Grinex, a crypto exchange with ties to Russia, has been forced to halt its operations following a cyber attack that drained user accounts of more than 1 billion rubles, approximately $13 million. In a statement made on Thursday via its Telegram channel, the exchange claimed that the hack may have involved the sophisticated resources of 5foreign intelligence services.6 However, this assertion has not been independently verified.
The breach has resulted in an immediate shutdown of Grinex6s services, with the exchange indicating that it has forwarded the relevant breach data to law enforcement. In its announcement, Grinex emphasized that the tools employed in the cyber theft suggested a level of coordination typically observed with state-sponsored actors. Nonetheless, the company has yet to provide public technical evidence to support this claim.
The exchange characterized the hack as an attempt to undermine Russia’s financial sovereignty, likening the incident to a new phase of cyber theft against its users. Following the announcement, a criminal investigation has reportedly been launched.
Grinex operates from Kyrgyzstan but has been linked to the Russian government, drawing the scrutiny of Western authorities. In the past year, Grinex has been sanctioned by the United States, the United Kingdom, and the European Union due to its involvement in sanctions evasion efforts.
U.S. officials have stated that Grinex facilitated user transactions through the A7A5 stablecoin, which is backed by the Russian ruble. This stablecoin serves as a means for cross-border transfers, allowing users to navigate around tightening financial controls imposed by Western nations. The exchange has faced challenges since its inception due to wallet monitoring and blocked transactions, particularly for transfers beyond the Commonwealth of Independent States (CIS). Grinex views the recent hack as a reflection of the broader pressures confronting its operations.
Since the March 2025 shutdown of Garantex, which had been accused of facilitating sanctions evasion and the consolidation of ransomware funds, Grinex has attracted considerable attention. International authorities froze around $26 million connected to that exchange’s activities. Following Garantex’s closure, TRM Labs pointed to Grinex as a likely successor, citing similarities in design, user migration patterns, and active discussions among Telegram communities regarding the A7A5 stablecoin.
As Russia has fortified its cryptocurrency channels in response to its exclusion from the SWIFT banking system, these platforms have become vital for maintaining trade amid escalating sanctions stemming from the Ukraine conflict. The suspension of Grinex now disrupts one of these essential routes for Russian users, signaling a troubling development in the landscape of digital finance.
