The cryptocurrency exchange Grinex, favored by Russians seeking to bypass sanctions, has halted operations following a cyber attack that siphoned roughly 1 billion rubles ($13 million) from its systems. Based in Kyrgyzstan, the platform announced the breach via its Telegram channel and website, indicating the sophistication of the attack as characteristic of state-backed actors from ‘unfriendly states.’
According to Grinex’s statement, the digital evidence suggests that the attackers had access to significant resources typically reserved for these hostile entities. Preliminary findings suggest the cyber assault aimed to undermine Russia’s financial independence.
Grinex was previously sanctioned by the U.S., U.K., and European Union for allegedly assisting users in circumventing restrictions through a ruble-backed stablecoin named A7A5. This token facilitated cross-border transactions when Russian access to the SWIFT messaging system was restricted due to the conflict in Ukraine. The platform re-emerged as Grinex after being taken down.
Currently, trading has ceased, leaving users unable to withdraw their funds while an investigation is underway. Additionally, access to its Moscow office has been blocked. Grinex has disclosed a list of 54 affected wallet addresses and the corresponding amounts withdrawn, primarily in USDT on the TRON blockchain.