Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Russian cryptocurrency exchange Garantex, a money laundering destination for Russian and North Korean hackers, is no more after international law enforcement seized its servers. Prosecutors in the United States indicted the exchange’s two principals in federal court.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
Aleksej Besciokov, 46, a Lithuanian national residing in Russia, and Russian national Aleksandr Mira Serda, 40, each face charges in a U.S. federal court of money laundering conspiracy. Besciokov, described by prosecutors as a Garantex administrator, faces additional charges of violating sanctions and conspiracy to operate an unlicensed money-transmitting business. Prosecutors say Mira Serda was co-owner of the platform.
The Garantex website now displays seizure notices left by U.S., German, Finnish and Estonian law enforcement. Garantex has processed at least $96 billion in cryptocurrency transactions since its inception in 2019.
The U.S. Department of Treasury sanctioned Garantex in April 2022 after identifying $6 million in transactions involving ransomware-as-a-service operation Conti and approximately $2.6 million from the now-defunct Hydra darknet market. Prosecutors say Besciokov personally greenlighted the platform’s processing of funds believed to originate from the Pyongyang threat actor Lazarus Group. The Garantex administrators also processed deposits flagged as terrorism financing.
The United Kingdom sanctioned Garantex in March 2022 and the European Union followed suit in February. TRM Labs estimates that Garantex and Iranian cryptocurrency exchange Nobitex together accounted for more than 85% of crypto inflows to sanctioned entities and jurisdictions.
The seizure announcement comes the day after Garantex took to its Telegram channel to announce a temporary halt of its operations after stablecoin issuer Tether froze $28 million linked to the platform.
U.S. prosecutors say Garantex operators took steps to dodge sanctions, including by daily rotating its operational cryptocurrency wallets to new virtual addresses. Adding wallet addresses to the Treasury blacklist “is a slow bureaucratic process that lags significantly behind Garantex’s current business process,” a site administrator said in a late 2023 Russian-language post on Telegram.
It additionally posted online videos instructing U.S. users on how to transact with it despite the sanctions, recommending using third-party platforms as intermediaries.
Mira Serda is also suspected of operating another exchange dubbed CryptoMax that facilitated anonymous illicit transactions through Garantex. Although CryptoMax publicly advertised itself as offering instant and anonymous transactions without the need to register an account, Garantex internally described it as a trusted exchanger. CryptoMax was one of the highest volume accounts on the Garantex platform, prosecutors said.
Enforcement of know-your-customer rules was hardly a priority for Garantex itself. Besciokov and Mira Serda allowed individuals to register accounts without providing identity, leading to accounts registered to customers using names such as “hacker,” “Drug,” “cleancoins.” Also, “God.”
For a while, they bought blockchain analytics services to identify suspicious transactions but stopped doing so in April 2022 through June 2023.