Inside Putin's cold war of cryptocurrencies: How Russia evaded Western sanctions in 2025
The Russian-Ukrainian war has been ongoing for nearly four years now. Western sanctions aimed to financially isolate Russia. Instead, they were forced to adapt.
In 2025, BeInCrypto began documenting how Russia and Russia-related entities are rebuilding payment methods using digital currencies. What emerged was not just an exchange or a single token, but a resilient system designed to survive freezing, confiscation, and delays in execution.
These investigations reconstruct this system in chronological order, based on forensic chain analysis and interviews with investigators tracking flows.
The first warning signs were not crime.
Early signals did not indicate ransomware markets or the dark web. They indicated trade.
Authorities began asking new questions about how money crossed borders for imports, how to pay for dual-use goods, and how settlements were made without banks.
Meanwhile, chain data showed significant activity in Russian OTC desks. Exchanges hosting Russian liquidity also saw an increase in transaction volume, particularly in Asia.
Meanwhile, Telegram groups and dark web forums openly discussed sanctions evasion. These were not covert conversations. They described practical ways to move value across borders without banks.
The method was simple. OTC desks accepted rubles locally, sometimes in cash. They issued stablecoins or digital currencies. Those digital currencies then settled abroad, where they could be converted into local currency.
Garantex was running a digital currency laundering center in Russia.
Garantex played a crucial role in this ecosystem. It acted as a liquidity hub for OTC desks, migrants, and trade-related payments.
Even after early sanctions, it continued to interact with organized exchanges abroad. This activity persisted for months.
When enforcement actions finally escalated, the expectation was disruption. But what followed was preparation.
"Even people leaving Russia were still using Garantex to move their money. If you were trying to move to places like Dubai, this had become one of the main ways to transfer money once traditional banking routes were severed. For many Russians trying to leave the country, Garantex became a practical exit route. It was one of the few ways to transfer money abroad after banks and SWIFT were no longer an option," said Lex Visen, CEO of Global Ledger.
The seizure led to the smuggling of reserves.
On the day Garantex's infrastructure was seized in March 2025, an Ethereum wallet linked to the merger quickly consolidated over 3,200 Ethereum. Within hours, nearly the entire balance moved to Tornado Cash.
That step was significant. Tornado Cash does not facilitate payments. This breaks the transaction history.
Days later, dormant Bitcoin reserves began to move. Wallets that hadn’t touched them since 2022 consolidated Bitcoin. This was not panic selling. It was treasury management under pressure.
So, it was clear that assets outside the control of stablecoins were still available.
A successor emerged almost immediately.
And as access to Garantex faded, a new service emerged.
Grinex quietly launched and began supporting USDT. Tracked flows traversed TRON and connected to the infrastructure associated with Grinex. Users reported their balances reappearing under the new name.
"This may have been the most transparent renaming we've ever seen. The name was almost the same, the location was almost the same, and users who lost access to Garantex saw their balances reappear on Grinex," said Visen to BeInCrypto.
In late July 2025, Garantex publicly announced payments to former users in Bitcoin and Ethereum. Chain data confirmed that the system was indeed active.
At least $25 million in cryptocurrency was distributed. Much of it remained untouched.
The distribution structure followed a clear pattern where reserves were distributed across mixers, aggregation wallets, and cross-chain bridges before reaching users.
Ethereum payments used deliberate obscurity. Funds flowed through Tornado Cash, then to a DeFi protocol, and across multiple chains. Transfers moved between Ethereum, Optimism, and Arbitrum before reaching payment wallets.
Despite the complexity, only a small portion of ETH reserves reached users. Over 88% remained unchanged, indicating that payments were still in their early stages.
Bitcoin payments revealed a different vulnerability.
Bitcoin payments were simpler and more centralized.
Investigators identified several payment wallets linked to a single aggregation center that received nearly 200 Bitcoin (BTC). That center remained active months after the episode.
The most revealing was where the money touched afterward.
Source wallets repeatedly interacted with deposit addresses linked to one of the largest centralized trading platforms in the world. The transaction "changed" was constantly progressing toward change.
Why did Western sanctions struggle to keep pace?
Western sanctions were not absent. They were delayed, uneven, and slow to implement.
By the time Garantex was fully disrupted, investigators had already documented billions of dollars flowing through its wallets.
Even after sanctions were applied, the exchange continued to interact with organized platforms abroad, exploiting delays between classification updates, enforcement, and compliance.
The fundamental problem was not a lack of legal authority. It was due to the speed mismatch between sanctions enforcement and crypto infrastructure. While regulators operate over weeks or months, digital currency systems redirect liquidity within hours.
"Sanctions work on paper. The problem lies in enforcement. Billions can still move because system enforcement is slow, fragmented, and often lags behind the speed at which digital currency systems adapt. The issue is not that sanctions don’t exist. It’s that they are imposed far too slowly for a system that moves at the speed of digital currencies," said the CEO of Global Ledger.
This gap allowed Garantex to adapt. Wallets were frequently rotating. Hot wallets changed unexpectedly. Remaining balances were moved in ways that mimicked normal exchange activity, making automated compliance systems less effective.
The private sector struggled to keep up. Banks and exchanges balanced compliance obligations with transaction speed, customer friction, and operational costs.
In this atmosphere, exposure could pass when activities didn’t raise clear warning signs.
By October 2025, the payment infrastructure was still active. Reserves remained. Paths stayed open.
This was not an exchange collapse, but an evolution of a system.
Russia's strategy for digital currencies in 2025 showed how a sanctions-hit economy adapts by building parallel lines, maintaining liquidity, and redirecting it when banned.
