// Grinex Crypto Exchange Suspends Operations After $13 Million Cyberattack

The Cyberattack

Grinex, a Kyrgyzstan-based exchange with strong ties to Russia, announced the halt of all its services on Thursday, after the cyberattack compromised its systems. The stolen funds, estimated at $13 million in USDT (Tether), were moved across multiple blockchains, including Ethereum and Tron, in a bid to obscure the origins of the illicit funds. In a statement posted to its Telegram channel, Grinex attributed the attack to "foreign intelligence services" from unfriendly states. The exchange claimed that the attack was well-coordinated and highly sophisticated, involving technologies and resources typically available only to state-level actors. This, they suggested, was aimed at destabilizing Russia’s financial independence.

Grinex’s accusations have not been independently verified, and the specifics of the breach are still unclear. However, the cybercriminals appeared to have targeted the exchange’s wallet infrastructure directly, moving funds into multiple wallets and across different blockchain networks to slow tracking efforts. The exchange became inaccessible after the breach, with a post explaining the incident replacing the homepage. A list of all Bitcoin addresses related to the breach has also been published on the exchange’s homepage.

Grinex's Background

Grinex’s position in the crypto ecosystem has always been controversial. It is widely regarded as the successor to Garantex, another Russian exchange that was shut down by U.S. authorities in 2025 for alleged money laundering activities and its connections to Russian state-affiliated entities. The exchange’s primary role has been facilitating transactions in ruble-backed stablecoins, notably A7A5, which is considered a key component of Russia’s strategy to circumvent international sanctions. These stablecoins enable large-scale cross-border transactions and have raised concerns due to their links to sanctioned financial institutions.

As the successor to Garantex, Grinex has found itself at the heart of a geopolitical tug-of-war, with Western authorities viewing its operations as part of a broader effort to evade sanctions. The halt in operations and the subsequent theft could add more fuel to the fire regarding the potential use of such exchanges for illicit financial activities.

Alleged Involvement of Foreign Intelligence

Grinex’s claims of foreign intelligence involvement have not been substantiated by evidence at this time. The exchange has suggested that the nature of the attack was designed specifically to harm Russia’s financial sovereignty, further underscoring the ongoing geopolitical tensions surrounding the country’s crypto infrastructure.

On-chain analysis by blockchain firm Elliptic confirmed that the funds had been moved and converted across various digital assets, including ETH and TRX, but could not confirm the identity of the perpetrators. The movement of funds across multiple blockchains and wallets is a tactic commonly employed in high-profile crypto hacks to obscure the trail of stolen assets.

Grinex's Response

Following the attack, Grinex suspended all trading activity, including withdrawals, to assess the damage. The platform has since filed a criminal complaint and shared all available data with law enforcement agencies, including Russian authorities. The exchange has also claimed that its infrastructure has been under attack for some time, with prior attempts to limit cryptocurrency withdrawals outside the Commonwealth of Independent States (CIS). The involvement of law enforcement in tracking the stolen funds remains part of the ongoing investigation. However, given the decentralized nature of blockchain transactions, recovering the stolen assets and identifying the perpetrators could be a challenging and lengthy process.

Conclusion

The cyberattack on Grinex highlights the vulnerabilities facing cryptocurrency exchanges, particularly those in regions with complex geopolitical landscapes. The theft of over $13 million raises important questions about the security of such platforms and the potential role of foreign state actors in cybercrime. Grinex’s response, as well as the involvement of Russian authorities, will likely be closely monitored in the coming weeks. However, with the stolen funds already dispersed across multiple blockchain networks, it may prove difficult to trace and recover the assets, further underscoring the growing sophistication of cybercriminal activities in the world of digital finance.