$13M Grinex Hack Triggers Shutdown of Sanctions-Linked Exchange

TLDR:

• Grinex halted operations after a cyberattack drained over $13M in user crypto wallets.
• Elliptic traced rapid USDT transfers across TRON and Ethereum networks post-breach activity.
• The exchange is linked to Garantex, previously sanctioned for illicit crypto transaction flows.
• On-chain data shows $15M in suspicious transfers executed shortly after the hack incident.

Grinex suspended operations after a large-scale cyberattack drained more than 1 billion rubles, or roughly $13.1 million, from user wallets. The exchange linked the incident to what it described as a coordinated intrusion targeting its infrastructure. 

Grinex also pointed to foreign intelligence services as the source of the attack. Data from Elliptic shows funds quickly moved across multiple blockchain networks after the breach.

Grinex Crypto Exchange Hack Triggers Sudden Shutdown and Fund Losses

Grinex halted all operations immediately after confirming the cyberattack and associated wallet drains. The exchange reported losses exceeding 1 billion rubles in user digital assets.

Although registered in Kyrgyzstan, Grinex maintained strong operational ties to Russia. It processed more than $6 billion in crypto transactions tied to ruble conversion flows.

Elliptic analysis indicated that compromised accounts executed outgoing USDT transfers worth approximately $15 million. These transactions occurred within hours of the initial breach.

On-chain movement shows attackers routed funds through TRON and Ethereum networks. The stolen USDT was converted into TRX or ETH to reduce freezing risk.

On-Chain Tracking of Grinex Crypto Exchange Hack Funds

Blockchain tracking from Elliptic shows rapid redistribution of stolen assets across multiple wallets. Analysts observed structured transfers designed to obscure origin points.

Grinex previously functioned as a successor to Garantex, a sanctioned exchange linked to illicit crypto flows. The platform also handled activity involving the A7A5 ruble-backed stablecoin.

Garantex had earlier faced sanctions from the U.S. Treasury’s OFAC office for alleged laundering tied to ransomware and darknet markets. Authorities previously froze tens of millions in stablecoins connected to its wallets.

The latest breach adds pressure on exchanges tied to sanctions-sensitive corridors, especially those relying on stablecoin liquidity for cross-border transfers.

The post $13M Grinex Hack Triggers Shutdown of Sanctions-Linked Exchange appeared first on Blockonomi.