What is Global Ledger?

Global Ledger is a Swiss blockchain analytics company delivering fast, end-to-end AML compliance and investigation tools. Founded in 2019, we support over 2,000 digital assets and manage a database of over 700 million attributed addresses, updated daily. We perform 250,000 AML checks and monitor 30 million wallets every day. With an average response time of just 500ms and private server deployment options, Global Ledger combines speed, scale, and security.

Which blockchains does Global Ledger analyse?

Currently, the following blockchains are supported: Bitcoin (BTC) Bitcoin Satoshi Vision (BSV) Litecoin (LTC) Ethereum (ETH), including top tokens Tron (TRX), including top tokens Binance Coin (BNB) Polygon (MATIC) Arbitrum (ARB) Base (ETH) Avalanche (AVAX) Moonbeam (GLMR) Polkadot (DOT) Solana (SOL) TON.

How is the GL Score calculated?

The GL Score is a number from 0 to 100 that shows the degree of risk: low, medium, and high. Each score is represented by a corresponding color: green indicates low risk, yellow indicates medium risk, and red — high risk. The risk score is derived from the assessment of the riskiness of sources contributing to a requested address or transaction. To calculate the score, the algorithm analyzes incoming transactions, assesses the risk of identified sources, and calculates a score on a scale from 0 to 100. This score provides an indication of the potential level of risk associated with the address or transaction based on the evaluated sources and their associated activities. Learn more about risk score calculation from our blog article.

What are your data sources?

The Global Ledger team regularly collects and constantly analyses publicly available information, open data from the top blockchains, replenishes the internal information base by conducting its own investigations, as well as data purchased from reliable vendors.

What if I need help ASAP?

Our support team stays in touch 24/7 to provide clients with the most comfortable service and experience in case of unexpected hacks or cyberattacks. Please send your request with a brief description of your case to contact@globalledger.io, and our manager will reach you shortly.

Russia Sanctions: EU's 20th Package and What It Means for Crypto

On April 23, 2026, the Council of the European Union adopted the 20th package of sanctions against Russia, described as the largest measures in two years. For crypto asset businesses and compliance officers, one question matters: does your AML programme cover what's now prohibited before it becomes a regulatory problem?

This article covers what the 20th Russia sanctions package changed, why the Garantex–Grinex–A7A5 story is still unfinished, and what your sanctions screening program needs to cover right now to stay compliant.

Key Takeaways

The 20th package prohibits EU persons from engaging in transactions with crypto-asset service providers established in Russia, as well as platforms established in Russia that facilitate the exchange or transfer of crypto-assets.
The same package targets payment agents facilitating cross-border payments for Russian entities through netting or mirror account schemes — the off-chain layer of the same evasion infrastructure.
RUBx and the digital Russia ruble join A7A5 on the EU's prohibited crypto asset list.
From its launch over a year ago until the hack (and subsequent suspension), Grinex — a Garantex-linked exchange — processed $16.54 billion worth of USDT and A7A5. This is precisely the pattern the EU's 20th package was designed to disrupt: flows that continue long after a designation.
The Garantex → Grinex → A7A5 evasion chain shows that designating individual platforms is not enough. The EU has now moved to a sector-level approach.
For financial institutions and crypto businesses, indirect exposure to Russian-linked flows several hops away from your direct counterparty can carry real regulatory risk, which is why continuous monitoring and entity due diligence now matter more than ever.

The EU's 20th Package of Russia Sanctions, Explained

The 20th package of EU sanctions against Russia was adopted on April 23, 2026. The crypto-specific measures are effective from May 24, 2026, giving businesses roughly one month to update their screening and onboarding processes.

The most significant change for the crypto sector: EU persons – including EU-regulated crypto asset service providers (CASPs) – are now prohibited from engaging in transactions with any crypto-asset service provider established in Russia, whether or not that provider has been individually designated.

Every previous package targeted named platforms. This one targets the category. In practice, it means a newly launched Russian exchange sits in the same position as a sanctioned one, the moment it opens.

Here is what the new sanctions on Russia specifically prohibit in the crypto space:

Transactions with any crypto-asset service provider established in Russia, including exchanges, custodians, transfer providers, and platforms established in Russia that enable the transfer or exchange of crypto-assets.

