The sanctioned crypto-ruble exchange Grinex has suspended all operations following a high-level cyberattack that resulted in the theft of over $13.74 million worth of tether stablecoins.
Key Takeaways:
- Grinex halts operations after a state-level hack drains over 1 billion rubles in USDT from user wallets.
- The 2025 takeover of Garantex solidified Grinex as a primary target for ongoing U.S. sanctions.
- Law enforcement is reviewing logs from 54 wallets as Grinex seeks to recover 13.74 million USDT in stolen TRX.
Allegations of State-Sponsored Interference
Grinex, a crypto-ruble exchange serving Russian businesses and individual investors, has suspended operations after a sophisticated cyberattack. The breach resulted in the theft of digital assets valued at approximately $13.74 million (more than 1 billion rubles) in the stablecoin USDT.
The exchange, which remains under U.S. sanctions, claims the “unprecedented” hack suggests the involvement of foreign intelligence agencies from “hostile states.”
According to preliminary forensic data provided by the exchange, the attackers’ digital footprint indicates a level of coordination typically reserved for state-level actors. A spokesperson for the exchange said the attack was a deliberate attempt to destabilize the domestic financial sector and harm Russia’s financial sovereignty.
“From the very beginning, the exchange’s infrastructure has been subject to attacks,” the spokesperson said. “The exchange was placed on sanctions lists, crypto wallets were targeted, and transactions were blocked. Today, attempts to destabilize the domestic financial sector have reached a new level — the direct theft of assets.”
Grinex remains a target of U.S. and international sanctions intended to isolate the exchange from the global financial system. The company gained prominence in 2025 after absorbing the client base and infrastructure of Garantex, another exchange shuttered by Western regulatory pressure.
According to Grinex, it was involved in the recovery and return of 2.5 billion rubles worth of digital assets previously frozen by Tether, the issuer of the USDT stablecoin. The exchange said the stolen funds were drained from dozens of individual wallets, converted into the cryptocurrency TRX, and consolidated into a single destination address.
The exchange has filed a formal criminal complaint and handed over technical logs and digital evidence to law enforcement. There is no projected date for the resumption of services or a formal plan for user reimbursement. While the exchange remains offline, it maintains that these “hostile actions” are part of a broader geopolitical effort to restrict digital asset transfers within the Commonwealth of Independent States.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Trump First Explicitly Said “Regime Change” for Iran: The White House Officially Forwarded Three Signals
Trump first directly mentioned Iran’s “regime change” in a public statement, and explicitly said that the U.S. side would not be influenced by Israel. He used Venezuela as an analogy, implying that the U.S. may adopt a long-term pressure strategy against Iran. This will change the negotiation framework and increase the risk of oil-price and market volatility. Taiwan investors need to pay attention to the oil price trend, the reaction at the Fed hearing, and the agenda of the U.S.-China summit.
ChainNewsAbmedia3h ago
Russian Crypto Exchange Grinex Halts Operations After $13M Hack, Threatening Sanctions Evasion Network
Russian cryptocurrency exchange Grinex ceased operations after a cyberattack caused losses over $13 million. The shutdown impacts Russian businesses' ability to convert rubles internationally and challenges the country's shadow finance system.
GateNews4h ago
Iran Has Not Yet Decided Whether to Attend Second Round of U.S. Talks, Citing Deep Mistrust
An Iranian official indicated that Iran has not decided on participating in the second round of U.S.-Iran talks due to mistrust stemming from U.S. actions and statements, exacerbated by a recent U.S. attack on an Iranian vessel.
GateNews7h ago
EU Council President Costa: Reopening Strait of Hormuz Unconditionally is Top Priority
European Council President António Costa discussed the EU's dedication to Middle East peace with King Abdullah II of Jordan, highlighting collaboration with regional partners and the reopening of the Strait of Hormuz as a priority, while monitoring Lebanon, Gaza, and the West Bank.
GateNews7h ago
U.S. Launches Tariff Refund Program; Over 56,000 Enterprises Register
The U.S. government initiated a tariff refund program effective April 20, impacting over 53 million import declarations. This marks a significant policy shift, allowing importers to reclaim previously collected taxes, with over 56,000 businesses participating.
GateNews7h ago
Kelp DAO Hack Attributed to Lazarus Group; eth.limo Domain Hijacked via Social Engineering
LayerZero reported that the Kelp DAO exploit, attributed to North Korea's Lazarus Group, led to a loss of $292 million in rsETH tokens due to vulnerabilities in its decentralized verifier network. Additionally, eth.limo faced a domain hijacking from a social engineering attack, but DNSSEC mitigated severe damage.
GateNews8h ago
