Warning

Please be vigilant about TRM impersonation scams, especially those claiming to assist with fund recovery. More info

Solutions
Products
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Insights
May 26, 2026

UK Designates Huobi, Exmo, Bitpapa, and 11 Other Entities for Russian Crypto Sanctions Evasion

TRM Team
UK Designates Huobi, Exmo, Bitpapa, and 11 Other Entities for Russian Crypto Sanctions Evasion

Key takeaways

  • The UK designated 18 entities and individuals on May 26, 2026 — including Huobi Global, Exmo, Bitpapa, Rapira, and Aifory Pro — under the Russia (Sanctions) (EU Exit) Regulations 2019, targeting the A7 network of crypto and banking infrastructure the UK says fuels Russia's war economy.
  • TRM data shows Huobi alone has sent more than USD 4.9 billion to UK-sanctioned and A7-network entities since 2021, with USD 1.13 billion of that flowing in just the 14 months after Garantex's March 2025 takedown.
  • Huobi flows to the specific successor-exchange set named today (Rapira, Aifory Pro, Grinex.io, ABCex, A7, A7A5) grew 10x post-takedown, from USD 111 million to USD 1.13 billion — with the A7 network alone absorbing USD 838 million (a 193x jump).
  • Bitpapa is now under a third national sanctions regime (OFAC March 2024, Ukraine July 2025, UK May 2026), reflecting the limits of unilateral enforcement and signaling that multilateral coordination is the response.
  • Compliance teams should monitor transaction flows to "successor" exchanges and service providers — not just sanctioned entity names.

{{horizontal-line}}

Overview

On May 26, 2026, the UK government designated 18 entities and individuals — including Huobi Global (HTX), Exmo Exchange, Bitpapa, and Rapira Group — as part of a package targeting cryptocurrency exchanges and illicit networks exploited by Russia. The action focuses on the exchanges, banks, and corporate vehicles helping channel value through cryptocurrency to fund Russia's war economy. The designations largely track the pattern TRM has documented across the post-Garantex sanctions-evasion ecosystem — high-volume exchanges, ruble-onramp peer-to-peer platforms, and the A7 corporate-and-token infrastructure that emerged after the March 2025 Garantex takedown.

TRM data shows Huobi alone has sent more than USD 4.9 billion in direct on-chain transactions to the entities the UK sanctioned today, the previously sanctioned Russia-linked exchanges they succeeded, and a smaller set of related Russia-linked high-risk platforms — including USD 1.2 billion in the 14 months following Garantex's takedown, with USD 838 million of that flowing to the A7 network specifically.

What happened

The UK Foreign, Commonwealth and Development Office (FCDO) issued the designations under the Russia (Sanctions) (EU Exit) Regulations 2019, citing what officials called the "A7 network" — a Kremlin-backed infrastructure system that moved over USD 90 billion in the previous year, roughly equivalent to half of Russia's annual military budget.

The designations cover cryptocurrency exchanges, a Kyrgyz bank, Georgia-registered trading platforms, corporate vehicles, and a virtual asset issuer. All listed entities are subject to asset freezes; UK-regulated firms are prohibited from making funds or economic resources available to them.

Foreign Secretary Yvette Cooper said: "If the Kremlin thinks it can evade our sanctions by hiding behind crypto networks and shadow financial systems, it is gravely mistaken."

The published list includes the following 14 entities:

  • Exmo Exchange Limited
  • Nueva Cryptologia, Sociedad Por Acciones Simplificada de Capital Variable (S.A.S. de C.V.), d.b.a. ABCex
  • Arvix Limited Liability Company
  • Rapira Group LLC
  • Alistera Limited
  • Open Joint Stock Company "Eurasian Savings Bank"
  • Bitpapa IC FZC LLC
  • Sooty Limited
  • Aifory Limited Liability Company
  • Open Joint-Stock Company "State Brokerage Company"
  • Limited Liability Company "Diamond Estate"
  • Trace Road Limited Liability Company
  • Open Joint-Stock Company "Virtual Assets Issuer"
  • Huobi Global S.A.

What we know about the key entities

The most consistent on-chain pattern across the group is the Huobi-to-Russian-network flow: TRM data shows Huobi Global has been a persistent counterparty to nearly every entity in today's UK package, with the shape of that activity shifting dramatically after Garantex's March 2025 takedown.

