Industry

Russian Crypto Exchange Grinex Halts Operations After $13M Hack

The exchange said the attack may have been a coordinated effort aimed at disrupting Russia’s financial systems.

Written By:
Iyiola Adrian
Russian Crypto Exchange Grinex Halts Operations After $13M Hack

Key Highlights

  • Grinex has stopped operations after a cyberattack caused losses of about $13 million.
  • The exchange said the attack was highly advanced and possibly linked to foreign intelligence.
  • Stolen funds were reportedly converted into TRX and consolidated into a wallet holding around $15 million.

​​Grinex, a Russian cryptocurrency exchange, has suspended all operations following a cyberattack that resulted in losses of more than 1 billion rubles (about $13 million).

According to a local report, the platform has halted trading and blocked all withdrawals while it investigates the breach. The company has also filed a formal police complaint and launched an internal review.

Attack described as highly advanced

Grinex stated that the attack appeared highly advanced and may have been carried out by foreign intelligence groups. The exchange added, “Digital footprints and the nature of the attack indicate an unprecedented level of resources and technologies available exclusively to the structures of unfriendly states. According to preliminary data, the attack was coordinated with the goal of causing direct damage to the financial sovereignty of Russia.” 

In its statement, the exchange said the incident may have been aimed at causing broader disruption to Russia’s financial system rather than solely stealing funds.

After the breach, Grinex moved quickly to shut down its platform. Its website now shows a maintenance notice, and all user services, including deposits and withdrawals, are unavailable. The exchange also confirmed that its Moscow City office has paused some operations while authorities review the case. Grinex stated that technical teams are working to improve system stability, but no timeline has been given for a full return.

Movement of stolen funds

According to the exchange, the stolen assets were quickly routed through multiple crypto services and converted into TRON-based tokens.

The funds were then consolidated into a single wallet holding approximately 45.9 million TRX, valued at around $15 million. Investigators are currently tracking the wallet to determine the flow of funds.

Background and regulatory pressure

Grinex was established in 2025 after the shutdown of Garantex by U.S. authorities. It became a key platform for trading rubles, USDT, and the A7A5 stablecoin.

A7A5 is the first stablecoin tied directly to the Russian ruble and was launched by Promsvyazbank along with banker Ilan Shor. It has been used widely for cross-border payments under Western sanctions and reportedly reached a turnover of around $100 billion by early 2026.

Meanwhile, the exchange has also faced sanctions itself. In August 2025, both the United States and the United Kingdom imposed restrictions on Grinex. They said the platform was helping Russia move money during the war in Ukraine.

UK authorities said the exchange benefited from cooperation with the Russian government in financial operations. Garantex, its predecessor, had already been blacklisted in 2022 for alleged links to cybercrime and money laundering activities.

Moreover, blockchain analysts have pointed out possible links between Grinex and Garantex. Reports from TRM Labs suggest that Grinex may have continued operations from its predecessor, with similar infrastructure, wallet flows, and system design. 

Exploit attacks continue to pile up in 2026

The attack follows a similar pattern that happened to Drift Protocol, when North Korean hackers stole over $270 million in assets from its vaults. In fact, exploit attacks have been piling up this year. Around the same time when Drift was attacked, blockchain security firm PeckShield flagged a $950,000 exploit targeting the LML staking protocol on Binance Smart Chain. Earlier this month, another decentralized protocol, Hyperbridge, was also attacked, and hackers withdrew roughly 245 ETH from its wallet.

In short, these attacks are now becoming more frequent and more organized, hitting both large platforms and smaller DeFi protocols.

Also Read: Whale Buys37% of UNC Memecoin, Airdrops $6.4M to Over 2K Traders

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Iyiola - Crypto Journalist at The Crypto Times
By Iyiola Adrian
Follow:
Iyiola is an experienced crypto writer specializing in simplifying complex blockchain and cryptocurrency topics for a broad audience. With expertise in ICOs, DeFi, NFTs, and regulatory updates, he offers valuable insights to help readers make informed decisions.

Join Our Newsletter

Subscribe to get latest crypto news!

    Built with Kit

    Latest News

    Ripple Brings RLUSD and XRPL Deeper Into Exodus Ecosystem
    Ripple Brings RLUSD and XRPL Deeper Into Exodus Ecosystem
    Rhea Finance Loses $7.6M in Exploit, Says CertiK
    Rhea Finance Loses $7.6M in Exploit, Says CertiK
    Whale Buys 37% of UNC Memecoin, Airdrops $6.4M to Over 2K Traders
    Whale Buys 37% of UNC Memecoin, Airdrops $6.4M to Over 2K Traders
    Drift Switches to USDT in $147.5M Tether-Backed Relaunch Plan
    Drift Switches to USDT in $147.5M Tether-Backed Relaunch Plan
    Hyperbridge Raises Exploit Loss Estimate to $2.5M From $237K
    Hyperbridge Raises Exploit Loss Estimate to $2.5M From $237K

    Find Us on Socials

    You may also like