CRYPTO LAUNDERING ERASES NATIONAL BORDERS - FROM RUSSIA TO KYRGYZSTAN – DUBAI - SPAIN- your JURISDICTION?

Crypto crime and the proceeds of crime erase national borders. These schemes jump from Russia to Kyrgyzstan to Dubai to Spain, all without interruptions or obstacles. Just imagine what law enforcement agents have to do to follow them?

Below is the HTTPS://TI-RUSSIA.ORG/EN/ investigation into the evolution of Garantex, a Moscow-based cryptocurrency exchange, into a sophisticated, decentralised money laundering network that operates across borders despite international sanctions and law enforcement actions. The investigation highlights how Garantex’s transformation into a resilient, STATE-TOLERANT LAUNDERING ECOSYSTEM exploits regulatory weaknesses, utilising Telegram and decentralised platforms to move billions of illicit funds globally.

THE REPORT'S KEY POINTS INCLUDE:

1. Borderless Crypto Laundering: Garantex and its successors facilitate illicit financial flows from Russia to jurisdictions like Kyrgyzstan, Dubai, UAE, Brazil, Spain, Thailand, Georgia, and Hong Kong, erasing national borders through crypto-based schemes.
2. Garantex’s Resilience: Blacklisted by OFAC in 2022 and targeted in 2025 raids, Garantex never ceased operations. It transformed into entities like Exved, MKAN Coin, and Grinex, using technical obfuscation and government tolerance to sustain a decentralised laundering system.
3. Successor Entities:
   • Exved, led by Sergey Mendeleev, operates as an offshore crypto laundering network, enabling Russian clients to move funds abroad without a crypto footprint in Russian banking records. It also facilitates transactions for dual-use goods, such as microchips and telecommunications equipment.
   • MKAN Coin and Grinex are rebranded versions of Garantex, offering Telegram-based crypto-to-cash services for capital movement.
4. Key Individuals: Sergey Mendeleev, Aleksandr Mira Serda (indicted in the U.S.), and Mohammad Khalifa manage this network, repurposing Garantex’s infrastructure for cross-border payments disguised as legal services.
5. Moscow-City as Operational Hub: Despite sanctions and scrutiny, Moscow-City remains the core of this laundering network, hosting offices and proxies for entities like Exved, Paysol, and Fintech Corporation.
6. Telegram’s Role: The messaging app serves as the backbone for client onboarding, wallet transfers, and operations, enabling anonymous, scalable, and borderless financial flows hidden mainly from regulators.
7. Sanctions and Enforcement Efforts:
   • In March 2025, a coordinated global strike by the U.S., Europol, and others targeted Garantex’s infrastructure, seizing domains and arresting key figures like Aleksey Besciokov. However, successors like Grinex and Exved continued operations.
   • OFAC and the UK expanded sanctions in 2025, targeting Garantex’s ecosystem, which processed $96 billion in transactions since 2019, with $1.3 billion linked to criminal activity.
8. Systemic Issues: Garantex’s integration into Russia’s financial framework suggests state tolerance or enablement, raising concerns about global financial integrity and enforcement gaps. The network’s role in facilitating payments for sanctioned entities, darknet markets, and ransomware groups underscores its significance as a "Crypto Laundromat."

READ THE REPORT HERE https://ti-russia.org/en/ - https://cryptolaundromat.ti-russia.org/ - BELOW

Garantex Didn’t Die, It Transformed

1. Blacklisted by OFAC in 2022 and targeted by law enforcement raids in 2025, Garantex never ceased operations. Instead, it reemerged under new names, such as MKAN Coin, Grinex, and Exved, morphing into a decentralised laundering system sustained by technical obfuscation and the government’s tolerance.

Successor Entities Continue to Operate Across Jurisdictions

1. Entities tied to Garantex continue operating across the UAE, Brazil, Kyrgyzstan, Spain, Thailand, Georgia, Hong Kong, and Russia.

Exved: Sanctions Evasion

1. Led by Sergey Mendeleev, who is linked to Garantex, Exved masquerades as a domestic payment facilitator but operates as an offshore crypto laundering network.
2. Using agent-based payment schemes enables Russian clients to move money abroad through offshore proxies, leaving no crypto footprint in Russian banking records.

Dual-Use Goods

1. During an undercover interview, we confirmed the Exved system’s involvement in financing dual-use goods transactions, which include microchips, telecom equipment, and related components sourced from jurisdictions such as China and Taiwan.

MKAN Coin and Grinex: Functional Reincarnations of Garantex

1. While Exved can be described more accurately as an intentionally designed next-generation platform, MKAN Coin and Grinex are closer to rebranded replicas of Garantex, offering the same Telegram-based crypto-to-cash service to Russians moving capital abroad.
2. Wallet Analysis: Garantex Never Left
3. Operational addresses tied to Exved and Grinex received funds from Garantex-related sanctioned wallets and routed them to similar entities: this is a classic layering technique in laundering.

