Grinex Exchange, Linked to Russia, Ceases Operations Following $13 Million Cyber Attack Allegedly Backed by State Actors

A prominent cryptocurrency exchange, Grinex, which was popular among Russian users seeking to circumvent sanctions, has halted all operations after falling victim to a major cyber attack that resulted in the theft of approximately 1 billion rubles, equivalent to $13 million. The exchange, which was previously known as Garantex and is based in Kyrgyzstan, made the announcement via its Telegram channel and an official statement on its website, attributing the attack to state-backed actors from 'unfriendly states' due to the high level of coordination and technical expertise involved. According to Grinex, preliminary data suggests that the attack was intentionally designed to undermine Russia's financial sovereignty. The exchange itself has been under sanctions imposed by the US, UK, and EU since last year, with US officials accusing it of helping users bypass restrictions through a ruble-backed stablecoin called A7A5. This token enabled cross-border payments after Russia's access to the Swift inter-bank messaging system was severed following its invasion of Ukraine. After being sanctioned, the platform re-emerged as Grinex. The current pause in trading activities means that users are unable to access their funds while the company conducts an investigation. Additionally, access to Grinex's office in Moscow has been restricted. In response to the incident, Grinex has released a list of 54 affected wallet addresses along with the amounts drained, with the majority of the stolen funds being in the form of USDT on the TRON blockchain.