Grinex, A7A5, and the Crypto Comeback Nobody Wanted

In March 2025, law enforcement agencies shut down Garantex, a notorious cryptocurrency exchange that facilitated illicit financial activity. But as history has shown, the fall of one platform often marks the rise of another. Now, all eyes are on Grinex – a similar exchange that’s now doing the work of Garantex.

Background

Grantex had operated for years as a hub for illicit cryptocurrency transactions, processing over $100 billion in volume. Alarmingly, 82% of that traffic was linked to sanctioned entities, including ransomware gangs, darknet markets like Hydra, and authoritarian regimes.

Despite being sanctioned by the U.S. Office of Foreign Assets Control (OFAC) in April 2022, Garantex continued to operate until March 6, 2025, when it announced via Telegram that it would temporarily shut down following the freezing of $28 million in USDT by Tether.

Rise of Grinex

Soon after Garantex’s shutdown, Telegram channels affiliated with the platform began promoting Grinex, a new exchange boasting “familiar functionality.” Though initially mentioned in August 2022, Grinex only gained traction after Garantex’s fall, with prominent Garantex-aligned communities such as the Satoshkin group touting it as a natural successor.

Grinex’s connections to Garantex are difficult to ignore. It was registered in Kyrgyzstan on December 23, 2024, by Duulat-eldar Sagynbeki Subankulov, an individual believed to be a former professional gamer. In online discussions, users noted striking visual and operational similarities to Garantex. Fuelling suspicions further, Grinex openly announced an agreement to onboard Garantex clients and hire former employees. It even launched a token, A7A5, to facilitate the recovery of frozen Garantex assets.

A7A5: New Sanction-Evasion Tool ?

The A7A5 token emerged just two weeks before Garantex’s takedown. Marketed as a 1:1 stablecoin pegged to the Russian ruble, it is available on Ethereum and TRON and listed on a little-known exchange called BiFinance, allegedly founded by a shadowy figure known only as “Bob“.

TRM Labs detected large-scale fund transfers into A7A5 from Garantex addresses as early as January 2025, indicating a premeditated strategy to evade sanctions. The token is promoted as a method for Garantex users to reclaim frozen assets and promises daily profit-sharing, anonymity and features tailor-made for sanctions evasion.

A7A5’s corporate origins also raise red flags. It was launched by a Kyrgyz company called Old Vector, registered at a residential building in Bishkek on address linked to several shell companies.

The same day, another firm, Trust Corporation, was registered at the same location. There are unconfirmed links to Promsvyazbank’s A7 platform, suggesting a possible cross-border finance conduit built to circumvent global sanctions.

Beyond Grinex

The vacuum left by Garantex has prompted other high-risk platforms to seize market share. Two exchanges ABCEX and Rapira have seen surges in both transaction volume and user activity since March 2025. ABCEX, directly connected to Garantex founder Sergey Mendeleev, was Garantex’s third-largest on-chain counterparty.

Around the time of the Garantex crackdown, ABCEX reportedly suffered a DDoS attack, while Telegram channels speculated about a police raid in Moscow. The exchange is under investigation for enabling transactions linked to the March 2024 Crocus City Hall terrorist attack and has long been associated with illicit gambling and money laundering.

Meanwhile, Rapira has increasingly become the platform of choice for displaced Garantex users. With documented exposure to sanctioned entities and active on-chain links to Grinex, Rapira has seen its transaction volume continue to climb in April 2025, even as activity on ABCEX declines.

The Bottom Line

Garantex’s takedown was a major win for global financial regulators, but the rapid emergence of Grinex, Rapira and ABCEX shows the adaptability of the illicit crypto economy.

New tokens like A7A5 and opaque corporate structures in permissive jurisdictions demonstrate how sanctioned entities continually find ways to regroup and rebuild. As these actors evolve, so too must the tools and strategies used to monitor, regulate, and ultimately dismantle them.

Source:hxxps[://]www[.]trmlabs[.]com/resources/blog/grinex-emerges-as-likely-garantex-rebrand

Follow Cybersecurity88 on X and Linkedin for the latest cybersecurity news