Huobi (HTX) outgoing flows to UK-designated and A7-network Russian entities, by year, 2021–2026 YTD

Huobi Global S.A.

Since 2021, Huobi (HTX) has sent more than USD 4.9 billion in direct on-chain transactions to the entities the UK sanctioned today, the previously sanctioned Russia-linked exchanges they succeeded, and a smaller set of related Russia-linked high-risk platforms — including USD 1.95 billion to Garantex in 2022, USD 1.18 billion in 2023, and USD 838 million to A7 in 2025 alone. The designation applies to a globally operating exchange with material transaction volume across multiple jurisdictions, and any UK-nexus transaction involving the platform is now prohibited.

Exmo Exchange Limited

Exmo, a Russian-founded exchange, claimed to have exited Russia following the 2022 invasion by selling its Russia-facing operations under the rebranded Exmo.me entity. TRM's blockchain analysis found the two platforms sharing custodial wallet infrastructure, indicating that corporate separation did not produce operational separation. Exmo conducted more than USD 19.5 million in direct transactions with sanctioned entities including Garantex, Grinex, and Chatex. Ukraine sanctioned the Kazakhstan-registered Exmo entity in July 2025.

Bitpapa IC FZC LLC

Bitpapa, a UAE-registered peer-to-peer exchange, was designated by OFAC in March 2024 for facilitating millions of dollars in transactions with sanctioned entities, including Hydra Market and Garantex. TRM's analysis of that action assessed Bitpapa as a high-risk platform operating alongside other Russia-linked exchanges in the broader evasion ecosystem. Ukraine sanctioned the same entity in July 2025. The UK action brings Bitpapa under a third national sanctions regime — a pattern that leaves the entity subject to enforcement across three separate national regimes.

Rapira Group LLC

Rapira is a Georgia-incorporated exchange with a Moscow office that facilitates ruble-based crypto trading. TRM data shows extensive on-chain exposure across the broader Russia-linked sanctions ecosystem: Rapira has transacted more than USD 543 million bilaterally with the entities the UK targeted today and the pre-existing sanctioned Russian network. The largest single relationship — USD 375.6 million with Garantex's named successor Grinex.io — began on March 10, 2025, three days after Garantex was taken down.

Aifory Pro Limited Liability Company

Aifory Pro is a ruble-to-crypto onramp active since mid-2023 with incoming and outgoing volume reaching over USD 3 billion. TRM data shows USD 189 million in bilateral exposure across the broader Russia-linked sanctions ecosystem, with USD 175.2 million of that — 93% — coming from ABCex (mostly inbound: USD 168.7 million from ABCex to Aifory, USD 6.5 million outbound). Aifory also has bilateral exposure to Garantex (USD 9.6 million), Rapira (USD 2.9 million), and the A7 corporate-and-token infrastructure (USD 0.6 million). The pattern positions Aifory as a downstream node receiving value from ABCex's larger operation, not as a primary settlement venue.

ABCex

ABCex is a Russia-based cryptocurrency exchange with historic ties to Garantex co-founder Sergey Mendeleev. TRM has previously identified ABCex as Garantex's third-largest on-chain counterparty and reported that the platform is under investigation for facilitating transactions linked to the March 2024 Crocus City Hall terrorist attack. ABCex's on-chain relationship with Garantex began in October 2023, well before Garantex's takedown.

On-chain data shows ABCex sits at the center of the post-Garantex ecosystem. TRM data shows USD 355 million in bilateral exposure to the UK-sanctioned and A7-network set since 2023, including USD 175.2 million with Aifory Pro (designated today), USD 133.4 million with Garantex, and USD 38.1 million with Rapira. ABCex is the dominant source of inflows to Aifory Pro from the entities designated today — accounting for 96% of Aifory's incoming volume from sanctioned counterparties, including A7.

Eurasian Savings Bank

Eurasian Savings Bank is designated by the UK for supporting the Russian financial sector. Kyrgyzstan has become a key hub for Russia-linked crypto infrastructure since Garantex's disruption — TRM's analysis of the Garantex-to-Grinex transition documented how A7 LLC, co-owned by sanctioned Moldovan oligarch Ilan Shor and state bank Promsvyazbank, relied on Kyrgyz-registered entities for exchange infrastructure and token issuance. The A7A5 ruble-pegged stablecoin processed USD 9.3 billion in four months, according to UK government figures.

