Grinex’s reach expands to $1.66B despite history of sanctions

Technology
Grinex’s reach expands to $1.66B despite history of sanctions
0


Grinex, a cryptocurrency exchange identified as the suspected successor to the sanctioned Russian platform Garantex, has reportedly moved more than $1.66 billion in crypto through exchanges, despite red flags raised by blockchain analytics firm Global Ledger.

Garantex had its infrastructure taken down by US, German and Finnish authorities in March and has since reportedly shifted its operations to Grinex.

Global Ledger initially told Cointelegraph that various cryptocurrency exchanges had around $1 billion in fund exposure to Grinex, as of early May.

But the movement hasn’t stopped, the Swiss blockchain data specialist said. By May 30, researchers had raised their estimates due to continuous fund flows in and out of Grinex.

“You can see [the amount is] devastating [and] it’s growing on a daily basis,” Yury Serov, research head of investigations at Global Ledger, told Cointelegraph.

The top exchanges by exposure to Grinex. Source: Global Ledger

Grinex wallets continue moving USDt on Tron

According to compliance company Bitrace, $649 billion in stablecoin flows were exposed to high-risk addresses in 2024. The firm said that more than 70% of potentially illicit stablecoin transactions occurred on the Tron network via USDt (USDT).

The observed fund flows out of Grinex are also in Tron-based USDt. At the time of writing, Global Ledger has accounted for $2.41 billion in transactional exposure to crypto services and wallets. Of that amount, $1.66 billion moved in and out of 180 cryptocurrency exchanges, also referred to as virtual asset service providers (VASPs).

Tron has a higher USDt supply than Ethereum as of May 30. Source: Tether

“Let’s say there’s one VASP sending funds and another VASP receiving them. Under the Travel Rule recommendations, the receiving VASP must obtain key details, such as the name of the sending VASP and other relevant identifying information,” Serov said.

Related: Canada lags with stablecoin approach, but there’s room to catch up

Global Ledger declined to name the exchanges exposed to Grinex transfers but said that some have been notified of its suspicious fund flow analysis.

“Some of them, we have received feedback stating that they have acknowledged what we have provided them,” said Serov, adding that some of its communication attempts have gone unanswered.

Sample fund trail from a suspected Grinex account to a wallet in a licensed exchange. Source: Global Ledger

Cointelegraph independently contacted six of the world’s largest crypto firms operating globally to ask whether they had been notified of, or detected, fund flows from Grinex.

Of the exchanges contacted, only Binance responded, stating that it monitors and blocks both direct and indirect exposure to sanctioned individuals and entities.

“While it is not possible to avoid incoming deposits, we do take action against the clients. We also prevent users from sending funds to sanctions-related addresses,” the exchange’s spokesperson said.

Many of the transactions identified by Global Ledger were direct interactions, meaning no intermediary addresses or obfuscation techniques were used to transfer funds from Grinex to the exposed exchanges.

Cointelegraph attempted to contact Grinex but did not receive a response by publication.

Grinex emerges from the shadow of Garantex

In March, US and European authorities announced a coordinated international operation to disrupt Garantex’s services. As part of the crackdown, Tether froze $27 million in stablecoins held on the sanctioned Russian exchange.

US law enforcement said it seized domain names linked to Garantex, while German and Finnish authorities confiscated servers hosting the exchange’s infrastructure. US officials also stated they had obtained earlier server copies containing customer and accounting data. Garantex allegedly processed around $96 billion in crypto transactions since April 2019.

Related: Crypto swapper eXch shows signs of life after post-Bybit shutdown

Days later, India’s Central Bureau of Investigation arrested Aleksej Bešciokov, accused of operating Garantex, on US money laundering charges.

Garantex then allegedly resurfaced as Grinex, according to onchain and offchain data analyzed by Global Ledger. The company reported that Garantex had moved over $60 million in Russian ruble-backed stablecoins to Grinex, which it described as the exchange’s “full-fledged successor.”

Garantex funds moved to Grinex wallets. Source: Global Ledger

Global Ledger added that one of Grinex’s managers claimed customers had personally visited the Garantex office and were actively transferring funds from Garantex to Grinex.

Garantex was sanctioned by the US Treasury in 2022 and by the European Union in February 2025.

Grinex shows how platforms survive crackdowns

In the early days of blockchain technology, cryptocurrencies offered cybercriminals a convenient way to move money due to their decentralized and largely unregulated nature.

Today, the asset class has matured, attracting growing interest from institutions and even nation-states. This shift has accelerated regulatory discussions and driven the development of advanced security tools to track illicit transactions. Several countries have now established specialized units dedicated to crypto.

Despite this progress, significant blind spots remain, and illicit actors continue to exploit regulatory arbitrage.

For instance, some USDt flows from Grinex have been linked to licensed, Europe-focused cryptocurrency exchanges. In the EU, exchanges have begun delisting USDt trading pairs to comply with the bloc’s Markets in Crypto-Assets (MiCA) regulatory framework, which imposes strict requirements on stablecoin issuers.

“These entities do have licenses in Europe, but they’re also actively operating in countries outside the EU that have become a major destination for Russian immigrants after the war,” said Serov. “Our assumption is many are still legally residing there with documentation that allows them to interact with Euro-focused VASPs.”

While sanctioned platforms and illicit crypto businesses have recently been shut down, Alex Katz, CEO of security firm Kerberus, warned in a previous interview with Cointelegraph that such entities often rebrand and continue operating under new names.

Recently, eXch, a no-Know-Your-Customer (no-KYC) crypto exchange, was dismantled by German authorities, who seized $38 million and related infrastructure. However, security monitors reported continued fund flows involving associated wallets, suggesting that the platform may still be serving key customers in stealth mode.

Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why



Source link

You might also like
Technology

BlackRock’s Bitcoin ETF ends 31-day inflow streak with biggest outflow ever

Technology

Ethereum’s ‘own Saylor’ SharpLink Gaming plans $1B ETH purchase

Technology

Ethereum network growth, bullish ETH futures support $2.4K

Technology

FTX Bankruptcy Estate distributes $5 billion

Leave A Reply

Your email address will not be published.

bitcoin
Bitcoin (BTC) $ 104,788.08
ethereum
Ethereum (ETH) $ 2,540.88
tether
Tether (USDT) $ 1.00
xrp
XRP (XRP) $ 2.20
bnb
BNB (BNB) $ 659.72
solana
Solana (SOL) $ 157.71
usd-coin
USDC (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.194839
tron
TRON (TRX) $ 0.266651
cardano
Cardano (ADA) $ 0.690231