Shuttered Russian Crypto Exchange Garantex Rebrands as Grinex, Global Ledger Finds

Less than two weeks after it was taken down by international law enforcement authorities, Garantex — a Russian crypto exchange popular with ransomware gangs and sanctions-evading oligarchs — has allegedly already risen from the ashes, rebranding itself as Grinex. According to a new report from Swiss blockchain analytics firm Global Ledger, a slew of on and off-chain data indicates that Grinex is a direct successor to Garantex.

Global Ledger CEO Lex Fisun told CoinDesk that, in addition to on-chain data connecting Garantex to Grinex, there have been numerous off-chain indications that the two exchanges are intimately connected. These include rapid growth of Grinex, which had surpassed $40 million in volume in just two weeks, as well as a host of social media ties between the two exchanges.

Though other major blockchain analytics companies, including TRM Labs and Chainalysis, have yet to confirm Global Ledger’s findings, Chainalysis’ Head of National Security Intelligence Andrew Fierman told CoinDesk that he had seen several indicators that Grinex was likely to be the rebrand of Garantex. These include reports of Garantex users going to Garantex’s in-person offices in Europe and the Middle East and transferring their crypto from Garantex to Grinex, as well as similarities in the two platforms’ user interfaces.

“Sanctions evasion is going to happen,” Fierman said. “Because if you're sanctioned, you aren't just going to accept that you can no longer conduct any financial transactions. You are going to look to avoid detection, however that may be, whether it be through creating shell companies, creating new crypto wallets — and the larger the operation, and the more prominent, the more technically advanced you'd have to be to actually make it work.”

Fierman also pointed out that this problem isn’t unique to crypto, but crypto-related sanctions offer law enforcement a unique opportunity to follow the money after sanctions are put in place. “The unique aspect to the blockchain is that it's transparent and immutable, and so what happens when a company gets shut down is a lot more examined,” Fierman said. “There's a lot more to examine on-chain. Garantex gets shut down, their Tether holdings get seized, but that doesn't stop them from moving other assets. There's opportunity to monitor what happens to those assets.”

A recent client report from TRM Labs named several possible successors, including high-risk Russian exchanges ABCEX and Keine-Exchange. Garantex was dismantled by international law enforcement from the U.S., Germany and Finland in a joint operation earlier this month, which seized its domain and servers. The U.S. Treasury’s Department of Foreign Asset Control (OFAC) first sanctioned the exchange in 2022, accusing it of knowingly facilitating money laundering for ransomware gangs like Black Basta and Conti, as well as darknet markets like Hydra.

Garantex was also accused of having clientele including North Korea’s state-sanctioned hacking squad The Lazarus Group, which was behind the recent $1.4 billion Bybit hack, as well as Russian oligarchs who used the service to evade sanctions after Russia’s invasion of Ukraine. Two of Garantex’s operators, Lithuanian national and Russian resident Aleksej Besciokov and Russian citizen and United Arab Emirates resident Aleksandr Mira Serda have been charged with money laundering conspiracy in connection with their work with Garantex.

Besciokov was arrested while vacationing with his family in India earlier this month, and is expected to be extradited to the U.S. to face charges. On the news team at CoinDesk, Cheyenne focuses on crypto regulation and crime. Cheyenne is originally from Houston, Texas. She studied political science at Tulane University in Louisiana. In December 2021, she graduated from CUNY's Craig Newmark Graduate School of Journalism, where she focused on business and economics reporting. She has no significant crypto holdings.