The US-sanctioned cryptocurrency exchange Grinex, based in Kyrgyzstan, has announced it is suspending operations following a major theft of approximately $13-15 million in digital assets. The company accuses hackers from "unfriendly states"—specifically Western special services—of orchestrating the attack. Below, we answer key questions about the incident, its impact, and the broader context.
Jump to: What happened? | How much was stolen? | Why blame Western services? | What do researchers say? | How long under attack? | Impact on Russia? | What's next for Grinex?
What happened to Grinex cryptocurrency exchange?
Grinex, a US-sanctioned crypto exchange registered in Kyrgyzstan, said it is halting all operations after suffering a devastating hack. The company claims the attack was carried out by hackers linked to "western special services" and targeted its Russian user base. In a statement, Grinex noted that the breach involved an "unprecedented level of resources and technology" available only to structures of unfriendly states. The exchange, which has only been operational for 16 months, said it has faced near-constant attack attempts since its inception. This latest incident forced it to stop operations entirely, as it could no longer guarantee the security of customer funds or its platform integrity.
How much was stolen and who confirmed the theft?
Grinex initially reported a loss of $13 million, but blockchain research firm TRM found evidence of approximately $15 million in stolen assets after identifying about 70 drained wallet addresses—16 more than the exchange had flagged. TRM and another well-known blockchain analytics company, Elliptic, have both verified the theft. Neither firm has publicly explained exactly how the attackers bypassed Grinex's security measures. The discrepancy in the reported amount suggests that Grinex may not have had full visibility into all compromised accounts. The use of multiple wallet addresses indicates a sophisticated, coordinated attack designed to avoid easy detection.
Why does Grinex blame "western special services"?
Grinex's official statement explicitly blames hack groups operating on behalf of "unfriendly states"—a term commonly used in Russian state media to refer to the United States, NATO countries, and their allies. The exchange claims the digital footprints and nature of the attack point to resources and technology exclusively available to Western intelligence agencies. It further alleges that the attack was coordinated to harm Russia's financial sovereignty, given that a significant portion of Grinex's users are Russian. While no concrete evidence has been publicly provided to back these claims, the exchange is positioning the heist as part of a broader hybrid conflict aimed at the Russian economy.
What do blockchain researchers say about the attack?
Blockchain intelligence firms TRM and Elliptic have confirmed the theft and traced the stolen funds to roughly 70 different wallet addresses. However, they have not disclosed the exact method used by the attackers to breach Grinex's security. This silence is typical when investigations are ongoing or when sensitive exploit details could put other exchanges at risk. The researchers have also not commented on Grinex's accusation of state involvement. Their focus remains on mapping the flow of stolen assets and identifying potential culprits. The lack of a public technical breakdown leaves many questions unanswered, though the scale and coordination of the attack suggest a highly skilled group.
How long has Grinex been under attack and what was the target?
Grinex reported that it has been under near-constant attack attempts since its launch just 16 months ago. The latest assault, however, was notably more severe and appears to have specifically targeted the exchange's Russian users. The company indicated that the hackers aimed to compromise accounts belonging to customers in Russia, possibly to disrupt their financial activities or to send a political message. This focus on Russian clients aligns with Grinex's broader accusation that the attack was meant to undermine Russia's financial sovereignty. The constant siege suggests that Grinex was viewed as a high-value target from the start, likely due to its sanctioned status and ties to the Russian cryptocurrency ecosystem.
What is the significance of the attack for Russia's financial sovereignty?
Grinex claims the heist was specifically designed to damage Russia's financial sovereignty. As a US-sanctioned exchange serving Russian users, Grinex was part of an alternative financial infrastructure outside the Western-controlled system. A successful breach not only steals funds but also erodes trust in Russian-linked crypto platforms. If users fear that their assets are vulnerable to Western-sponsored hacking, they may be less willing to use such platforms, thereby weakening one of the avenues Russia has used to bypass sanctions. This incident could therefore have psychological and economic ripple effects, reinforcing the narrative that Western powers are actively attacking Russian financial channels.
What is Grinex's response to the incident?
In response to the hack, Grinex has decided to halt all operations indefinitely. The exchange stated that it can no longer provide a secure environment for its users given the scale and sophistication of the attack. It has not indicated whether it will attempt to refund affected customers or if it plans to cooperate with law enforcement. The statement also did not offer a timeline for a possible restart. By shutting down, Grinex aims to prevent further losses but leaves its users—especially those in Russia—in a precarious position. The company's reaction underscores the serious impact of the breach and the difficulty of operating a sanctioned exchange under constant threat.