The post-Garantex pivot — what the data shows

When an international law enforcement operation led by the US Department of Justice, Germany, and Finland disrupted Garantex on March 7, 2025, TRM tracked whether the ruble-onramp ecosystem would shrink, splinter, or reconstitute. TRM's on-chain data shows the ecosystem reconstituted. Across the broader set of Russian-tagged and A7-network entities, Huobi's monthly flow rate accelerated by 43% in the months following the takedown — from USD 60 million per month before Garantex's disruption to USD 86 million per month after — even as one of the largest individual venues was removed from the network.

Huobi outgoing flows to Garantex-successor exchanges, before and after the March 7, 2025 Garantex takedown. The A7 network (dark blue) absorbs the dominant share.

Concentrated within that broader figure is the specific successor-exchange set the UK designations name today. Huobi flows to the six entities that absorbed Garantex's function — Rapira, Aifory Pro, Grinex.io, ABCex, A7, and Old Vector LLC (A7A5) — grew more than tenfold, from USD 111 million in the 26 months before takedown to USD 1.13 billion in the 14 months after. A7 alone went from USD 4.3 million to USD 838 million — a 193x jump. Grinex.io grew from USD 139,000 to USD 18 million. Rapira from USD 30 million to USD 184 million. The UK designations target this exact set of successor exchanges plus the A7 infrastructure layer.

What this means for compliance teams

All entities in today's action are on the UK Consolidated List. UK-regulated firms must screen against the updated list and freeze any assets or transactions connected to these entities immediately.

The Huobi designation warrants particular attention. TRM data shows the scale of Huobi's Russian-network exposure exceeds the figure cited in the UK press release. Institutions with a UK nexus should assess their Huobi exposure and consider remediating both historical and current exposure points. Moreover, compliance teams should note that the UK ownership test requires more than 50% control by a single designated person, with aggregation across multiple designated owners applying only where a joint arrangement can be evidenced — making ownership structure a key consideration when assessing whether Huobi-related entities fall within automatic asset freeze obligations.

The 10x post-Garantex growth in Huobi flows to successor exchanges, and the 43% acceleration across the broader Russian-network counterparty list, show the same pattern: Russia-linked exchanges have consistently rebuilt after enforcement, replicating interfaces, onboarding former customers, and preserving underlying blockchain infrastructure. The entities in today's action represent the current layer of that pattern, not the end of it.

Compliance programs should monitor for behavioral signals beyond entity names: ruble-to-crypto onramps, P2P platforms serving sanctioned-bank customers, and shared on-chain infrastructure with previously designated entities. Sanctions screening that layers behavioral signals on top of static list matching is essential for detecting successor-flow patterns before the next designation cycle.

TRM's blockchain intelligence covers the A7A5 ecosystem, Garantex's successor exchanges, and Russia-linked virtual asset providers. For questions about coverage of the newly designated entities or transaction exposure analysis, contact TRM.

{{horizontal-line}}

Frequently asked questions (FAQs)

1. What does the UK designation actually require, and who has to act?

The 18 entities are on the UK Consolidated List, and UK-regulated firms are prohibited from making funds or economic resources available to them. Asset-freeze obligations attach immediately. Non-UK firms with UK customers, UK legal entities, or transactions routed through UK infrastructure face direct exposure; firms outside that perimeter still carry reputational and counterparty risk by continuing to transact with the listed entities.

2. What is the A7 network, and why does it keep appearing in Russia sanctions actions?

The A7 network is the corporate, banking, and stablecoin infrastructure that emerged to reconstitute ruble-onramp flows after Garantex's March 2025 takedown. TRM's prior coverage documented how A7 LLC — co-owned by sanctioned Moldovan oligarch Ilan Shor and state bank Promsvyazbank — relied on Kyrgyz-registered entities for exchange infrastructure and issued the A7A5 ruble-pegged stablecoin. Today's UK action designates A7 itself, the A7A5 issuer (Old Vector LLC), and the Kyrgyz bank suspected of facilitating A7 network payments — the first time the network's full stack has been targeted in a single action.

3. Why is Bitpapa now under three different sanctions regimes?

Bitpapa was designated by OFAC in March 2024, by Ukraine in July 2025, and by the UK in May 2026 — the same UAE-registered entity, three separate national regimes, two intervening years of continued operation. The pattern reflects the limits of any single jurisdiction acting alone against a P2P platform with global reach, and it signals that multilateral enforcement is the response. Compliance programs should treat any entity that has absorbed designations across multiple regimes as high-risk regardless of which jurisdiction governs the firm.

