The U.S. Secret Service, in coordination with the Department of Justice’s Criminal Division, the FBI, and Europol, has seized the domain of the Russian cryptocurrency exchange Garantex.
The takedown was also supported by law enforcement agencies from the Netherlands, Germany, Estonia, and Finland, furthering international efforts to combat illicit financial activities.
Earlier today, Garantex was forced to suspend its services after Tether blocked its digital wallets in response to new European Union sanctions. The exchange was included in the EU’s 16th package of sanctions against Russia, which targeted 542 individuals and entities. In a Telegram post, Garantex acknowledged the wallet freeze, stating that over 2.5 billion rubles in assets were affected and warning users that all USDT held in Russian wallets was now at risk.
Following the domain seizure, the Secret Service updated Garantex’s name servers to ns1.usssdomainseizure.com and ns2.usssdomainseizure.com, effectively taking control of the site.
Garantex had previously been sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) in April 2022, after investigations linked over $100 million in transactions to cybercriminals, including the Conti Ransomware-as-a-Service (RaaS) group and the Hydra dark web market. The exchange primarily operated out of Moscow and St. Petersburg, Russia, a hub for other sanctioned virtual currency exchanges.
In February 2022, Estonia’s Financial Intelligence Unit revoked Garantex’s license to provide virtual currency services due to its involvement in criminal transactions and failure to comply with anti-money laundering (AML) and counter-terrorism financing (CFT) regulations. Despite this, OFAC noted that Garantex continued to operate through undisclosed channels.
The crackdown on illicit crypto transactions has intensified, with OFAC sanctioning multiple platforms used by cybercriminals. In 2024, it targeted the Cryptex and PM2BTC exchanges for laundering money for Russian ransomware groups, as well as the Bitpapa, TOEP, and Crypto Explorer exchanges. Sanctions have also extended to crypto-mixing services like Sinbad, Tornado Cash, and Blender.io, which were linked to laundering operations for the North Korean Lazarus hacking group.
This latest action against Garantex underscores the ongoing efforts by U.S. and international authorities to disrupt cybercriminal financial networks and curb the use of cryptocurrencies for illicit activities.
