Grinex, a US-sanctioned cryptocurrency alternate registered in Kyrgyzstan, mentioned it’s halting operations after experiencing a $13 million heist carried out by “western particular providers” hackers.
Researchers from TRM, which has confirmed the theft, put the worth of stolen property at $15 million after discovering roughly 70 drained addresses, about 16 greater than Grinex reported. Neither TRM nor fellow blockchain analysis agency Elliptic has mentioned how the attackers slipped previous Grinex’s defenses. Grinex mentioned it has been underneath nearly fixed assault makes an attempt since incorporating 16 months in the past. The most recent assaults, it mentioned, focused Russian customers of the alternate.
Damaging “Russia’s monetary sovereignty”
“The digital footprints and nature of the assault point out an unprecedented degree of sources and know-how obtainable completely to the buildings of unfriendly states,” Grinex mentioned. “Based on preliminary knowledge, the assault was coordinated with the purpose of inflicting direct harm to Russia’s monetary sovereignty.”
“Because of the assault, the Grinex alternate is pressured to droop operations,” Grinex continued. “All obtainable info has been transferred to regulation enforcement companies. An utility has been submitted to the situation of the infrastructure to provoke a prison case.”
TRM mentioned that TokenSpot, a second Kyrgyzstan-based alternate, was additionally breached. Two of the alternate’s addresses despatched funds to the identical consolidation tackle utilized by the affected Grinex-linked wallets. What’s extra, each exchanges grew to become inoperable on Wednesday, suggesting they have been hit by the identical attacker.
TRM mentioned TokenSpot was a entrance for Grinex, which the US Treasury Division sanctioned final yr. The division’s Workplace of International Belongings Management mentioned that Grinex, in flip, was a rebrand of Garantex, an alternate it had sanctioned in 2022. The division mentioned then that Ganantex had “instantly facilitated infamous ransomware actors and different cybercriminals by processing over $100 million in transactions linked to illicit actions since 2019.” Final yr’s sanctions in opposition to Grinex got here a couple of months after TRM mentioned that the alternate was doubtless a entrance for Ganantex.
![[Webinar] Eradicate Ghost Identities Earlier than They Expose Your Enterprise Information](https://blog.aimactgrow.com/wp-content/uploads/2026/04/ghost-120x86.jpg)
