How to Vet a Crypto Exchange Before You Deposit: A Counterparty and Sanctions-Risk Checklist

Always conduct a five-part checklist before transferring money to any crypto exchange: screen against OFAC and EU sanction lists, verify the actual proof-of-reserves, investigate the exchange's records on halting withdrawals and past issues, check the exchange's jurisdiction and registration and locate their on-chain counterparties.

A good example for an exchange that presented many of these potential risks and red flags is Grinex. An exchange based in Russia that took over for the sanctioned exchange Garantex and had its users frozen out of all deposits and withdrawals, due to a hack in April of 2026 for approximately $13.7 million. Each of the five listed factors presents an example of potential risk for this collapse of Grinex.

While a majority of people are focused on various aspects (fees, available coins and ease of use) when selecting an exchange, these aspects are secondary to the question that will determine if you ever see the money you deposited: who is actually holding my money and what happens to me if they are sanctioned, hacked or disappear overnight?

That's called counterparty risk. Your balance on a centralized exchange is not actually your coins sitting in their vault. It is an I.O.U. from the exchange. If the company is operating in a gray area of the sanction list, maintaining undisclosed reserves, or is quietly bankrupt, the I.O.U. can go from having value when you log in to having no value when you log in to the next time. There could be no regulators that you can call after losing your funds.

This is a practical checklist that will help you evaluate any exchange prior to funding it. It is not a ranking of exchanges or a desire to tell you which exchange to use. It provides you with a process that you can easily repeat. Throughout this article, one actual "real-life example" will be used - the Grinex / Garantex / A7A5 situation - as this situation is able to hit nearly every single red flag at once.

The case study: how Grinex hit every red flag at once

An explanation of the Garantex case as a 'red flag' example

First, to give you a better understanding of how we can check for red flags, it will be useful to tell you the cautionary story about Garantex.

Garantex, a cryptocurrency exchange, had its main office in Russia. Garantex processed approximately $96 billion in transactions from 2019 until it was shut down in March 2022 when the US Treasury Department's OFAC sanctioned it because Garantex was aiding and abetting illicit financial activity. Then in March 2022, through a coordinated international law enforcement operation, law enforcement seized the physical assets of Garantex and froze approximately $26 million that had been deposited into the exchange.

Garantex did not go out of business. Garantex re-emerged as Grinex - Grinex is located in Kyrgyzstan, which is the jurisdiction where Garantex was headquartered, but was rebranded to Grinex. This is a classic red flag. The US Treasury Department subsequently sanctioned Grinex in August 2022 and stated explicitly that Grinex was the entity that took over and replaced Garantex. In short, rebranding is a simple way that you can fool people (even those with access to OFAC sanction lists).

Then came operational failure. On April 15, 2022, Garantex was hacked and lost approximately $13.7 million in customer funds. Many of the funds that were stolen were USDT stolen from Garantex's trading operations. After the theft, Grinex shut down trading and deposit and withdrawal options and blamed "state-backed" actors from some "non-friendly" countries - however, to date, no independent analysis supports Grinex's assertion. Garantex had 54 wallets that had been affected as a result of the hack, and all of them contained mainly USDT and resided on the Tron network.

Finally, there is one more component of this situation that you should be aware of: A7A5, the ruble-pegged stablecoin that Elliptic has reported has facilitated a total of $119.7 billion in sanctioned business transactions. Ilan Shor (a fraudster whose actions resulted in him being convicted and sanctioned) and Promsvyazbank (the state-owned financial institution of Russia) reportedly back this exchange located in Kyrgyzstan. The 20th package of sanctions from the European Union, which took effect on May 24, 2026, has blacklisted the exchange Exchange Entreprises SRL (also known as Meer.kg) as the primary place for trading A7A5.

Look at this by reviewing the items in the checklist below rather than as a news story. Besides the parent company being sanctioned, an exchange is using a different name and jurisdiction, undisclosed reserves, an announcement it will temporarily stop processing requests to withdraw funds, and an on-chain connection to a settlement asset identified as sanctioned run through this exchange’s user/WALLET. A person who looked at the five points below would have determined well before the freeze occurred that this exchange had failed.

