their roles at the exchange. The Lithuanian was arrested while on vacation in India earlier this month and is expected to be extradited to the U.S. to face legal consequences.