Grinex Exchange Suspends Trading After $14 Million Hack Linked to Sanctions Concerns

Grinex Halts Operations Following Major Security Breach

Sanctioned cryptocurrency exchange Grinex suspended trading operations after losing more than 1 billion Russian rubles (about $13.7 million) in a cyberattack that targeted 54 digital wallet addresses. The platform, registered in Kyrgyzstan but widely linked to Russia’s crypto ecosystem, said the nature of the breach suggested the involvement of highly sophisticated actors.

In an official statement, the exchange described the attack as showing an “unprecedented level of resources and technology” typically associated with hostile state-backed entities. Grinex confirmed that all available data has been transferred to law enforcement authorities and that a criminal complaint has been filed at the infrastructure location.

Grinex has been widely viewed as the successor to the previously sanctioned Garantex exchange. Both platforms have been accused by U.S. authorities of assisting Russian entities in evading sanctions and facilitating money laundering activities tied to Russia-linked hackers.

Investigators Link Additional Wallets and Exchanges to Attack

Blockchain intelligence firm TRM Labs reported that the attack may have extended beyond Grinex. Investigators identified 16 additional wallet addresses connected to the incident beyond those publicly disclosed. The consolidation wallet used by the attacker reportedly holds about 45.9 million TRON (TRX), valued at nearly $15 million.

TRM Labs also noted that TokenSpot, another Kyrgyzstan-based exchange with on-chain links to Grinex, may have been indirectly affected. Two wallets associated with TokenSpot transferred roughly $5,000 to the same consolidation address used in the Grinex breach. TokenSpot later reported technical maintenance on April 15, followed by the restoration of full operations the next day.

Stolen USDT Converted to Avoid Asset Freezing

Blockchain analytics company Elliptic tracked approximately $15 million in USDT leaving Grinex-linked accounts during the attack. According to investigators, the stolen funds were transferred across the Tron and Ethereum blockchains and converted into other assets such as TRX or ETH.

This incident follows similar high-profile breaches, including a June 2025 attack on Iran-based exchange Nobitex, where roughly $81 million was stolen by a group claiming pro-Israel affiliations, highlighting ongoing security and geopolitical risks in the crypto sector.

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.