Key Individuals Driving the Laundromat

1. A small, experienced group linked to Garantex continues to operate the laundering network. Sergey Mendeleev, founder of Exved and architect of Garantex’s early systems, repurposed the infrastructure for crypto-backed cross-border payments disguised as legal services.
2. Co-founder Aleksandr Mira Serda (aka Cerda, Ntifo-Siao, or Ntifo Siaw), indicted in the U.S., manages parts of the network from abroad. Mohammad Khalifa, a Garantex representative across multiple jurisdictions, is also tied via blockchain analysis to successor schemes. Together, they sustain a fragmented but resilient system of platforms, including Exved and Grinex, that operate beyond formal oversight.

Moscow-City: The Laundromat’s Unmoved Core

1. Despite years of investigative reporting, international sanctions, and public scrutiny, Moscow-City remains the operational heart of the laundering network. Key actors, including Exved and affiliated shell companies like Paysol and Fintech Corporation, continue to maintain offices, proxies, and crypto-cash infrastructure in the towers of Moscow-City.
2. The exact location that once hosted Garantex now facilitates its successors, an enduring symbol of Russia’s government ability to protect financial grey zones even under international pressure.

Telegram: The Real Exchange

1. Behind the complex web of crypto wallets, offshore entities, and sanctioned counterparties lies a surprisingly simple backbone:
2. Telegram. Not a regulated exchange or a licensed platform, just a messaging app. Yet this is where it all happens: client onboarding, agent contracts, wallet transfers, and even rudimentary KYC, all conducted through bots and private chats. Telegram has become the central operating layer of the laundering ecosystem, enabling anonymous, scalable, and borderless financial flows that are largely hidden from regulatory oversight.

A Crypto-Laundromat Integrated with State-Tolerated Systems

1. Garantex’s metamorphosis into Exved and its integration into Russia’s experimental cross-border financial schemes suggest more than opportunistic evasion; it signals a systemic laundering architecture operating under tacit or active federal government enablement. This raises urgent questions about financial integrity and global enforcement gaps.
2. Some entities and individuals referenced in this investigation, including Bank of China, DBS Hong Kong, J.P. Morgan Hong Kong, Deutsche Bank Hong Kong, Fintech Corporation, Exved, Paysol, Sergey Mendeleev, and Sergey Kunitsa, were contacted for comment or made aware of our reporting. Not all subjects mentioned in the report were reached.

Prologue: From Garantex to Its Successors

Coordinated Strike

1. On a spring morning in March 2025, law enforcement agencies across three continents launched a coordinated strike.
2. The U.S. Secret Service, Europol, and authorities in Germany, Finland, and India launched their attack almost simultaneously. Their target was the online infrastructure of Garantex, a Moscow-based crypto exchange officially sanctioned for facilitating millions of dollars in illicit transactions.
1. https://home.treasury.gov/news/press-releases/jy0701
3. Officers seized Garantex’s online infrastructure, including its main domains, garantex.io and garantex.org, and took control of the servers hosting its core operations.
1. https://www.justice.gov/opa/pr/garantex-cryptocurrency-exchange-disrupted-international-operation
4. In the hours before the raid, U.S. authorities reportedly copied some of the data.
5. The system administrator of Garantex, Aleksey Besciokov, was arrested in India. In contrast, the exchange’s co-founder, Aleksandr Mira Serda (also known as Aleksandr Ntifo-Siao), evaded arrest and is believed to have continued operating from the UAE.
1. https://www.reuters.com/world/us-request-india-arrests-crypto-administrator-accused-money-laundering-2025-03-13/
6. Both were indicted for conspiracy to operate an unlicensed money-transmitting business and to commit money laundering.
1. https://www.justice.gov/opa/media/1392316/dl
7. In August 2025, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) expanded sanctions against Garantex’s successors – Grinex, Exved, InDeFi Bank – and its executives: Sergey Mendeleev, Aleksandr Mira Serda, and Pavel Karavatsky.
8. Garantex itself was re-designated under the U.S. cyber-related sanctions program.
1. https://ofac.treasury.gov/recent-actions/20250814
9. Within days, the UK announced sanctions aimed at Garantex’s successor networks, highlighting token A7A5, which had moved roughly $9.3 billion on the exchange in just four months.
1. https://www.gov.uk/government/news/uk-targets-sanctions-circumvention-and-crypto-networks-exploited-by-russia
10. Taken together, Washington and London signalled that enforcement now targets the broader Garantex ecosystem and its successor brands, not just the legacy exchange.
11. But this was not the first blow to the exchange. In 2022, OFAC had already blacklisted Garantex for laundering funds for darknet markets and ransomware groups such as Conti and Hydra.
1. https://home.treasury.gov/news/press-releases/jy0701
2. https://www.elliptic.co/blog/black-basta-ransomware-victims-have-paid-over-100-million
12. The Estonian regulator had revoked the exchange’s license for serious anti-money laundering violations.
1. https://fiu.ee/en/news/garantex-europe-ou-lost-right-provide-virtual-currency-services
13. Nevertheless, Garantex did not cease operations: it merely changed tactics, entrenched itself in Russia, and continued serving clients while evading Western oversight.
14. Founded in Moscow in 2019, Garantex started as a crypto exchange focused on ruble-based trading.
1. https://www.facebook.com/garantex.io/posts/pfbid0GSRCgNVXSXpPA3vnsh9eraLYu2Qur23hnKxMibP21n2TBteqfwoP13xgG8uxAwjBl
15. Over time, it grew into a core component of Russia’s evolving response to Western financial isolation. Between 2019 and 2025, it processed around $96 billion in transactions, with at least $1.3 billion directly linked to criminal activity, according to blockchain forensics firm Chainalysis.
1. https://www.chainalysis.com/blog/russian-exchange-garantex-dismantled/#:~:text=While%20the%20shutdown%20of%20Hydra,billion%20in%20transactions%20since%202019
16. Each time Garantex seemed defeated, it returned in a new form, like a hydra: cutting off one head only made another grow.

