Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it’s suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.
The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1 billion rubles in user funds.
“Digital forensic evidence and the nature of the attack point to an unprecedented level of resources and technological sophistication – capabilities typically available exclusively to the agencies of hostile states,” the company said in a statement posted on its website. “Preliminary findings suggest the attack was coordinated with the specific objective of inflicting direct damage upon Russia’s financial sovereignty.”
A spokesperson for the company went on to state that the exchange’s infrastructure had been under attack since the beginning of its operations, and that the latest development represents a new level of escalation aimed at destabilising the domestic financial sector.
Grinex is believed to be a rebrand of Garantex, a cryptocurrency exchange that was sanctioned by the U.S. Treasury Department in April 2022 for laundering funds linked to ransomware and darknet markets like Conti and Hydra. The Treasury renewed sanctions against Garantex in August 2025 for processing more than $100 million in illicit transactions and enabling money laundering.
According to the Treasury and details shared by blockchain intelligence firms Elliptic and TRM Labs, Garantex is said to have moved its customer base to Grinex in response to the sanctions and remained operational by using a ruble-backed stablecoin called A7A5.
In a report published earlier this February, Elliptic also disclosed that Rapira, a Georgia-incorporated exchange with an office in Moscow, has engaged in direct cryptoasset transactions to and from Grinex totaling more than $72 million, highlighting how exchanges with ties to Russia continue to enable sanctions evasion.
The British blockchain analytics firm said the Grinex asset theft occurred on April 15, 2026, at around 12:00 UTC, and that the stolen funds were subsequently sent to further accounts on the TRON or Ethereum blockchains. “This USDT was then converted to another asset, either TRX or ETH. By doing so, the thief avoided the risk of the stolen USDT being frozen by Tether,” it added.
TRM Labs has identified about 70 addresses connected to the incident, noting that TokenSpot, a Kyrgyzstan-based exchange that likely operates as a front for Grinex, was simultaneously impacted.
On the same day Grinex suffered the breach, TokenSpot posted on its Telegram channel that the platform would be temporarily unavailable due to technical maintenance. On April 16, it announced that full operations had resumed. The attacker is estimated to…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
