Russian exchange Garantex is sanctioned, Black U is spreading to the OTC industry chain on a large scale

‍‍According to the indictment issued by the U.S. Department of Justice (DOJ) on March 7, an arrest confirmation updated on March 13 and a statement from the Central Bureau of Investigation (CBI), Russia's centralized cryptocurrency trading platform Garantex has been forced to be shut down by multinational joint law enforcement, and its co-founder Aleksej Besciokov was arrested.

During this period, large-scale freezing of Garantex-related funds also occurred on the chain. This article aims to warn Web3 practitioners to pay attention to the risk of USDT threats by sorting out sanctions and freezing details.

Garantex sanctioned background

Garantex is a Russian cryptocurrency exchange founded in 2019 and has long been accused of providing money laundering services for illegal activities. In April 2022, the U.S. Treasury Office of Foreign Assets Control (OFAC) imposed sanctions on Garantex, saying it had handled more than $100 million in illegal transactions, including funds related to dark web markets, ransomware gangs such as Conti, hackers, and terrorism.

On March 7, 2025, the U.S. Department of Justice (DOJ) released an indictment against Aleksej Besciokov and his partner Aleksandr Mira Serda, accusing them of alleged money laundering conspiracy through Garantex, violation of U.S. sanctions and operating a fund transfer business without permission.

Garantex allegedly has processed at least $96 billion in cryptocurrency transactions since its inception, including a large amount of criminal proceeds. For example, U.S. authorities pointed out that the exchange has provided money laundering services to North Korean hacker groups such as Lazarus Group, Russian oligarchs, and multiple ransomware gangs such as Black Basta, Play and Conti.

On-chain law enforcement activities

Simultaneously with off-chain arrests was a large-scale on-chain freeze operation, which was carried out in collaboration with US security vendors and USDT publisher Tether in response to the U.S. government. According to Bitrace's on-chain monitoring with Garantex's self-disclosure on the Telegram channel, relevant law enforcement activities have frozen at least 28m worth of USDT.

As early as when Garantex was sanctioned in 2022, the institute had already begun to change its business addresses at high frequency to try to avoid possible on-chain sanctions. However, this on-chain freezing activity was not directly targeting Garantex's business hot wallet address, but a large number of transit and coin hoarding addresses used to circumvent fund tracking. Before being arrested, he or the team behind him withdraw a large amount of funds from the main cryptocurrency trading platforms and payment platforms, and after highly automated funds cleaning, he transferred to other trading platforms again.

Tether's law enforcement collaboration forced the process to be interrupted and directly caused Garantex to stop service.

On-chain fund threat is spreading

After investigating all activities on the frozen address chain, it is not difficult to find that Garantex makes a lot of use of centralized entity addresses during the fund cleaning process.

Take the tron ​​address TUCUYf that was frozen in this event as an example. The upstream fund source of this address is the withdrawal hot wallet address of a payment or exchange platform. Before being frozen, the address transfers part of the funds to other centralized trading platforms.

Another TXFUjf In addition to interacting with exchange users before freezing, it also has more connections with payment platforms and even online gambling platforms.

Obviously, in addition to the on-chain freezing activities, such centralized institutions - if their operators risk control of users who collect such funds for compliance reasons, innocent OTC dealers or ordinary users who collect related monetization funds will be affected.