Kyrgyzstan Crypto Exchange Grinex Suspends Operations After $13.7 Million Hack

Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations following a $13.7 million hack attributed to Western intelligence agencies.

The stolen funds originated from cryptocurrency wallets belonging to Russian users, as the platform facilitates crypto-ruble exchanges between Russian businesses and individuals.

Launched early last year, Grinex has deep Russian ties and is believed to be a rebrand of Garantex, a Russian crypto exchange whose admin was arrested and domains seized over allegations of facilitating over $100 million in illicit transactions.

In August 2025, the U.S. Department of the Treasury announced sanctions against Grinex, citing evidence that the exchange was a continuation of Garantex activity, accepting the same actors and funds.

Despite sanctions, Grinex continued to operate, providing Russia with financial sovereignty and a way to bypass international banking restrictions, largely through a Russian ruble-backed stablecoin named A7A5.

The exchange claims the attack’s nature and digital footprint indicate a threat actor associated with “foreign intelligence agencies” possessing “unprecedented resources and technology.”

“According to preliminary data, the attack was coordinated to directly harm Russia’s financial sovereignty,” Grinex stated.

Blockchain analysis firm Elliptic reports the theft occurred on Wednesday, with funds sent to TRON and Ethereum addresses and converted via the SunSwap decentralized trading protocol.

TRM Labs identified 70 attacker addresses and discovered a second hack at TokenSpot, another Kyrgyzstan-based exchange with ties to Grinex.

TRM Labs links TokenSpot to Houthi-linked laundering operations and Russian strategic goals, though no party has provided specific evidence pointing to a particular perpetrator.

Related Articles

Back to top button