Check 1 - Sanctions screening (missing checks of the OFAC, EU & UK sanction lists)

The easiest way to figure out if the securities dealer being checked received sanctions on its parent (or other owners) is to check the U.S. Specially Designated Nationals List at Sanctions Data. If you made the mistake of missing this step, you may end up getting in trouble for depositing your funds into a sanctioned securities dealer/exchange — in addition to losing access to your funds depending on where you reside; you may also have tax consequences because you should have known you were doing so.

What you can do:

• 1) Check the Office of Foreign Asset Control’s OFAC (SDN) (searchable) list; inputting the name of an entity with some connection to this exchange and the parent and any other ownership name — Garantex, Grinex, or A7A5 issuer — would yield something (at least three of the four companies had been placed on the list).
• 2) Check the EU and UK sanction lists too since they do not have identical restrictions across their respective jurisdictions. The EU’s 20th sanctions package, enacted in April 2026, solely targeted financial institutions that intermediate cryptocurrency trades at exchanges (whereas doing a search on one jurisdiction may overlook such transactions identified by another jurisdiction).
• 3) Look up known sanctioned wallet addresses in your on-chain transaction history or any deposit or hot wallets, if you can find them. If there is evidence that any wallet was used as part of a transaction that occurred at any past time and such wallet is now identified on a current sanctioned list, you have achieved a ‘hard stop’. Rebrands and all references to "successor entities" should be monitored. A new name and country does not reset an entity's sanctions designation. If a service looks like it is the relaunch of something that was previously closed, then the old entity's history must also be considered as part of the new entity's.

Check 2 - Proof of reserves and the reserve gap

After verifying sanctions, the next issue is to check if the exchange being investigated has the funds and assets necessary (to be solvent) to repay users that have funds on the exchange?

A legitimate PoR will provide a limited answer to this question. A genuine PoR provides attestation to the fact that the exchange has at least as many on-chain assets (e.g., crypto assets) as the aggregate total of its users' balances.

The legitimate PoR will also provide Merkle proof to allow individual users to verify their balances, which is typically provided in a third-party verified manner.

However, PoR has inherent limitations to the information that Exchange operators can provide:

• While PoR provides users with insight to the overall amount of crypto-assets held by an exchange, it does not take into consideration the amount of liabilities that an exchange has to its users. An exchange may have one billion dollars of wallet-based assets, while having two billion dollars worth of liability associated to its customer funds held in wallets, thus proof of reserves without a corresponding proof of liabilities provides a very incomplete picture for the users.
• PoR provides a limited point in time snapshot of an exchange solvency, as the crypto-assets may have been borrowed for purposes of providing PoR at the time of performing such attestation and then returned after the PoR was provided.
• Claims of "we are fully funded, you can trust" are not a verifiable PoR and you should continue to seek verifiable sources of PoR, ideally via independently verified Merkle checks as opposed to mere marketing statements.

The Grinex case provided no such supporting checkpoints. The lack of clear reserves, as seen in the earlier technology, was responsible for each user being frozen from that one hack at one time (meaning there were no publicly visible reserves, and no third party authenticator to verify customers' assets).

Check 3 - History of Withdrawal Freezes and Events in History

How we react to an event is determined by our past experiences. The best way to examine how any given exchange will react during crisis is to look at their past withdrawal history while under duress.

Key Questions:

• Has the exchange ever stopped a withdrawal for reasons other than a trigger like maintenance or upgrades? An exchange's history of freezing withdrawals during volatility or as a result of an incident indicates the exchange's willingness to lock users out when faced with impending failure.
• How did the exchange communicate during prior events - were they transparent (via post-mortem with blockchain evidence) or were they elusive with their reasons for the freeze? For example, during the recent Grinex fraud, the exchange blamed a state sponsored attack; this falls far short of an accountability standard.
• Have the exchange's systems been compromised by a hack, or other means? Did they make the users whole from the fraudulent or hacking activity? An exchange that has absorbed the loss and reimbursed users is much more likely to be accountable in other means.
• Does the exchange record delayed processing of withdrawals or make selective payments to the users? The instances of dissimilar treatment of users is a strong indication of a lack of liquidity available to the exchange.

A withdrawal freeze is the moment when the theoretical risk of being an account holder unravels and transforms to a personal problem. A strong example of this is the Grinex withdrawal freeze in April 2026 when users could see their balance but could not access their funds, and there was no stated timing of a resolution.

