Grinex Cryptocurrency Exchange Suspends Operations After $13.74 Million Hack

Grinex, a cryptocurrency exchange based in Kyrgyzstan, has announced a temporary suspension of its operations following a cyber attack that resulted in the theft of $13.74 million. The exchange attributed the hack to what it believes to be the involvement of foreign intelligence agencies, pointing to a sophisticated and coordinated effort to undermine Russia’s financial sovereignty.

The company stated that the attack, which targeted user funds amounting to over 1 billion rubles, exhibited a level of technological sophistication typically associated with state-sponsored entities. This incident represents a significant escalation in the ongoing efforts to destabilize the Russian financial sector, according to a spokesperson for Grinex.

Previously known as Garantex, the exchange had faced sanctions from the U.S. Treasury Department for its involvement in money laundering activities linked to ransomware and darknet markets. In response to these sanctions, Garantex rebranded as Grinex and continued its operations by utilizing a ruble-backed stablecoin called A7A5.

Blockchain intelligence firms have identified connections between Grinex and other cryptocurrency exchanges, such as Rapira, which have facilitated transactions totaling millions of dollars. The recent theft of assets from Grinex, carried out through a complex series of transactions involving TRON and Ethereum blockchains, highlights the ongoing challenges of enforcing sanctions and combating illicit financial activities in the crypto space.

Several addresses linked to the theft have been identified by TRM Labs, with TokenSpot, a related exchange, also experiencing a breach. The swift conversion of stolen stablecoin funds into non-freezable tokens is a common tactic used by cybercriminals to evade detection and laundering their proceeds.

Analysts have raised concerns about the possibility of the incident being a false flag operation, given the exchange’s history of sanctions and the use of obfuscation techniques. Whether the hack was carried out by external actors or insiders with ties to Russia, the impact on Grinex’s operations has significant implications for efforts to prevent sanctions evasion.