Grinex, a Kyrgyzstan-registered cryptocurrency exchange under US sanctions, announced it is suspending operations after suffering a $13 million theft attributed to “western special services” hackers.
Researchers at TRM, which has validated the breach, estimated the stolen assets at $15 million after identifying roughly 70 emptied addresses — about 16 more than Grinex reported. Neither TRM nor fellow blockchain analytics firm Elliptic have explained how the attackers evaded Grinex’s security. Grinex said it has faced near-continuous attack attempts since its incorporation 16 months ago, and that the most recent incidents targeted Russian users of the platform.
Undermining “Russia’s financial sovereignty”
“The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” Grinex said. “According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia’s financial sovereignty.”
“Because of the attack, the Grinex exchange is compelled to suspend operations,” Grinex added. “All available information has been handed over to law enforcement agencies. An application has been filed at the infrastructure’s location to initiate a criminal case.”
TRM said that TokenSpot, another Kyrgyzstan-based exchange, was also compromised. Two of that exchange’s addresses sent funds to the same consolidation address used by the affected wallets linked to Grinex. Moreover, both exchanges went offline on Wednesday, suggesting they were targeted by the same attacker.
TRM said TokenSpot was a front for Grinex, which the US Treasury Department sanctioned last year. The department’s Office of Foreign Assets Control stated that Grinex was a rebrand of Garantex, an exchange it had sanctioned in 2022. At that time the department said Ganantex had “directly facilitated notorious ransomware actors and other cybercriminals by processing over $100 million in transactions linked to illicit activities since 2019.” Last year’s sanctions against Grinex came months after TRM said the exchange was likely a front for Ganantex.