Check 4 - Jurisdiction and registration red flags

Who registers your exchange and how their registration offices are presented honestly will show who is regulating it OR whether you can take any action against them at all; to provide proof that they are subject to jurisdictional accountability.

The green flags will show that it is more likely to operate under a reliable jurisdictional framework such as MiCA (markets in crypto-assets) registration in the EU (European Union Member States), VASP (virtual asset service provider) license, FinCEN (The Financial Crimes Enforcement Network of the U.S. Federal Government) registration, or similar registration in places like Singapore and Japan and also UAE. These may not guarantee your success, but these will impose reserve requirements, reporting requirements and AML (Anti-Money Laundering) requirements on them and provide you with a complaint opportunity.

Red flags will be related to:

• Lack of a legal entity to verify against, having no address as a Registered Company, or having a shell company at some jurisdictional level of low regulation.
• Moving to a more "Friendly" jurisdiction after being pressured or shut down via regulation.
• Marketing language that does not accurately reflect the state where a company is actually registered compared to the way it is marketed, i.e., "Globally, Decentralized and Regulated" or other such terms, causing no clear identification as to who is being contacted.
• The absence of a KYC (Know Your Customer) or AML (Anti-Money Laundering) program usually means the business model for the venue relies on persons who choose to use their services to avoid having their identity disclosed — in fact as a result of the types of customers who generally will work with law enforcement.

A major concern is when one entity goes from one jurisdiction to another as regulatory agencies engage in enforcement against the entity — when an entity continuously moves before being regulated gives you a clear indication of what their goal is and what will happen in the near future.

Check 5 - On-chain Counterparty Assessment

This is the exercise that separates the easy due diligence from the hard due diligence and is generally one of the activities that average user buyers won't do. Remember, the exchange's wallets are subject to public inspection and you have an opportunity to determine the exchange's counter-parties (those entities the exchange does business with). Analysis of on-chain transactions reveals various risk exposures according to several criteria, including:

• 1) Counterparty exposure - if a hot wallet owned and operated by an exchange sends and/or receives from determined addresses or sends and receives from mixers or known illegal finance clusters, there is measurable counterparty risk; e.g., the exposure from the Grinex cluster to the A7A5 settlement asset which was created to facilitate sanctioned flows.
• 2) Wallet activity - do the wallets holding the assets backing the proof of reserve (PoR) claim exhibit stable assets or do they exhibit spikes in asset levels just prior to attestations and subsequent to such attestations?
• 3) Concentration/Commingling - If multiple addresses funnel funds into a few addresses, or if customer funds are commingled with operating funds, there exists a higher likelihood of experiencing one point of failure.

You do not need to be a forensic auditor to begin. You can observe the known wallets of exchanges on public block explorers, or use AI-supported wallet evaluation tools which assign a risk score to your deposited funds according to hundreds of criteria, thus alerting you in advance as to whether your deposit will result in any connection to sanctioned or high-risk financing evidence. Your goal is simple: you will know who the other counterparty is on the other side of your balance, so you can maintain your crypto assets at risk of flushing through your fiat accounts.

Red flags vs green flags: the deposit checklist

Use the deposit checklist to identify red flags and green flags prior to funding any account, i.e. One serious red flag will be sufficient to walk away as soon as possible.

A note on stablecoin issuer risk

Note: The risk of the issuer of the stable coin should be incorporated into the asset you are placing on an exchange. The stable coin is only as good as the reserves and legal status of the issuer of the coin. A7A5 is an extreme thought; it has been created to allow the movement of money from individuals sanctioned by the U.S. government and government or state-owned financial institutions of Russia. The general premise is as follows: Avoid using or combining an unstable coin with a known or verifiable issuer; however, if you have a politically unstable or sanctioned coin, then you will be limited in your ability to access your coins as quickly as you would have with an exchange that is not considered toxic.

Where the right tools fit

While much of the above is done by way of research, if you do not have a way of conducting research efficiently, it will be impossible to conduct thorough research on the minimum number of each of the criteria listed above. All of this information is constantly changing, and the number of locations in which to verify will keep getting larger. That is where monitoring tools and analysis software come into play. ArbitrageScanner provides this kind of transparency and uses AI wallet analysis to rate an address using 272 different criteria. This is especially helpful when validating the on-chain counterparty as described in this guide. A quick overview of the 80+ exchanges covered can be obtained through our supported exchanges page. The arbitrage screener and DEX scanner provide a real-time view of the market and display where price and liquidity exist at any given moment. In addition, you can use DEXs as a fallback option in case the appropriate centralized counterparty does not meet your criteria above. Your funds remain completely under your control, as the bot only uses manual execution methods and does not have API access to your exchange accounts.