Critical Hub for Sanctions Evasion

1. A shift in operational tactics allowed Garantex not only to survive, but to thrive after sanctions were imposed.
   1. https://coinpaprika.com/exchanges/garantex/
2. The exchange rotated wallets frequently, used one-off addresses, and engaged in chain-hopping methods to obscure transaction trails.
   1. https://www.merklescience.com/blog/the-fall-of-garantex-a-tactical-win-but-money-laundering-persists
   2. https://www.wsj.com/finance/currencies/garantex-russian-crypto-hamas-crime-sanctions-a3648357
3. Investigators found evidence of false user data provided to Russian authorities and illegal servicing of U.S. customers without registration.
   1. https://www.chainalysis.com/blog/russian-exchange-garantex-dismantled/
4. Beyond technical adaptation, Garantex emerged as a favoured venue for high-risk transactions tied to illicit actors. According to crypto forensics firm Elliptic, on-chain data showed that wallets allegedly linked by Israeli authorities to Palestinian Islamic Jihad (PIJ) had conducted transactions through Garantex.
   1. https://www.elliptic.co/blog/analysis/israel-orders-seizure-of-crypto-wallets-worth-94-million-linked-to-palestinian-islamic-jihad
5. The ICIJ, citing data from blockchain analytics firm Global Ledger, reported that as much as $15 million in cryptocurrency had passed through Garantex to wallets allegedly tied to Hezbollah and Iran’s Quds Force.
   1. https://www.icij.org/investigations/russia-archive/firm-related-to-sanctioned-crypto-exchange-garantex-is-a-partner-of-moscow-gang-leader-and-has-links-to-kremlin-controlled-rosneft/
6. While the exact share of such activities in Garantex’s total volume remains unclear, the evidence indicates that the exchange played a significant role in facilitating payments for sanctioned entities. This was especially prominent after major platforms, such as Binance, Coinbase, and PayPal, restricted services for Russian users following the Western sanctions imposed in 2022.
7. This pattern reflects not just technical evasion, but Garantex’s broader appeal to actors seeking minimal compliance and maximum opacity. Its services were repeatedly exploited by cybercriminal syndicates as well as by those aiming to funnel money across borders without regulatory detection.
8. In 2024, according to TRM Labs estimates, over 85% of crypto inflows to sanctioned entities and jurisdictions went through Garantex and the Iranian exchange Nobitex.
   1. https://www.trmlabs.com/resources/blog/eu-includes-crypto-exchange-garantex-in-16th-sanctions-package-on-russia#:~:text=One%20of%20the%20most%20significant,entities%20and%20jurisdictions%20in%202024
9. OFAC’s analysis “shows that over $100 million of known Garantex transactions are associated with illicit actors, including darknet markets and ransomware groups.”
   1. https://home.treasury.gov/news/press-releases/sb0225
10. Returning to April 2025: although the raids and arrests seemed like a decisive blow, Garantex did not disappear. What followed was a transformation: name changes, new schemes, new platforms. Soon, the name Grinex appeared on the blockchain as a rebranded shell where user balances were migrated. As of April 2025, it had processed over 41.7 million USDT in incoming transactions.
    1. https://globalledger.io/same-garantex-different-sauce-new-russian-exchange-grinex-launched/
11. Garantex underwent a significant evolution, becoming part of a larger ecosystem: a crypto-based transaction network operating with apparent government tolerance and expanding across international borders.
12. This investigation traces Garantex’s transformation from sanction evasion tactics to the rise of its successor entities like Exved and MKAN Coin, to the quiet integration of this potential laundering architecture into Russia’s own experimental financial framework.
13. Together, these networks could be called a “Crypto Laundromat”: a decentralised infrastructure used to move billions in dirty money across borders, with the Kremlin looking the other way, or possibly helping shape the system from within.

1. https://www.icij.org/investigations/russia-archive/firm-related-to-sanctioned-crypto-exchange-garantex-is-a-partner-of-moscow-gang-leader-and-has-links-to-kremlin-controlled-rosneft/

Source

https://cryptolaundromat.ti-russia.org/