A US-sanctioned cryptocurrency exchange based in Kyrgyzstan has announced it is halting all operations after suffering a $15 million hack, which it attributes to Western intelligence agencies. The attack targeted Russian users and was aimed at undermining Russia's financial sovereignty, according to the exchange.
Grinex, registered in Kyrgyzstan and under US sanctions, said the theft involved nearly 70 drained addresses—about 16 more than initially reported. Blockchain research firm TRM confirmed the breach, valuing stolen assets at $15 million. Neither TRM nor fellow analyst Elliptic have explained how the hackers bypassed security.
Background
Grinex has faced near-constant cyberattacks since its founding 16 months ago, the company stated. The latest incident, it claims, was carried out by hackers with resources and technology only available to structures from 'unfriendly states.'
The exchange has been controversial due to its sanctions designation and its focus on serving Russian clients. This attack marks one of the largest heists attributed to state-sponsored actors in the crypto space this year.
What This Means
Experts say the incident highlights the growing sophistication of state-backed cyberattacks targeting cryptocurrency platforms, especially those under sanctions. 'The coordination and resources required suggest a highly capable threat actor, likely with government backing,' said a cybersecurity analyst at TRM, speaking on condition of anonymity.
For Grinex users, the shutdown means frozen funds and uncertainty. For the broader crypto industry, it underscores the risks of operating in geopolitically charged environments. The attack also raises questions about how exchanges can protect themselves when targeted by nation-state adversaries.
Grinex has not provided a timeline for returning customer assets. In its statement, the company said it is cooperating with law enforcement but did not specify which agencies.
The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,' Grinex said in a press release. 'According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia's financial sovereignty.'
Neither the US Treasury nor Russian authorities have commented on the allegations. Elliptic declined to provide additional details, citing ongoing investigations.