Breaking: Grinex, a US-sanctioned cryptocurrency exchange based in Kyrgyzstan, has announced it is ceasing operations after losing $15 million in a hack it attributes to “unfriendly states.” The exchange blames Western special services for orchestrating the attack, which it says specifically targeted its Russian users.
Blockchain analytics firm TRM confirmed the theft, valuing the stolen assets at $15 million after identifying roughly 70 drained addresses—about 16 more than Grinex initially reported. Neither TRM nor fellow researcher Elliptic has explained how the attackers bypassed Grinex’s defenses.
Background
Grinex was registered in Kyrgyzstan just 16 months ago and has been under near-constant attack attempts since its inception, the exchange stated. It is currently on the US sanctions list, though the company did not provide details on why it was sanctioned.
“The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” Grinex said in a statement. “According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia’s financial sovereignty.”
What This Means
The incident highlights growing sophistication in state-linked cyberattacks targeting cryptocurrency platforms, particularly those serving Russian clients. It also raises questions about the security of sanctioned exchanges and the broader implications for Russia’s efforts to use crypto to bypass Western financial restrictions.
Experts say the scale and precision of the attack point to a well-resourced adversary, likely with government backing. “This is not your average hacker group,” said one security analyst who requested anonymity due to the sensitivity of the matter. “The level of coordination suggests a state actor.”
Grinex has not specified which “unfriendly states” it blames, but the reference to Western special services implies the United States or its allies. The exchange’s closure could disrupt crypto flows for Russian users, potentially pushing them toward other unregulated platforms.