Engaging in transactions involving prohibited crypto-assets: RUBx and the digital rouble join A7A5 on the EU's prohibited list (Annex LIII). A7A5 was already prohibited under the 19th package. All three are now off-limits to EU persons from May 24.

Transactions with payment agents that settle Russian cross-border trade through netting or mirror account schemes, where debts cancel on paper and no funds physically cross the Russian border. For VASPs, this matters because the netting layer and the on-chain settlement layer serve the same evasion purpose — the EU targeted both deliberately.

The 20th package also marks the first activation of the EU's anti-circumvention tool — a mechanism introduced with the 11th sanctions package in 2023. The tool allows the EU to impose targeted trade restrictions involving specified goods and jurisdictions identified as presenting systematic circumvention risks.

On the financial side, the package also includes:

Transaction bans on 20 Russian banks
Restrictions on four third-country financial institutions connected to Russia's SPFS — the domestic messaging system Russia uses as a SWIFT alternative
120 individual designations, the largest single-package count in two years.

RUSSIAN DARKNET 2025: CEX EXPOSURE SNAPSHOT

Read our detailed investigation on top Russian darknet marketplaces and their deposit and withdrawal methods with ties to top licensed centralized exchanges.

Read Full Investigation

To understand how the 20th package fits into the broader sanctions picture and why crypto has become a central enforcement focus, here is how the measures have escalated since 2022.

The Full List of Sanctions Against Russia: A Timeline of Crypto-Specific Measures

Russia is now the most sanctioned country in the world. Over 40 countries have imposed some form of restrictive measures, including all G7 members. Understanding how many sanctions are on Russia — and how the crypto-specific measures have escalated — matters because the compliance perimeter is shaped by every jurisdiction your business operates in.

Here is the Russia sanctions timeline with a focus on crypto:

Period	Key development
Apr 2022	OFAC designates Garantex for laundering funds from darknet markets and ransomware gangs — the first major Russia-linked crypto exchange sanctioned.
2022–2023	EU packages 1–11: focus on energy, finance, individuals; anti-circumvention tool introduced (11th package).
2024	Escalating pressure on third-country circumvention corridors; growing on-chain evidence of A7A5 as a sanctions-evasion instrument.
Mar 2025	US authorities seize Garantex's USDT holdings; Garantex sanctions — Grinex immediately emerges using A7A5 as a bridge.
Aug 2025	OFAC re-designates Garantex Europe (citing $100M+ in illicit transactions) and adds Grinex to the SDN list.
Oct 2025	EU 19th package: A7A5 stablecoin banned; first targeted sanctions on crypto exchanges and providers.
Apr 2026	EU 20th package: ban on transactions with Russia-established CASPs and Russia-established crypto exchange or transfer platforms; RUBx and the digital rouble added to prohibited asset list; anti-circumvention measures expanded.

The Garantex–Grinex–A7A5 Chain: How Russia Crypto Sanctions Circumvention Works

To understand why the EU moved from entity-level to sector-level designations, it's necessary to trace the evasion architecture that made individual listings ineffective. This is also the architecture the 20th package was specifically built to close.

Here is how the chain unfolded.

Garantex — the exchange that wouldn't stay sanctioned

Garantex was first sanctioned by OFAC in April 2022 for processing funds tied to darknet markets and ransomware gangs. It kept operating anyway — for nearly three years.

In March 2025, US authorities seized Garantex's USDT holdings in a coordinated international operation. The exchange was shut down. But shutting down a platform, it turned out, was only half the problem.

Grinex — the successor that was ready

Within weeks of the Garantex seizure, funds began flowing to a new exchange: Grinex.

Grinex wasn't a coincidence. It emerged directly from Garantex's user base and infrastructure. The migration was made frictionless by a single instrument: A7A5, a ruble-backed stablecoin that let customers move their liquidity to the successor platform without touching the global banking system. No wire transfers. No monitored corridors. No alerts.

The mechanism worked on three principles:

A7A5 bridged liquidity between the shuttered exchange and its replacement
No dollar-denominated international transfer was required
Licensed centralized exchanges remained the primary liquidity venues throughout.

Sanctions Evasion: How Russia’s Flows Reached Top CEXs

How Russia moved illicit liquidity through the crypto ecosystem between 2022 and 2025, including flows to top CEXs — read more on our special investigation.

