🇷🇺
critical Risk

Russian Federation

The largest nation-state cryptocurrency threat by volume, with over $12 billion processed through sanctioned exchanges Garantex and Cryptex, supporting ransomware operations and sanctions evasion.

62

Active Wallets

$12.00B

Total Volume

5

Threat Actors

15

Active Alerts

Executive Summary

Russia represents the highest volume nation-state cryptocurrency threat, with over $12 billion processed through sanctioned infrastructure. The ecosystem primarily revolves around two major sanctioned exchanges: Garantex (designated April 2022) and Cryptex (designated September 2024).

Key threat vectors include:

  • Sanctioned cryptocurrency exchanges (Garantex, Cryptex, Grinex)
  • Ransomware payment processing infrastructure
  • GRU and FSB cyber operations funding
  • Post-invasion sanctions evasion networks

Following the 2022 invasion of Ukraine, Russia significantly expanded its cryptocurrency infrastructure to circumvent unprecedented Western sanctions. The U.S. Treasury has designated multiple Russian exchanges and hundreds of associated wallet addresses.

Threat Actors

GRU Unit 74455 (Sandworm)

HIGH CONFIDENCE

Also known as: Sandworm, Voodoo Bear, TEMP.Noble

$500.00M

Estimated Volume

Russian military intelligence unit involved in cyber operations and cryptocurrency usage for operational funding.

First Observed

2008

Active Wallets

18

Last Activity

2024-02-15

Primary Targets

3 categories

Tactics

Ransomware operations Cryptocurrency laundering Sanctions evasion

Primary Targets

Critical infrastructure Government systems Financial networks

Garantex Exchange

OFAC DESIGNATED

Designated April 5, 2022

Moscow-based cryptocurrency exchange that facilitated over $6 billion in transactions, including processing funds for ransomware groups like Conti and Hydra Market darknet transactions. Despite sanctions, continues operating as "Grinex" with new addresses.

$6B+

Total Volume

245K+

Transactions

Active

Status (as Grinex)

Ransomware Darknet Sanctions Evasion Rebranded

Cryptex Exchange

OFAC DESIGNATED

Designated October 1, 2024

Russian cryptocurrency exchange designated for facilitating ransomware payments and sanctions evasion. Processed nearly $6 billion before designation, with significant connections to ransomware-as-a-service operations.

$5.88B

Total Volume

198K+

Transactions

Disrupted

Status

Ransomware RaaS High Volume

OFAC Designated Wallets

2 addresses tracked
Address Chain Entity Received Txns Risk
0x7F367c...DEbe1B
ethereum

Garantex Exchange

Designated: 2022-04-05

$6.00B 245,000 100
0x2f389c...4f6535
ethereum

Cryptex Exchange

Designated: 2024-10-01

$5.88B 198,000 100

These addresses are officially designated by the U.S. Treasury's Office of Foreign Assets Control (OFAC). Transactions with these addresses may violate U.S. sanctions laws.

Ransomware Ecosystem

Russia-linked ransomware groups have extracted over $1.5 billion from victims worldwide, with payments frequently processed through Garantex and Cryptex infrastructure. Key ransomware operations include:

Conti

$180M+

Extorted since 2020

REvil

$200M+

Before disruption

LockBit

$500M+

Ongoing operations

BlackCat

$300M+

Active threat

Darknet Market Connections

Russian cryptocurrency infrastructure also supports darknet marketplace operations. The now-defunct Hydra Market processed over $5 billion before its seizure in 2022, with significant transaction flow through Garantex.

Hydra Market

Seized April 2022

$5.2B

Solaris

Disrupted 2023

$150M

Kraken

Active monitoring

$80M+

Integrate Russia Threat Data

Access Russia-linked threat intelligence via our free API

API Request
curl -X GET "https://api.nsctip.com/v1/nations/russia" \
  -H "X-API-Key: YOUR_API_KEY"