Gate News message, April 17 — A Kyrgyzstan-based cryptocurrency exchange halted all trading activity after hackers stole more than $15 million USDT from its wallets. The exchange confirmed the attack publicly, and British blockchain analytics firm Elliptic tracked the stolen funds, identifying how attackers moved them across multiple addresses to evade detection.
According to Elliptic, the attackers rapidly transferred the stolen USDT across Tron and Ethereum blockchains, then converted the funds into TRX and ETH to avoid Tether’s ability to freeze USDT-linked addresses. The hackers ultimately consolidated approximately 45.9 million TRX (valued at roughly $15 million) into a single wallet. The exchange froze all platform activity, including withdrawals, preventing users from accessing their funds. The incident reflects broader vulnerabilities in centralized exchanges, particularly those operating in jurisdictions with limited regulatory oversight, where hot-wallet compromises and signing-flow weaknesses remain common attack vectors.
The exchange is viewed as a successor to a major CEX that shut down in 2025 following sanctions from the United States, European Union, and United Kingdom over money-laundering allegations. The migration of users and liquidity to this platform made it a key trading hub for ruble-to-crypto transactions and a center for stablecoin activity, including ruble-backed stablecoins. This concentration of activity and exposure to sanctioned jurisdictions has increased the platform’s risk profile, making it an attractive target for sophisticated attackers.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Tether Freezes 3.29M USDT in Rhea Finance Hacker Address
Tether CEO Paolo Ardoino announced the freezing of 3.29 million USDT connected to a hacker linked to Rhea Finance's $7.6 million theft due to a fake token contract attack.
GateNews25m ago
Circle Faces Class Action Lawsuit Over $230M Unblocked USDC in Drift Protocol Attack
Circle faces a class action lawsuit for failing to freeze $230 million in stolen USDC after the Drift Protocol attack. Plaintiffs argue that Circle's protocols allowed attackers to move and convert the stolen funds without intervention, raising concerns about the company's responsibilities in monitoring cross-chain transfers.
GateNews25m ago
$7.6 million stolen from Rhea Finance: DeFi fake token attack manipulates the oracle
A DeFi protocol, Rhea Finance, suffered a major security vulnerability on April 16, resulting in losses of approximately $7.6 million. The attacker manipulated the oracle by creating a fraudulent token contract, causing the protocol to incorrectly assess the value of assets. This loss represents about 6% of Rhea Finance’s total value locked, demonstrating the risk of oracle manipulation attacks in the DeFi space. Users should carefully evaluate the risk of their assets.
MarketWhisper29m ago
Grinex hacked: $15 million paused from trading, pointing to an “enemy state”
Grinex, a Kyrgyz crypto exchange, paused trading and withdrawals after a large-scale cyberattack and lost about $15 million in USDT. The stolen funds were quickly converted into TRX and ETH to reduce the risk of being frozen. Grinex is believed to be the successor to the sanctioned exchange Garantex, becoming a major trading platform for ruble-to-crypto transactions. In its attack statement, Grinex pointed the incident to an “enemy state,” but it lacked concrete evidence.
MarketWhisper56m ago
Zonda CEO Reveals 4,503 BTC Cold Wallet Inaccessible as Founder Remains Missing Since 2022
Zonda, a Polish cryptocurrency exchange, faces a crisis as its cold wallet containing 4,503 Bitcoin is inaccessible, prompting a surge in withdrawal requests. CEO Kral claims the private key was never transferred during the company's takeover, and authorities are investigating the situation amid bankruptcy fears.
GateNews5h ago
French Authorities Boost Security for Crypto Executives Amid Kidnapping Threats
French authorities are enhancing security for digital-asset executives and investors due to recent kidnappings. Following these threats, police escorted Paris Blockchain Week attendees, and protective measures for crypto holders are being developed.
GateNews9h ago