See More Details

Grinex halts but the architecture doesn't

In April 2026, Grinex halted trading following a reported hack. Global Ledger on-chain analysis found that approximately $19.38 million was drained from Grinex's customer deposit wallets on the TRON network in a single coordinated operation.

The hack matters. But the bigger compliance story is what the on-chain record shows about the months leading up to it.

From its launch over a year ago until the hack (and subsequent suspension), Grinex processed $16.54 billion worth of USDT and A7A5:

$7.29 billion before OFAC sanctions (March 6 – August 14, 2025)
$9.25 billion after sanctions (August 15, 2025 – April 15, 2026)

Sanctions cut monthly volumes — but did not stop the flows. And the structure of what remained is what should concern compliance teams most: after designation, Grinex became more reliant on licensed, regulated platforms to move money, not less.

According to Global Ledger's investigation, $1.75 billion USDT was sent by Grinex to low- and medium-risk exchanges, including major licensed CEXs.

      This pattern is the direct result of a purpose-built infrastructure — connecting Russian crypto mining, the A7A5 stablecoin, and top-tier exchanges — designed to route sanctioned liquidity through the system while appearing normal. Russia sanctions evasion isn't a "bug" in the system. It's the system. And the EU's 20th package is specifically built to stop it. 
    

Russia Sanctions Screening: What Your Compliance Program Must Cover Now

The 20th package changes the practical scope of Russia sanctions compliance for any crypto business within the EU. Start with these four questions — they will define the next steps in your compliance workflow.

Here are four key questions to ask:

1) Is this counterparty established in Russia?

The sector-level ban means any CASP with its operational nexus, legal registration, or core infrastructure in Russia is now off-limits to EU persons — whether or not it's been individually designated. Identifying this requires more than a name match.

It requires a clear understanding of the entity with ownership chains, jurisdictional registration, and where the entity actually operates from. A platform incorporated offshore but functionally running from Moscow is a Russia-established CASP.

2) Does this transaction involve a prohibited crypto asset?

Three state-linked instruments are now subject to transaction prohibitions under EU law: A7A5 (since 25 November 2025), RUBx (from 24 May 2026), and the digital ruble (from 24 May 2026).

      If your platform processes transactions touching wallets that hold these tokens — even indirectly — you may have exposure. Cross-asset, cross-chain screening is now a baseline expectation, not a premium feature. 
    

3) Does this flow use a netting or set-off settlement pattern?

The payment agent prohibition targets a mechanism, not just specific entities. Mirror accounts and netting schemes — where debts cancel across borders without funds actually crossing them — are exactly how Russian trade finance has been keeping flows off-screen.

      The mechanism-based framing means compliance teams should be asking whether their counterparties' settlement patterns match the prohibited structure, not just whether their names appear on a list. 
    

4) How deep is the indirect exposure?

Grinex-type exposure doesn't always appear directly. It can sit two, three, or five hops away in a transaction chain. Under OFAC rules, strict liability applies: processing sanctioned funds unknowingly is not a defense but a potential violation.

      One more thing worth noting here. The EU's 20th package, combined with the incoming Anti-Money Laundering Regulation (AMLR) that will apply to CASPs from July 10, 2027, means that the compliance infrastructure crypto businesses build now will need to carry the full load of AML-plus-sanctions convergence within 18 months. Getting your Russia sanctions screening program right before May 24 is not just about the 20th package. It's about building the foundation for what comes after it. 
    

EU Russia Sanctions: What Will Change for Crypto Businesses

The EU's 20th package coming into force doesn't mean your business has done anything wrong. It means the perimeter has shifted — and exposure that didn't exist yesterday may exist today, sometimes several hops away from any decision you made. The goal isn't to alarm, but to help you find it before a regulator does.

The changes are layered, but manageable if you approach them systematically. Here is a practical checklist:

Update your onboarding and counterparty due diligence

Add jurisdiction of establishment as a mandatory screening field for CASP counterparties. A Russian-established exchange is now prohibited regardless of whether it appears on a named list.
Apply enhanced due diligence to any counterparty with operations, ownership links, or a significant user base in Russia or in high-risk third-country corridors where Russian flows have been documented.

