US Seizes Domain of Garantex Crypto Exchange Used by Ransomware Gangs

The U.S. Secret Service, in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol, has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex. This move marks a significant step in the global effort to combat cybercrime and ransomware attacks.

Garantex was forced to suspend its services earlier today due to Tether blocking its digital wallets after the European Union sanctioned the crypto exchange as part of its 16th package of sanctions against Russia, which targets 542 individuals and entities. The Garantex team stated that they have been hit with a "bad news" message from Tether, which has blocked their digital wallets containing over 2.5 billion rubles worth of USDT.

"We're fighting and we're not giving up!" the Garantex team wrote in a Telegram post on Thursday. "We draw your attention to the fact that all USDT on Russian wallets is now at risk." The exchange's temporary suspension of services will likely cause significant disruptions to its users, who may find their funds frozen or inaccessible.

The Secret Service also changed the name servers for Garantex.com to ns1.usssdomainseizure.com and ns2.usssdomainseizure.com, effectively taking control of the domain. This move is part of a broader effort by law enforcement agencies to disrupt and dismantle cybercrime operations.

Garantex was previously sanctioned by the Treasury Department's Office of Foreign Assets Control (OFAC) in April 2022 after over $100 million in Garantex transactions were linked to darknet markets and cybercrime actors, including the notorious Conti Ransomware-as-a-service (RaaS) operation and the Hydra dark web market.

According to OFAC, "The majority of Garantex's operations are carried out in Moscow, including at Federation Tower, and St. Petersburg, Russia, where other sanctioned virtual currency exchanges have also operated." The agency added that despite losing its Estonian license to provide virtual currency services following an investigation, Garantex continued to operate through unscrupulous means.

This is not the first time Garantex has faced sanctions from law enforcement agencies. Two years ago, OFAC sanctioned the Cryptex and PM2BTC crypto exchanges for laundering funds for Russian ransomware gangs and other cybercrime groups. It also targeted the Bitpapa, TOEP, and Crypto Explorer crypto exchanges in March 2024 and designated the Sinbad, Tornado Cash, and Blender.io crypto-mixing services for laundering money for the North Korean Lazarus hacking group.

The action against Garantex demonstrates the growing international cooperation and commitment to combat cybercrime. The U.S. Secret Service's seizure of the domain is a significant step towards disrupting and dismantling these operations, and it serves as a warning to those involved in such activities that they will be held accountable for their actions.