Sanctioned cryptocurrency exchange Grinex has suspended all trading following an alleged security breach resulting in losses exceeding $13.7 million. The Kyrgyzstan-based platform, linked to Russia’s crypto ecosystem, stated the attack’s sophistication suggests involvement by foreign intelligence agencies. Blockchain analytics firms TRM Labs and Elliptic report a second exchange may have been targeted and that the total stolen funds, converted from USDT, could be worth nearly $15 million.
Sanctioned crypto exchange Grinex suspended trading after losing over $13.7 million in an attack. “The digital footprint and nature of the attack indicate an ‘unprecedented level of resources and technology available only to entities of hostile states,’” the exchange stated.
The exchange has transferred all available information to law enforcement and filed a criminal complaint. Grinex is widely seen as the successor to the similarly sanctioned Garantex exchange.
US authorities have accused both platforms of assisting Russia in evading sanctions and laundering funds. Elliptic founder Tom Robinson previously accused Grinex of being the primary platform for trading a ruble-backed stablecoin linked to sanctions evasion.
Blockchain intelligence firm TRM Labs said a second Kyrgyzstan-based exchange, TokenSpot, may have been targeted by the same attacker. TRM identified 16 additional addresses linked to the incident, with a consolidation address holding nearly $15 million.
Blockchain analytics firm Elliptic said it tracked about $15 million in USDT leaving Grinex accounts. The funds were converted to TRX or ETH to avoid the risk of the stolen USDT being frozen by Tether.
This incident follows a similar attack on Iran-based exchange Nobitex in June 2025, where $81 million was drained. A pro-Israel hacker group claimed responsibility for that breach.
