Grinex, an cryptocurrency exchange identified as the alleged successor of the Russian Pantform Sanctionée Guarantsex, would have moved more than $ 1.66 billion in crypto through exchanges, despite the red flags raised by the analysis company of the overall blockchain Ledger.
Guarantx had its infrastructure eliminated by the American, German and Finnish authorities in March and has since moved its operations to Grinene.
Global Ledger initially declared to Cintelegraph that various cryptocurrency exchanges had about $ 1 billion in exposure to the Fund in Grinene in early May.
But the movement did not stop, said the data specialist at the Swiss blockchain. On May 30, researchers increased their estimates due to continuous fund flows in and out of Grinene.
“You can see (the amount is) devastating (and) it develops daily,” said in Cointelegraph Yury Serov, research manager at Global Ledger.
Grinex portfolios continue to move USDT on a tron
According to the Bitrace Compliance Company, $ 649 billion in Stablecoin flows were exposed to high -risk addresses in 2024. The firm said that more than 70% of potentially illegal stablecoin transactions occurred on the TRON network via USDT (USDT).
Grinex’s observed fund flows are also in the USDT based on a tron. At the time of writing the editorial staff, Global Ledger represented $ 2.41 billion in transactional exposure to cryptography and wallet services. In this amount, $ 1.66 billion moved into and outside 180 cryptocurrency exchanges, also called virtual active service providers (VASP).
“Let’s say that there is a VASP sending funds and another VASP that receives them. By virtue of the travel rule recommendations, the reception Vasp must obtain key details, such as the name of the Vasp of sending and other relevant identification information,” said Serov.
In relation: Canada is lagging behind with a Stablecoin approach, but there is room to catch up
Global Ledger refused to appoint the exchanges exposed to Grinene transfers, but said that some had been informed of his suspicious analysis of the flow of funds.
“Some of them have received comments indicating that they have recognized what we have provided to them,” said Serv, adding that some of his communication attempts have remained unanswered.
Cointtelegraph has independently contacted six of the largest cryptographic companies in the world operating worldwide to wonder if they had been informed of Grinene’s funds or detected.
Among the exchanges contacted, only Binance replied, declaring that it monitors and blocks direct and indirect exposure to sanctioned individuals and entities.
“Although it is not possible to avoid incoming deposits, we take measures against customers. We also prevent users from sending funds to addresses related to sanctions,” said exchange spokesman.
Many transactions identified by the major world book were direct interactions, which means that no intermediate or obscure technique address was used to transfer Grinex funds to the exchanges exposed.
Cointelegraph tried to contact Grinene but did not receive an answer by publication.
Grinex emerges from the Shadow of Guarantx
In March, the American and European authorities announced an international operation coordinated to disrupt Guarantex services. As part of the repression, Tether froze $ 27 million in stablescoins detained on the Russian stock market sanctioned.
The American police said that they had seized domain names linked to Garantex, while the German and Finnish authorities confiscated servers welcoming the exchange infrastructure. US officials also said they had obtained previous server copies containing customer and accounting data. Guarantex would have treated around $ 96 billion in cryptographic transactions since April 2019.
In relation: Crypto swapper exch shows signs of life after stopping after the Bybit
A few days later, the Central Investigation Office of India arrested Aleksej Bešciokov, accused of Garantex, for money laundering.
Guarantx would then have resurfaced as Grinex, according to ONCHAIN data and excluding chain analyzed by Global Ledger. The company indicated that Garantex had moved more than $ 60 million in Russian stablecoins supported by the ruble in Grinex, which it described as the “full successor” of the exchange.
Global Ledger added that one of Grinene’s directors said that customers had personally visited the Garantex office and actively transferred Garine’s Guaxe funds.
Guarantx was sanctioned by the US Treasury in 2022 and by the European Union in February 2025.
Grinex shows how platforms survive repression
At the start of blockchain technology, cryptocurrencies offered cybercriminals a practical way to move money because of their decentralized and largely unregulated nature.
Today, the asset class has matured, arousing an increasing interest in institutions and even nation states. This change accelerated regulatory discussions and motivated the development of advanced security tools to follow illicit transactions. Several countries have now created specialized units dedicated to crypto.
Despite this progress, significant dead angles remain and illicit actors continue to exploit regulatory arbitration.
For example, some USDT Grinene flows have been linked to licensed cryptocurrency exchanges and European-oriented. In the EU, the exchanges began to radiate the trading pairs of the USDT to comply with the block markets in the regulatory framework of crypto-sets (Mica), which imposes strict requirements on stablecoin issuers.
“These entities have licenses in Europe, but they also actively operate in countries outside the EU which have become a major destination for Russian immigrants after the war,” said Serv. “Our hypothesis is that many still reside there legally with documentation which allows them to interact with the Vaspes focused on the Euro.”
While sanctioned platforms and illicit crypto companies have recently been closed, Alex Katz, CEO of the Kerberus security company, warned in a previous interview with Cointtelegraph that these entities often rename and continue to operate under new names.
Recently, EXCH, an exchange of crypto without client-client (No-KYC), was dismantled by the German authorities, which seized $ 38 million and related infrastructure. However, security instructors have said that continuous fund flows involving associated portfolios, suggesting that the platform could still serve key customers in stealth mode.
Review: Coinbase Hack shows that the law will probably not protect you: here is why
