Russian exchange Garantex sanctioned, illicit USDT rapidly spreading across OTC industry chain
TechFlow Selected TechFlow Selected
Russian exchange Garantex sanctioned, illicit USDT rapidly spreading across OTC industry chain
The U.S. Department of Justice, together with law enforcement agencies from multiple countries, has shut down the Russian cryptocurrency exchange Garantex and arrested its co-founder Aleksej Besciokov, accusing him of money laundering, sanctions violations, and illegal money transfers.
Navigating Web3 tides with focused insightsAuthor: Bitrace
According to the indictment released by the U.S. Department of Justice (DOJ) on March 7, the arrest confirmation updated on March 13, and statements from India's Central Bureau of Investigation (CBI), the Russian centralized cryptocurrency exchange Garantex has been forcibly shut down by a multinational law enforcement operation, and its co-founder Aleksej Besciokov has been arrested.
During this period, large-scale on-chain freezing actions were also carried out against funds linked to Garantex. This article aims to outline the details of sanctions and fund freezes to alert Web3 practitioners about the risks posed by sanctioned USDT.
Background of the Garantex Sanctions
Garantex is a Russian cryptocurrency exchange founded in 2019, long accused of providing money laundering services for illegal activities. In April 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on Garantex, stating that it had processed over $100 million in illicit transactions, including funds tied to darknet markets, ransomware groups (such as Conti), hackers, and terrorist organizations.
On March 7, 2025, the U.S. Department of Justice (DOJ) unsealed an indictment against Aleksej Besciokov and his partner Aleksandr Mira Serda, charging them with conspiracy to engage in money laundering, violation of U.S. sanctions, and operating an unlicensed money transmitting business through Garantex.
It is alleged that since its inception, Garantex has facilitated at least $96 billion in cryptocurrency transactions, a significant portion of which involved criminal proceeds. For example, U.S. authorities stated the platform provided money laundering services for North Korean hacking groups (such as Lazarus Group), Russian oligarchs, and multiple ransomware gangs (including Black Basta, Play, and Conti).
On-Chain Enforcement Actions
Concurrent with the offline arrests, a large-scale on-chain freezing operation took place, executed collaboratively by U.S. security firms and Tether, the issuer of USDT, in response to U.S. government directives. According to Bitrace’s on-chain monitoring and Garantex’s own disclosures via its Telegram channel, the enforcement action froze at least $28 million worth of USDT.
As early as 2022, when Garantex was first sanctioned, the exchange began frequently rotating its operational addresses in attempts to evade potential on-chain sanctions. However, this latest round of on-chain freezing did not directly target Garantex’s primary hot wallet addresses used for operations, but rather a large number of intermediary and accumulation addresses used to circumvent transaction tracing. Prior to his arrest, Besciokov—or the team behind him—had withdrawn substantial funds from major cryptocurrency and payment platforms, automated extensive fund laundering procedures, and then transferred the cleaned funds back into other exchanges.
Tether’s cooperation with law enforcement abruptly interrupted this process, directly leading to Garantex ceasing operations.
The Threat of On-Chain Funds Is Spreading
Analysis of the on-chain activity of all frozen addresses reveals that Garantex heavily relied on centralized entity addresses during its fund laundering operations.
Take the Tron address TUCUYf, one of the addresses frozen in this incident: its upstream funds originated from a withdrawal hot wallet belonging to a payment or exchange platform. Before being frozen, this address transferred portions of its holdings to other centralized exchanges.
Another Tron address, TXFUjf, interacted not only with exchange users prior to freezing but also had significant connections to payment platforms and even online gambling platforms.
Clearly, beyond direct on-chain freezing, such centralized institutions—if their operators enforce risk controls on users receiving these types of funds for compliance reasons—could inadvertently impact innocent OTC traders or ordinary users who unknowingly receive monetized proceeds.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