Entity Database feature in the Global Ledger platform. Source: Global Ledger

Expand your prohibited asset screening

Add RUBx and the digital ruble to your blocked asset lists before May 24.
Confirm A7A5 remains on your blocked list — it has been prohibited under EU law since November 2025.
Monitor for new stablecoin instruments that may emerge as successors.

Review your transaction monitoring for netting patterns

Identify any settlement relationships that involve netting or set-off arrangements connected to Russian-origin trade.
Check whether any payment intermediaries in your flow match the mechanism described in the 20th package, even if they are not among the four named operators. The prohibition is mechanism-based — new names will follow.

Audit your indirect exposure

Run a counterparty exposure review across your top-tier exchange relationships. Global Ledger data shows licensed platforms processed approximately $13 billion in sanctioned funds including Russian-origin flows. This kind of exposure is often invisible through standard screening — which is exactly why it's worth checking proactively.
Consider regularly generating detailed entity exposure reports for counterparties operating in Central Asian, Caucasus, and Gulf corridors where Russian liquidity has been documented as concentrating.

Entity Exposure Report feature in the Global Ledger platform. Source: Global Ledger

Document your compliance decisions

OFAC's enforcement approach recognizes good-faith compliance efforts. Keeping clear records of your screening methodology, decision logs, and due diligence steps taken on Russia-adjacent counterparties shows that your program is working as it should — and in a strict-liability environment, that documentation matters.

Make sure you’re not exposed to sanctioned entities — double-check with the Global Ledger sanctions screening toolset.

Check Exposure

Conclusion

The EU's 20th sanctions package does not eliminate Russia sanctions evasion. Instead, it reflects a shift from naming individual platforms to banning entire categories, blocking state-designed instruments before they scale, and targeting the settlement mechanisms. It signals that enforcement is finally catching up to the evasion architecture.

What the Garantex–Grinex–A7A5 chain illustrates is how quickly infrastructure can be reconstituted after enforcement actions, allowing illicit activity to continue under new branding and technical layers.

Effective sanctions compliance now requires continuous visibility into counterparty relationships, indirect exposure, and asset-level risk across evolving networks.

Global Ledger's sanctions screening solution provides compliance teams with the tools to identify Russia-linked exposure before it becomes a regulatory issue. It allows cross-chain transaction tracing in visual format, detailed entity exposure reports with transaction risk breakdown, and real-time monitoring across all major blockchains covering 98% of total market cap.

Check Exposure to Sanctioned Entities
to Support Compliance Decisions

Schedule a Demo

FAQ

How do sanctions on Russia work?

Russia sanctions prohibit persons and businesses in sanctioning jurisdictions from transacting with designated individuals, entities, or — as of the EU's 20th package — crypto-asset service providers established in Russia and Russia-established crypto exchange or transfer platforms. For crypto businesses, this means screening counterparties, wallets, and assets at the point of onboarding and on an ongoing basis. Under frameworks like OFAC, strict liability applies: unknowing exposure is not a defense, which is why proactive Russia sanctions screening matters more than ever.

How many countries have sanctions against Russia today?

Over 40 countries have imposed some form of restrictive measures, including all G7 members. The EU's frameworks are the most detailed and regularly updated. The US, UK, and EU maintain the most consequential financial sanctions programs, but compliance teams at global businesses need to track all applicable regimes.

What further sanctions could be imposed on Russia?

The EU has signalled that additional payment agents will be named under the netting prohibition, and the anti-circumvention tool could be extended to other high-risk corridors. On the crypto side, any successor instruments to A7A5 or new exchanges absorbing Russian flows are likely to be designated quickly — the regulatory response is now significantly faster than it was in the Garantex era.

What is the A7A5 stablecoin, and why does it matter?

A7A5 is a ruble-pegged stablecoin that has served as the primary bridge asset in Russia's crypto sanctions-evasion architecture. It replaced USDT as the transfer instrument after Garantex was shut down, routing illicit Russian liquidity through Grinex and the Kyrgyz exchange Meer. A7A5 was banned by the EU under the 19th package (October 2025) and is already on US and UK sanctions lists. By early 2026, public blockchain data indicated substantial cumulative on-chain transaction activity associated with A7A5.