Grinex range increases to USD 1.66 billion despite the history of sanctions

Grinex, the exchange of cryptocurrencies identified as a suspicious successor to the sanctioned Russian platform Garaantex, apparently transferred over $ 1.66 billion in crypto via exchanges, despite the red flags raised by Blockchain Analytics Global Ledger.

GARANTEX was removed by the US, Germany and Finnish authorities in March and since then reportedly moved its activity to Grinex.

Global Ledger initially told CointeLgraph that various cryptocurrency exchanges had about $ 1 billion for the exposure of GRINEX funds at the beginning of May.

But the movement did not stop, said the Swiss Blockchain specialist. Until May 30, scientists raised their estimates because of the continuous flow of funds in Grinex.

“You can see [the amount is] destructive [and] It grows every day, “said Cointelegraph Yury Serov, head of research at Global Ledger.

The best replacement according to the exposure to GRINEX. Source: Global Ledger

GRINEX portfolios continue to move to the throne

According to Compliance, Bitrace $ 649 billion of Stablecoin flows were exposed to high risk addresses in 2024. The company stated that over 70% of potentially illegal Stablecoin transactions took place in the Throne network via USDT (USDT).

The observed flows of the Grinex fund are also in USDT based on the throne. At the time of writing this text, Global Ledger accounted for $ 2.41 billion in transaction exposure to cryptographic services and wallets. Of this amount, $ 1.66 billion transferred to 180 cryptocurrency exchanges, also called virtual asset service providers (VAPS).

*The throne has a higher USDT delivery than Ethereum since May 30. Source:* *Tether*

“Suppose there is one VASP sending funds and another VASP receives them. According to the recommendations of travel rules, VASP receiving must get key details, such as the name of sending VASP and other relevant identification information,” said Serov.

Related: Canada is delayed with Stablecoin’s approach, but there is a place to catch up

Global Ledger refused to exchange exchanges exposed to grinex transfers, but said that some were notified of his suspicious funds for analysis of funds.

“Some of them received feedback with information that they recognized what we provided to them,” said Serov, adding that some of his communication attempts remained unanswered.

*An example trail of funds from the suspicious Grinex account to the portfolio on the licensed stock exchange. Source: Global Ledger*

Cointelegraph has independently contacted the six largest cryptographic companies in the world operating around the world to ask if they were notified about the flow of the Grinex fund.

Among the contacted exchanges, only Binance reacted, stating that it monitors and blocking both direct and indirect exposure to sanctioned people and entities.

“Although it is not possible to avoid incoming deposits, we take action against customers. We also prevent users from sending funds to sanctions related to sanctions,” said the spokesman.

There were many transactions identified by Global Ledger direct interactionWhich means that no intermediary addresses or darkening techniques have been used to transfer funds from Grinex with exposed exchanges.

Cointelegraph tried to contact Grinex, but he did not receive an answer by the publication.

Grinex emerges from the shadow of GARANTEX

In March, the US and European authorities announced a coordinated international activity to disrupt the Garantex services. As part of repression, Tether froze $ 27 million in Stablecouins taking place on a sanctioned Russian exchange.

American law enforcement agencies he said He surprised the names of domains associated with Garaantex, while the German and Finnish authorities confiscated the hosting servers of the exchange infrastructure. US officials also found that they obtained earlier copies of servers containing customer and accounting data. GARANTEX allegedly processed about $ 96 billion of cryptographic transactions from April 2019.

Related: Crypto swapper exchange shows signs of life after closing

A few days later, the Central Bureau of Investigation arrested Aleksej Bešciokov, accused of handling GARANTEX, on charges of money laundering in the USA.

Garaantex then allegedly appeared again as Grinex, according to the data onchain and offchain analyzed by Global Ledger. The company announced that Garaantex has moved over $ 60 million in Russian Ruble Stablecouins to Grinex, which he described as “a full successor”.

*Garaantex funds moved to the GRINEX wallets. Source:* *Global book*

Global Ledger added that one of the GRINEX managers claimed that customers personally visited the GARANTEX office and actively transferred funds from GARANTEX to Grinex.

Garantex was sanctioned by the US treasure in 2022 and by European Union In February 2025

Grinex shows how the platforms will survive the repression

In the early days of blockchain technology, cryptocurrencies were offered by cybercriminals with a convenient way to transfer money due to their decentralized and unregulated character.

Today, the asset class has matured, attracting the growing interest of institutions and even national states. This change accelerated regulatory discussions and caused the development of advanced security tools to track illegal transactions. Several countries now have Specialist units established Dedicated to Crypto.

Despite this progress, significant blind spots remain, and illegal entities still apply regulatory arbitration.

For example, some USDT flows from GRINEX have been associated with licensed cryptocurrency exchange -concentrated exchanges. In the EU, the stock exchanges began to withdraw USDT trade couples to comply with block markets as part of regulatory cryptocurrency (MICU), which impose strict requirements on Stablecoin issuers.

“These entities have licenses in Europe, but they also actively operate in countries outside the EU, which have become the main goal of Russian immigrants after the war,” said Serov. “Our assumption is that many of them still live in documentation that allows them to interact with VASP -oriented euro.”

While the sanctioned platforms and illegal cryptographic companies have recently been closed, Alex Katz, general director of the security company Kerberus, warned in a previous interview for Cointelegraph that such entities often process the brand and continue to operate under novel names.

Recently, Exch, without knowledge about the client (no-kyc) Crypto Exchange, has been dismantled by the German authorities, which occupied $ 38 million and related infrastructure. However, safety monitors Reported Continuation of funds covering related wallets, suggesting that the platform can continue to serve key customers in hiding mode.

Warehouse: Coinbase Hack shows that the law probably will not protect you: Here’s why