You are responsible for all of the checks; the only time you should skip any of the five checks is if you are waiting on money.

Frequently asked questions

How do I determine whether a crypto exchange is safe enough to deposit funds into?

Perform a series of five checks in the following order: verify against OFAC, EU and UK sanctions lists; ensure there is an independently verifiable proof of reserves available; review the exchange's historical records with respect to withdrawals being frozen; determine where the exchange is legally domiciled; and evaluate the on-chain counterparties of the exchange for any affiliation with sanctioned individuals/parties. Any single serious cause for concern will preclude you from depositing any funds with the exchange.

What is counterparty risk?

The risk of the exchange with which you have deposited your funds will not pay out your funds cannot be guaranteed. There are a number of reasons the exchange could fail to pay you, such as the exchange being unable to pay out due to bankruptcy, legal issues, being hacked, or freezing your funds from being withdrawn. When you take your funds to a centralized exchange to trade or sell for a specific asset, what you are getting from the centralized exchange in return for your fund is an IOU - thus does not have control of your assets which means that when the exchange experiences any financial issues will put your funds at risk.

How do I know if an exchange may have sanctions imposed on them?

You should search the U.S. Treasury Office of Foreign Asset Control (OFAC) list of Specially Designated Nationals (SDN) for that exchange as well as all entities controlled by the same entity and the equivalent in European Union (EU) and United Kingdom (UK). In viewing the OFAC list of SDNs you should review both current names as well as previous names associated with the entity. When you search you should also identify any associated digital wallets to provide you with additional proof that the entity is an active entity and is still operating in the Periphery if those wallets are currently being used for any other activity are not active as a result of the legal entity relocating to another country. A perfect example of this is the case of Grinex; this entity was previously known as Garantex after it was sanctioned in 2022 through the OFAC for being a Russian Exchange and was shut down by law enforcement after the investigation of Garantex and was later rebranded as Grinex in Kyrgyzstan. Subsequently, in August 2025 Grinex was sanctioned by the US since it was determined that they were the successor entity to Garantex and that they continued to operate as an exchange without the proper licenses. In April 2026 Grinex experienced a hack which resulted in approximately 13.7 million dollars being hacked from their centralized exchange by the hacker causing trades and deposits to be stopped and providing no option for people who had trades available to retrieve their assets or provide trading until the matter could be resolved.

The jurisdiction in which the trading exchange is located has a very significant effect on how that exchange is authorized and regulated if at all. If the trading exchange has been established in a recognised country with an established regulatory structure it should be required to maintain specific capital reserves and not lose the ability to provide you with access to your funds during your time of deposit if the trading exchange has been established in an unregulated or opaque nation and relocated there for the specific purpose of avoiding legal obligations due to sanction or legal action, therefore it should be apparent that if the trading exchange is an unregulated exchange which has relocated there may be no recourse for you should the exchange or your funds be unable to be accessed.

Take your free 1 day trial of 'Arbitrage Scanner' and gain access to the entire tool set, AAA wallet analysis on 272 criteria and exchanges with over 80 exchange covered by Arbitrage Scanner.

Get Trial Access to Arbitrage Scanner →

The articles and all research facilities and tools provided by 'Corrector' are solely for educational and informational purposes with none of the material contained within the articles or any of the articles, tools or research developed by Corrector will provide you with trading, financial, legal or investment advice. Our team of software developers have no recommendation or guarantee or assurance of what to do with your funds nor are we able to provide you with any information regarding where to invest. We take any action that involves you, our systems are completely manual and provide you with no access to any of your funds and therefore retain full control of your funds. There is significant risk involved with trading in crypto with the potential for 100% total loss of capital and with traditional or government-sanctioned way and law or government regulations changing most of the time. The cases cited above are based only on reports through June 2026 and have the likelihood of evolving due to sanctions and or legal obligations in place by law. Always verify the most current version of the government sanction lists applicable and do your own due diligence on any trades you desire before placing them through an exchange.