4. Did Huobi actually leave Russia after the 2022 invasion?

Public statements from Huobi described a wind-down of Russia-facing activity following the 2022 invasion. TRM's blockchain data shows a different picture. Since 2021, Huobi has sent more than USD 4.9 billion to UK-designated and A7-network Russian entities — including USD 1.18 billion to Garantex in 2023, after the stated wind-down was supposed to be in effect, and USD 838 million to A7 in 2025. The on-chain data shows sustained counterparty exposure to the Russia-linked ecosystem across the full period.

5. How should compliance teams adapt screening to the successor-flow pattern?

Entity-name screening alone misses the pattern this action targets. TRM data shows that when one Russia-linked exchange is taken down, flows route to its successors within months — often to entities not yet sanctioned. Compliance programs should layer behavioral signals on top of name screening: monitoring for ruble-to-crypto onramps, P2P platforms servicing sanctioned-bank customers, and shared on-chain infrastructure with previously designated entities. The entities in today's UK action are the current layer of that pattern, not the end of it.

This is some text inside of a div block.

Related posts

arrow right
BLOG
August 14, 2025

Garantex, Grinex, and the A7A5 Token: A Deep Dive into Sanctions Evasion Networks

arrow right
BLOG
September 3, 2025

The Imitation Game: Following Garantex’s Takedown, Are These High-Risk Exchanges Copying Its Playbook?

arrow right
BLOG
July 21, 2025

Russia Leveraging Kyrgyzstan’s Crypto Ecosystem to Evade Sanctions

No posts to show
No posts to show
No posts to show
No posts to show
No posts to show
Subscribe and stay up to date with our insights
No items found.
Digital illustration showing a pie chart, masked criminal figure, and crypto coin symbol on a data grid background—representing crypto crime analytics.
REPORT
See the trends and typologies that shaped the illicit crypto ecosystem in 2025
READ THE REPORT →
Blue diamond with a circle overlayed in white on a dark blue background
REPORT
Unlocking more clarity for institutional adoption with key crypto policy shifts in 2025
READ THE REPORT →
3D illustration of a blue magnifying glass hovering over a digital fingerprint on a dark background, symbolizing crypto investigations or forensic analysis.
FLIP BOOK
Learn more about common crypto-enabled scam typologies in our "Investigating Crypto Scams" flip book
Get your copy →
Illustration of a stablecoin represented by a dollar symbol surrounded by icons for growth, risk alert, user profiles, and a security shield with a target, connected through a network of hexagons — symbolizing the interconnected risks and compliance considerations in digital asset ecosystems.
USE CASE
Learn how TRM helps compliance teams monitor exposure, detect threats, and safeguard their organizations
TRM for stablecoin risk management →
A worn silver wrench tool on a brown-red background, as a metaphor for violent crime
BLOG
Learn about the recent rise of "wrench attacks" and crypto-related violent crime
Read the post →
Illustration of a financial institution icon and a compliance document with checkboxes, symbolizing regulatory due diligence and financial compliance in the digital asset ecosystem.
GUIDE
Learn best practices for evaluating the legal, operational, and financial integrity of crypto entities before engagement
Get the guide →
A judge's gavel rests beside a stack of gold-colored cryptocurrency tokens, including Bitcoin, Dogecoin, Ethereum, and others, symbolizing the intersection of digital assets and regulatory or legal oversight.
REGULATORY ACTION TRACKER
Stay updated on the latest crypto-linked regulatory actions available in the public domain
Check it out →
Screenshot of the splash page used by law enforcement agencies following the takedown of Garantex, with bold red lettering reading, "This domain has been seized," along with the logos of various international law enforcement agencies involved in the action.
BLOG
Learn more about the global law enforcement operation that took down Garantex
Read the post →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
2025 Crypto Crime Report: Explore how the crypto crime landscape evolved over the past year
DIG IN NOW →
Bright blue fiber optic cables on a dark blue background, with flashes of white sparks interspersed throughout.
REPORT
As AI technology becomes more sophisticated, so will the ways in which criminals use it. See what TRM is doing to counter AI-enabled crime.
FIGHT AI WITH AI →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
The crypto crime landscape saw significant shifts in 2024, including decreases in illicit volumes. Dig into the data here.
PREVIEW THE CRYPTO CRIME REPORT →
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT