Grinex Exchange Suspends Operations Following $13 Million Cyber Attack Allegedly Backed by State Actors

A prominent cryptocurrency exchange, Grinex, which was widely used by Russians to circumvent sanctions, has halted its operations after falling victim to a sophisticated cyber attack that resulted in the theft of approximately 1 billion rubles, equivalent to $13 million. The exchange, which is based in Kyrgyzstan, announced the breach on its official Telegram channel and website, attributing the attack to state-sponsored actors from 'hostile nations' due to the high level of coordination and technical expertise involved. According to Grinex, the digital evidence and nature of the attack suggest that it was carried out by 'structures of unfriendly states' with the primary goal of undermining Russia's financial independence. Notably, Grinex was itself subject to sanctions imposed by the US, UK, and EU last year, with US officials accusing the exchange, formerly known as Garantex, of enabling users to bypass restrictions through a ruble-backed stablecoin called A7A5. This token allowed for cross-border transactions even after Russia's access to the Swift inter-bank messaging system was severed following its invasion of Ukraine. After being shut down, the platform re-emerged as Grinex. The temporary suspension of trading activities has left users without access to their funds, while the company conducts an investigation. Furthermore, access to Grinex's Moscow office has been restricted. The exchange has released a list of 54 affected wallet addresses, along with the corresponding amounts that were drained, with the majority of the stolen funds being in the form of USDT on the TRON blockchain.