Key Highlights
- Grinex has stopped operations after a cyberattack caused losses of about $13 million.
- The exchange said the attack was highly advanced and possibly linked to foreign intelligence.
- Stolen funds were reportedly converted into TRX and consolidated into a wallet holding around $15 million.
Grinex, a Russian cryptocurrency exchange, has suspended all operations following a cyberattack that resulted in losses of more than 1 billion rubles (about $13 million).
According to a local report, the platform has halted trading and blocked all withdrawals while it investigates the breach. The company has also filed a formal police complaint and launched an internal review.
Attack described as highly advanced
Grinex stated that the attack appeared highly advanced and may have been carried out by foreign intelligence groups. The exchange added, “Digital footprints and the nature of the attack indicate an unprecedented level of resources and technologies available exclusively to the structures of unfriendly states. According to preliminary data, the attack was coordinated with the goal of causing direct damage to the financial sovereignty of Russia.”
In its statement, the exchange said the incident may have been aimed at causing broader disruption to Russia’s financial system rather than solely stealing funds.
After the breach, Grinex moved quickly to shut down its platform. Its website now shows a maintenance notice, and all user services, including deposits and withdrawals, are unavailable. The exchange also confirmed that its Moscow City office has paused some operations while authorities review the case. Grinex stated that technical teams are working to improve system stability, but no timeline has been given for a full return.
Movement of stolen funds
According to the exchange, the stolen assets were quickly routed through multiple crypto services and converted into TRON-based tokens.
The funds were then consolidated into a single wallet holding approximately 45.9 million TRX, valued at around $15 million. Investigators are currently tracking the wallet to determine the flow of funds.
Background and regulatory pressure
Grinex was established in 2025 after the shutdown of Garantex by U.S. authorities. It became a key platform for trading rubles, USDT, and the A7A5 stablecoin.
A7A5 is the first stablecoin tied directly to the Russian ruble and was launched by Promsvyazbank along with banker Ilan Shor. It has been used widely for cross-border payments under Western sanctions and reportedly reached a turnover of around $100 billion by early 2026.
Meanwhile, the exchange has also faced sanctions itself. In August 2025, both the United States and the United Kingdom imposed restrictions on Grinex. They said the platform was helping Russia move money during the war in Ukraine.
UK authorities said the exchange benefited from cooperation with the Russian government in financial operations. Garantex, its predecessor, had already been blacklisted in 2022 for alleged links to cybercrime and money laundering activities.
Moreover, blockchain analysts have pointed out possible links between Grinex and Garantex. Reports from TRM Labs suggest that Grinex may have continued operations from its predecessor, with similar infrastructure, wallet flows, and system design.
Exploit attacks continue to pile up in 2026
The attack follows a similar pattern that happened to Drift Protocol, when North Korean hackers stole over $270 million in assets from its vaults. In fact, exploit attacks have been piling up this year. Around the same time when Drift was attacked, blockchain security firm PeckShield flagged a $950,000 exploit targeting the LML staking protocol on Binance Smart Chain. Earlier this month, another decentralized protocol, Hyperbridge, was also attacked, and hackers withdrew roughly 245 ETH from its wallet.
In short, these attacks are now becoming more frequent and more organized, hitting both large platforms and smaller DeFi protocols.
Also Read: Whale Buys 37% of UNC Memecoin, Airdrops $6.4M to Over 2K Traders
