New crypto exchange Grinex suspected to be Garantex rebrand following US seizure

New crypto exchange Grinex suspected to be Garantex rebrand following US seizure

A newly launched cryptocurrency exchange named Grinex may be a rebrand of the sanctioned Russian platform Garantex shut down by US authorities in March.

According to a new report from TRM Labs, Grinex shows “strong ties” to Garantex, a crypto exchange that was officially registered in Estonia but operated largely out of Russia. Garantex was sanctioned by the US

Treasury’s Office of Foreign Assets Control (OFAC) in April 2022 for facilitating billions in illicit transactions tied to ransomware gangs and darknet markets, including Conti, Hydra, and Solaris.

After Garantex’s domains were seized, Grinex was immediately promoted in Telegram channels associated with the Satoshkin group, calling it “a new platform with familiar functionality.”

Grinex not only copied Garantex’s interface but reportedly entered into agreements to onboard its former clients and staff. Most notably, the platform began redistributing frozen Garantex assets using a new ruble-pegged stablecoin named A7A5, which was announced just two weeks before Garantex was taken down.

While TRM Labs has not confirmed if Grinex is currently engaged in illicit activity, the firm identified two Kyrgyzstan-based companies involved in significant A7A5 transactions.

Authorities have already arrested one Garantex administrator, Aleksej Besciokov, who was detained while vacationing in India. Another administrator, Aleksandr Mira Serda, remains charged but at large.

“Whether it’s darknet markets or non-compliant virtual asset service providers (VASPS) like Garantex, when one is taken down others will rise to take its place — whether via a potential rebrand like Grinex or would-be successors like Rapira and ABCEX. Whatever happens in the wake of Garantex, the global compliance and enforcement community will need to stay one step ahead,” the report concludes.

Back to the list

Latest Posts

Cyber Security Week in Review: May 2, 2025

Cyber Security Week in Review: May 2, 2025

In brief: SonicWall warns of active exploitation of recently patched bugs, Commvault confirms a nation-state zero-day attack, and more.
2 May 2025
Nation-state hackers exploit zero-day in Commvault Azure environment

Nation-state hackers exploit zero-day in Commvault Azure environment

Additionally, SonicWall has warned that two flaws affecting its SMA100 appliances are being actively exploited in the wild.
1 May 2025
New crypto exchange Grinex suspected to be Garantex rebrand following US seizure

New crypto exchange Grinex suspected to be Garantex rebrand following US seizure

After Garantex’s domains were seized, Grinex was immediately promoted in Telegram channels.
30 April 2025