Grinex Exchange Suspends Activities Following $13 Million Cyber Heist Allegedly Backed by State Actors

A prominent cryptocurrency exchange, Grinex, which catered to Russian users seeking to circumvent sanctions, has halted all operations after falling victim to a sophisticated cyber attack that resulted in the theft of approximately 1 billion rubles, equivalent to $13 million. The exchange announced the breach via its Telegram channel and official website, attributing the attack to state-sponsored entities from 'hostile nations' due to the high level of coordination and technological expertise displayed. This assessment is based on the digital evidence and the nature of the attack, which suggests the involvement of resources and technology typically reserved for the structures of adversarial states. According to preliminary findings, the attack was orchestrated with the intention of directly undermining Russia's financial autonomy. Grinex, originally operating as Garantex, was sanctioned by the US, UK, and EU for its role in helping users bypass restrictions through the use of a ruble-backed stablecoin called A7A5. This token enabled cross-border transactions at a time when Russia's access to the Swift banking network was suspended following its invasion of Ukraine. After being shut down, the platform reemerged under the name Grinex. The temporary suspension of trading activities means that users are currently unable to access their funds while the company conducts an investigation. Additionally, access to Grinex's Moscow office has been restricted. In response to the incident, Grinex has released a list detailing 54 affected wallet addresses and the corresponding amounts that were drained, with the majority of the stolen funds being in the form of USDT on the TRON blockchain.