Grinex Exchange Suspends Activities Following $13 Million Cyber Attack Allegedly Backed by State

A prominent cryptocurrency exchange, Grinex, which was popular among Russian users seeking to circumvent sanctions, has halted its operations after reporting a significant cyber attack that resulted in the theft of approximately 1 billion rubles, equivalent to $13 million. The exchange, which is headquartered in Kyrgyzstan, announced the breach via its Telegram channel and an official statement on its website, suggesting that the attack was likely perpetrated by state-sponsored actors from 'unfriendly states' due to the high level of coordination and technical expertise involved. According to Grinex, the digital evidence and nature of the attack imply an unprecedented level of resources and technology, typically available only to state-backed structures. The exchange stated that preliminary data indicate the attack was deliberately coordinated to damage Russia's financial sovereignty. Grinex, originally known as Garantex, was itself subject to sanctions imposed by the US, UK, and EU last year, with officials in Washington accusing the platform of assisting users in evading restrictions through a ruble-backed stablecoin called A7A5. This token enabled cross-border transactions when Russia's access to the Swift inter-bank messaging system was suspended following the country's invasion of Ukraine. After being shut down, the platform re-emerged as Grinex. The temporary suspension of trading activities has left users unable to access their funds while the company conducts an investigation. Additionally, access to its Moscow office has been restricted. Grinex has released a list of 54 affected wallet addresses and the corresponding drained amounts, with most of the stolen funds being in the form of USDT on the TRON blockchain.