US-Sanctioned Crypto Exchange Grinex Ceases Operations After $15M Hack Blamed on 'Unfriendly States'

Breaking: Grinex Halts Operations After Massive Heist

A Kyrgyzstan-based cryptocurrency exchange under U.S. sanctions has abruptly shut down after losing up to $15 million in a cyberattack, blaming the heist on hackers linked to "western special services." Grinex, registered in Kyrgyzstan but serving Russian users, announced it is suspending all operations immediately following the theft.

Blockchain security firm TRM confirmed the attack and tracked the stolen assets to roughly 70 drained wallet addresses, valuing the total losses at $15 million—nearly $2 million more than Grinex initially reported. The exchange itself cited a $13 million loss.

Neither TRM nor fellow research firm Elliptic has explained how the attackers bypassed Grinex's defenses. The exchange said it has endured near-constant hacking attempts since its founding 16 months ago, but the latest wave specifically targeted its Russian customer base.

Official Statement Points to State-Sponsored Attack

In a statement, Grinex described the assault as an "unprecedented" use of resources available only to "unfriendly states." "The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states," the exchange said. "According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia's financial sovereignty."

The accusation aligns with broader concerns in Moscow about Western efforts to undermine Russia's growing crypto economy, especially after the U.S. and its allies imposed sweeping financial sanctions over the Ukraine conflict.

Background: A Sanctioned Exchange Under Siege

Founded in mid-2022, Grinex quickly became a conduit for Russian individuals and entities seeking to move money outside the traditional, SWIFT-dependent banking system. The U.S. Treasury placed Grinex on its sanctions list in late 2022, accusing it of facilitating illicit finance on behalf of Russian oligarchs and state-owned enterprises.

Despite the sanctions, Grinex continued to operate, marketing itself as a way to bypass Western financial restrictions. According to TRM's analysis, the exchange processed over $800 million in transactions during its 16-month lifespan, with a significant portion linked to Russian addresses.

The heist, which TRM says is the largest known attack on a sanctioned exchange, has exposed the vulnerabilities of regulatory-avoidant platforms. "This incident shows that even when exchanges try to hide from Western oversight, they remain targets of sophisticated cyberattacks," said Michael Bennett, a former FBI cybersecurity analyst now with a private intelligence firm.

What This Means: A Blow to Russia's Crypto Ambitions

The shutdown of Grinex removes a key payment rail for Russian businesses and individuals trying to dodge sanctions. It also raises questions about the security of the roughly 20 other crypto exchanges still serving Russian clients from jurisdictions like Kyrgyzstan, Kazakhstan, and the United Arab Emirates.

Russian officials have long argued that stable, accessible cryptocurrency platforms are essential for the country's financial sovereignty. The Grinex heist may undermine that narrative, showing that even sanctioned exchanges cannot protect their users from state-backed thieves—whether Western or Russian.

Meanwhile, law enforcement agencies in the U.S., EU, and UK are likely to scrutinize the stolen funds' movement. "We are already tracking the wallets associated with this heist," said a spokesperson for Europol's Cybercrime Centre. "These assets will be very difficult to cash out without triggering alerts."

For the broader crypto industry, the Grinex incident serves as a warning: sanctions compliance and robust cybersecurity are not optional. Exchanges that ignore one risk being wiped out by the other—or, as Grinex claims, by a coordinated attack designed to disrupt the financial sovereignty of a nation.

Update: Grinex has not disclosed whether any user funds will be returned. Its website now displays only a shutdown notice, with no further details on recovery efforts.

This is a developing story. Check back for updates.