Grinex, a newly identified cryptocurrency exchange, has emerged from the shadows of the sanctioned Russian platform Garantex, raising serious concerns across the crypto compliance and regulatory landscape. According to Swiss blockchain analytics firm Global Ledger, Grinex has already moved over $1.66 billion through cryptocurrency exchanges worldwide, despite its links to illicit financial activity and red flags raised by watchdogs. The situation highlights both the resilience of illicit crypto operators and the persistent blind spots in global regulatory frameworks.
Grinex’s Rise from Garantex’s Ashes
In March 2025, a coordinated international operation involving US, German, and Finnish authorities succeeded in taking down Garantex, a Russian crypto exchange sanctioned by the US Treasury in 2022 and by the EU in February 2025. The crackdown involved seizing Garantex’s domain names, freezing $27 million in stablecoins by Tether, and confiscating critical infrastructure servers. Shortly after, Garantex appeared to re-emerge as Grinex, according to Global Ledger’s analysis of both onchain and offchain data.
The analytics firm reported that over $60 million in Russian ruble-backed stablecoins were transferred from Garantex to Grinex, suggesting a direct operational and financial link. Testimonies from one of Grinex’s managers confirmed that former Garantex clients were physically visiting the same office and actively transferring funds to the new platform.
Global Ledger has identified Grinex as a “full-fledged successor” of Garantex, now operating under a new name while continuing to process large volumes of crypto transactions.
$1.66 Billion in Exchange Exposure Raises Compliance Alarms
Grinex’s scale of operations has rapidly escalated. By early May, Global Ledger estimated that around $1 billion had already moved through various cryptocurrency exchanges. By the end of the month, this number surged to $1.66 billion involving 180 exchanges, referred to as virtual asset service providers (VASPs). The figure includes both incoming and outgoing transactions.
Notably, these transactions were not obfuscated, many were direct fund flows, devoid of intermediary wallets or mixer services. This simplicity has made it easier for compliance firms like Global Ledger to trace the origin and destination of funds. However, the alarming part is that these transactions are still happening, often involving known and regulated exchanges.
According to Yury Serov, head of investigations at Global Ledger, several exchanges have been notified of the suspicious fund flows. While some acknowledged the warnings, others have remained silent. The names of the involved exchanges remain undisclosed.
Binance, one of the six major exchanges independently contacted by Cointelegraph, was the only one to respond. The exchange stated that while it cannot prevent incoming deposits, it actively blocks and monitors any interaction direct or indirect with sanctioned entities.
USDt on Tron Emerges as a Preferred Channel
A recurring element in Grinex’s fund movements is the use of Tron-based USDt. According to Bitrace, a compliance firm, over $649 billion in stablecoin transactions in 2024 were linked to high-risk addresses, with more than 70% occurring on the Tron network via USDt. Grinex appears to be leveraging this channel to bypass conventional oversight mechanisms.
Tron’s low fees and high speed make it an attractive option for high-volume transactions, including illicit ones. The concentration of suspicious activity in one stablecoin network underlines the urgent need for enhanced compliance tools and protocols tailored to specific blockchain infrastructures.
Despite mounting pressure and increasingly sophisticated blockchain surveillance technologies, actors like Grinex continue to exploit gaps in global compliance regimes, especially where stablecoin regulation is still evolving.
Regulatory Loopholes and the Challenges of Enforcement
Grinex’s case underscores a broader problem in the crypto space: the rebranding and re-emergence of sanctioned platforms. While global regulators have made significant strides, there are still loopholes that allow bad actors to slip through. For example, although some European exchanges have started delisting USDt trading pairs in response to MiCA (Markets in Crypto-Assets) regulations, Global Ledger noted that licensed European exchanges were still indirectly exposed to Grinex.
The problem often stems from regulatory arbitrage. Many crypto exchanges operate in multiple jurisdictions, some with lax regulatory requirements. According to Serov, certain VASPs involved in Grinex-linked transactions are registered in Europe but also operate in countries outside the EU where many Russian nationals have relocated post-Ukraine war. These individuals often hold valid documentation, allowing them to legally interact with EU-licensed exchanges.
This fragmented enforcement environment creates an ongoing cat-and-mouse game between illicit operators and regulators. Alex Katz, CEO of security firm Kerberus, notes that dismantling an exchange is no longer enough. These platforms often rebrand and relaunch within weeks, using new infrastructure and sometimes even the same personnel.
The recent takedown of eXch, a no-KYC platform by German authorities, offers another cautionary tale. Despite the seizure of $38 million and related infrastructure, fund flows from associated wallets continued, indicating that the platform or its network of users might still be active.
