Sanctioned crypto exchange Grinex suspends operations after $13.7M hack

This post was originally published on this site

Sanctioned Kyrgystan-registered cryptocurrency exchange Grinex has halted trading after attackers pulled over one billion Russian rubles from its wallets, with the platform attributing the breach to foreign state actors and calling it a deliberate assault on Russia’s financial system.

Grinex said the funds were taken from 54 addresses. The exchange said the attack required resources and technologies that only hostile state entities could access, and that it was designed to restrict crypto flows out of the region.

Before this incident, Grinex had faced sanctions and transaction blocks outside the Commonwealth of Independent States, but the platform noted that no user assets had ever been stolen prior to this attack. Visiting the exchange’s website now brings up a statement from the company confirming the theft and describing it as a coordinated operation aimed at directly harming Russia’s financial sovereignty

Meanwhile, Blockchain analytics firm Elliptic tracked approximately $15 million in USDT drained from Grinex-linked wallets, a figure higher than the $13.1 million the exchange initially cited. Despite being registered in a different country, Grinex has often being tied to Russia’s crypto ecosystem.

“The digital footprint and nature of the attack indicate an unprecedented level of resources and technology, accessible only to entities of hostile states. According to preliminary data, the attack was coordinated with the aim of directly harming Russia’s financial sovereignty,” the official statement reads.

Elliptic found that the stolen USDT moved through addresses on the Tron and Ethereum networks before being converted into TRX and ETH. That conversion, Elliptic said, was likely carried out to lower the risk of Tether freezing the funds, given that Tether retains the ability to blacklist USDT connected to illicit activity.

Grinex’s own account of the on-chain movement aligns with that picture. The exchange identified a wallet holding around 45.9 million TRX worth over $15 million, indicating the attacker consolidated most of the stolen assets into a single address after the initial transfers cleared.

The exchange said all available information had been handed to law enforcement and that a criminal complaint was filed at the location of its infrastructure.