Sanctioned crypto exchange Grinex has suspended trading after losing more than 1 billion Russian rubles, or about $13.7 million, in what it described as a highly sophisticated cyberattack.
The platform, registered in Kyrgyzstan but connected to Russia’s crypto ecosystem, reported that 54 different wallet addresses drained the funds. The exchange pointed to what it called an “unprecedented level of resources and technology,” suggesting the possible involvement of foreign intelligence agencies.
Grinex confirmed that all operations have been paused following the incident. The company added that it has shared available data with law enforcement and filed a criminal complaint where its infrastructure is based.
Signs point to wider attack across linked exchanges
Grinex has previously been viewed as a successor to Garantex, another platform accused by U.S. authorities of helping Russia-linked actors evade sanctions and launder funds. The exchange has also been linked to trading activity involving the ruble-backed stablecoin A7A5, according to Elliptic.
Your completely free resource hub designed to boost your knowledge of cryptocurrencies
New evidence indicates that the attack may have extended beyond Grinex. Blockchain intelligence firm TRM Labs said two wallets connected to Kyrgyzstan-based exchange TokenSpot sent funds to the same address used by the attacker.
TokenSpot reported a brief outage on April 15 due to technical work, before announcing a return to full operations the following day. TRM Labs also identified at least 16 additional wallet addresses connected to the incident.
The main consolidation wallet now holds around 45.9 million TRON tokens, valued at nearly $15 million.
Meanwhile, Elliptic said it tracked approximately $15 million in Tether leaving Grinex accounts. The funds were later converted into other assets such as TRX or Ether, likely to avoid the risk of being frozen.
This isn’t the first time that exchanges have come under attack over sanctions evasion. In a separate incident in 2025, Iran-based platform Nobitex was hit by its own cyberattack, losing some $81 million to a pro-Israel hacking group, according to claims. The latest incident highlights the continuing risks in the crypto community, particularly for platforms in geopolitically sensitive areas.
