Grinex Exchange Faces $14M Hack, Trading Suspended

Key Takeaways:

• Grinex, a Kyrgyzstan-registered crypto exchange linked to Russia, lost $13.7 million in an advanced cyberattack.
• US authorities suspect Grinex of facilitating sanctions evasion and laundering activities for Russian hackers.
• The hack involved draining funds from 54 addresses, raising security concerns over sophisticated state-supported cyber intrusions.
• Blockchain analytics reveal potential connections between Grinex and another Kyrgyzstan-based exchange, TokenSpot.
• Analysis suggests hackers smartly converted $15 million worth of USDT to evade asset freezing.

WEEX Crypto News, 2026-04-17 07:11:24

Grinex Halts Trading Post-Hack

The cryptocurrency world was jolted when Grinex, an exchange with ties to Russia, announced the suspension of its trading operations after a staggering $13.7 million hack. This incident represents a major breach within the crypto industry, given that Grinex has been under suspicion for aiding in sanctions evasion alongside conducting laundering for Russia-linked hacker networks. The origins of the attack hint at highly resource-equipped entities, potentially backed by adversarial nations.

Grinex has now provided law enforcement with all relevant details, and a criminal complaint has been filed at the exchange’s infrastructure location. Seen as a successor to the besieged Garantex platform, both exchanges have been under the spotlight for similar illicit activities. The founder of Elliptic, Tom Robinson, implicated Grinex as a paramount platform for trading the ruble-tied stablecoin A7A5, spotlighting its role in circumventing sanctions.

Possible Linkage to TokenSpot

Investigations imply Grinex might not stand as the sole victim. TRM Labs, a respected blockchain intelligence firm, suggests two wallets from TokenSpot, another Kyrgyzstan-based entity, transferred $5,000 to the address utilized by Grinex’s hacker. TokenSpot’s operational hiccup was noted on April 15, with a subsequent service restoration announcement the next day. Additionally, TRM Labs flagged 16 extra addresses connected to the breach, which collectively hold 45.9 million TRX, translating to nearly $15 million.

Detailing the Sophisticated USDT Theft

Not only was the hack bold in its execution, but it also showcased cunning with regards to fund management. Elliptic’s analysis pinpointed the movement of $15 million in USDT away from Grinex. These funds, redirected to Tron or Ethereum accounts, presented a challenge in potentially freezing the assets, hence illustrating a savvy understanding of the blockchain’s vulnerabilities. By transacting this USDT for TRX or ETH, the cybercriminals effectively circumvented the risk of asset freezing by Tether.

Recurring Threats in Sanctions-Evasion Platforms

This breach is not entirely isolated in the crypto landscape. Recalling previous instances, the Iranian exchange, Nobitex, experienced a crippling hack in June 2025, with $81 million depleted by actors claiming a stance pro-Israel. Notably, Grinex’s event underscores a persistent threat in exchanges that have affiliations with nations sidestepping US sanctions.

Grinex had voiced opposition to illegal practices like sanctions evasion or money laundering. However, the recent attack highlights the pervasive security vulnerabilities and geopolitical entanglements that exchanges face when accusations of sanctions-busting arise.

FAQ Section

What is the magnitude of loss in the Grinex hack?

Grinex experienced a loss totaling 1 billion Russian rubles, equivalent to $13.7 million, revealing a critical security lapse and raising stakes about the involvement of hostile state-backed entities.

How does the Grinex incident relate to TokenSpot?

Blockchain intelligence has identified potential on-chain links between Grinex and the Kyrgyzstan-based TokenSpot, suggesting shared vectors for similar security breaches.

Why is the conversion of USDT significant in this hack?

The hackers’ decision to convert USDT to other cryptocurrencies like TRX or ETH displays calculated evasion techniques, thwarting potential asset freezes by companies like Tether.

Has Grinex been implicated in prior illegal activities?

Yes, US authorities have long suspected Grinex of aiding in sanctions evasion and laundering for Russian hacking entities, marking it similar to the former Garantex exchange.

Are similar breaches common in the crypto sector?

Unfortunately, yes. Exchanges with links to nations under US sanctions often face such breaches, as evidenced by the Nobitex hack in 2025, emphasizing ongoing geopolitical and cyber vulnerabilities in cryptocurrency platforms.