The Feds today revealed more details about the US Secret Service-led Garantex takedown, a day after seizing websites and freezing assets belonging to the Russian cryptocurrency exchange in coordination with German and Finnish law enforcement agencies.
Also today, the US Justice Department announced criminal charges against the two alleged administrators of the multi-billion-dollar money laundering service favored by ransomware fiends and other cybercriminals to facilitate computer hijacking, drug trafficking, and terrorism.
On March 6, after obtaining copies of Garantex’s servers that included customer and accounting databases, the Secret Service, armed with a warrant, seized three website domains — Garantex.org, Garantex.io, and Garantex.academy — used to operate the exchange.
As part of the coordinated actions, German and Finnish law enforcement also seized servers from various locations that hosted Garantex’s operations, effectively terminating the exchange.
Notice shown on seized Garantex websites, announcing their takeover by the Feds and cops … Click to enlarge
Garantex, which was sanctioned by the Americans in 2022, has processed at least $96 billion in cryptocurrency transactions since 2019.
These transactions, according to court documents, include millions of dollars in ransomware proceeds for the Black Basta, Play, and Conti ransomware groups, $22 million stolen from a US-based blockchain network, and nearly $3.8 million processed from at least three online underworld souks selling ransomware, drugs, and child sexual abuse material.
Aleksej Besciokov, 46, a Lithuanian national and Russian resident, and Aleksandr Mira Serda (previously Aleksandr Ntifo-Siaw), 40, a Russian national and United Arab Emirates resident, controlled and operated Garatnex between 2019 and 2025, according to a newly unsealed indictment [PDF].
Mira Serda co-founded Garantex and was its chief commercial officer, while Besciokov served as the primary technical administrator, responsible for maintaining the platform’s critical infrastructure, along with reviewing and approving transactions, it is claimed.
The two are charged with conspiring to launder money, while Besciokov is also charged with conspiring to violate sanctions and to operate an unlicensed money-transmitting business.
Both men allegedly knew that criminal proceeds were being laundered through the exchange and took steps to conceal illegal activities.
Mira Serda also operated another exchange, CryptoMax. He used this second crypto exchange to wash dirty money through an account at Garantex registered to Mira Serda, it is alleged.
“Using Garantex’s infrastructure, CryptoMax processed transactions to numerous illicit exchanges, including sending funds to darknet drug markets and other cryptocurrency laundering services,” the indictment claims. “Additionally, via internal communications, Besciokov identified CryptoMax transactions as Garantex processing ‘dirty funds’.”
Plus, the two Garantex operators tried to shield Mira Serda’s identity from law enforcement, it is claimed. When Russian cops sought records related to an account registered to the exchange’s COO, Garantex admins handed over incomplete information and falsely claimed the account was not verified, it is said.
Besciokov also “personally identified” accounts linked to other cybercriminals, including two that were transferring funds originating from North Korea’s Lazarus Group, and allowed these accounts to continue transacting on the site, it is alleged.
While the charges against the two carry maximum penalties of 20 years in prison each, first the men would need to be arrested, then extradited to the United States, and then tried in court. But since they live in Russia and the UAE, seeing a perp walk any time soon is highly unlikely. ®