US seizes domain of Garantex crypto exchange used by ransomware gangs

The U.S. Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol.

Other law enforcement authorities involved in this action include the Dutch National Police, the German Federal Criminal Police Office, the Frankfurt General Prosecutor's Office, the Estonian National Criminal Police, and the Finnish National Bureau of Investigation.

Earlier today, Garantex was also forced to suspend services due to Tether blocking its digital wallets after the European Union sanctioned the crypto exchange as part of its 16th package of sanctions against Russia, which targets 542 individuals and entities.

"We have bad news. Tether entered the war against the Russian cryptographic market and blocked our wallets in the amount of more than 2.5 billion rubles," the Garantex team said in a Telegram post on Thursday.

"We temporarily suspend the provision of all services, including the findings of cryptocurrency, for a while, while the whole team is solving this problem. We draw your attention to the fact that all USDT on Russian wallets is now at risk."

After seizing Garantex's domain garantex[.]org, the Secret Service also changed the name servers to ns1.usssdomainseizure.com and ns2.usssdomainseizure.com.

​The Russian exchange was previously sanctioned by the Treasury Department's Office of Foreign Assets Control (OFAC) in April 2022 after over $100 million in Garantex transactions were linked to darknet markets and cybercrime actors, including the notorious Conti Ransomware-as-a-service (RaaS) operation and the Hydra dark web market.

"The majority of Garantex's operations are carried out in Moscow, including at Federation Tower, and St. Petersburg, Russia, where other sanctioned virtual currency exchanges have also operated," OFAC said at the time.

Garantex lost its license to provide virtual currency services in February 2022 after Estonia's Financial Intelligence Unit found links between Garantex and wallets used for criminal activity and critical compliance issues with Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) policies.

"Despite losing its Estonian license to provide virtual currency services following the Estonian Financial Intelligence Unit's investigation, Garantex continues to provide services to customers through unscrupulous means," OFAC added.

Two years later, OFAC sanctioned the Cryptex and PM2BTC crypto exchanges for laundering funds for Russian ransomware gangs and other cybercrime groups.

It also targeted the Bitpapa, TOEP, and Crypto Explorer crypto exchanges in March 2024 and designated the Sinbad, Tornado Cash, and Blender.io crypto-mixing services for laundering money for the North Korean Lazarus hacking group.