According to the indictment released by the U.S. Department of Justice (DOJ) on March 7, the arrest confirmation updated on March 13, and the statement of the Indian Central Bureau of Investigation (CBI), the Russian centralized cryptocurrency trading platform Garantex has been forced to shut down by multinational joint law enforcement, and its co-founder Aleksej Besciokov has been arrested.
During this period, a large-scale freeze of Garantex-related funds also occurred on the chain. This article aims to warn Web3 practitioners to pay attention to the threat of risky USDT by sorting out the details of the sanctions and freezes.
Background of the Sanctions Against Garantex
Garantex is a Russian cryptocurrency exchange founded in 2019 that has long been accused of providing money laundering services for illegal activities. In April 2022, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) imposed sanctions on Garantex, claiming that it processed more than $100 million in illegal transactions, including funds related to darknet markets, ransomware gangs (such as Conti), hackers, and terrorism.
On March 7, 2025, the U.S. Department of Justice (DOJ) unsealed an indictment against Aleksej Besciokov and his partner Aleksandr Mira Serda, accusing them of money laundering conspiracy through Garantex, violating U.S. sanctions, and operating an unlicensed money transmission business.
Garantex is said to have processed at least $96 billion in cryptocurrency transactions since its inception, including a large amount of criminal proceeds. For example, U.S. authorities pointed out that the exchange has provided money laundering services for North Korean hacker groups such as the Lazarus Group, Russian oligarchs, and multiple ransomware gangs such as Black Basta, Play, and Conti.
On-chain law enforcement activities
The off-chain arrests were accompanied by a massive on-chain freeze, which was carried out by US security vendors and USDT issuer Tether in response to the US government. According to Bitrace’s on-chain monitoring and Garantex’s self-disclosure in the Telegram channel, the relevant law enforcement activities froze at least 28m worth of USDT.
As early as when Garantex was sanctioned in 2022, the exchange had begun to change its business address at a high frequency in an attempt to circumvent possible on-chain sanctions, but this on-chain freezing activity was not directly aimed at Garantex's business hot wallet address, but a large number of transit and coin hoarding addresses used to evade fund tracking. Before Aleksej Besciokov was arrested, he or the team behind him withdrew a large amount of funds from major cryptocurrency trading platforms and payment platforms, and transferred them to other trading platforms again after highly automated fund laundering.
Tether’s law enforcement cooperation forcibly interrupted this process and directly led to Garantex ceasing its services.
On-chain funding threats are spreading
After investigating the on-chain activities of all frozen addresses, it is not difficult to find that Garantex made extensive use of centralized entity addresses in the process of fund laundering.
Taking the TRON address TUCUYf that was frozen in this incident as an example, the upstream source of funds for this address was a hot wallet address for withdrawals from a payment or exchange platform. Before being frozen, this address transferred part of the funds to other centralized trading platforms.
Another TRON address, TXFUjf, not only interacted with exchange users before it was frozen, but also had many connections with payment platforms and even online gambling platforms.
Obviously, in addition to the on-chain freezing activities, if the operators of such centralized institutions conduct risk control on users who receive such funds for compliance reasons, innocent OTC traders or ordinary users who receive related cash-out funds will be affected.
