Related Articles
On Thursday, Grinex — a sanctioned crypto exchange with Russia’linked Crypto Exchange — said it had been targeted in dozens of cyberattacks that resulteted in over one billion rubles (about $13) stolen. From user accounts, 7 million) of s are from users. The company said the incident may have been linked to foreign intelligence agencies.
The exchange, a source of the statement said in an official statement that technical evidence suggests “an unusually high level of sophistication” means access to capabilities are generally limited only to state-backed entities. early assessments indicate the attack was organised to inflict direct damage on Russia’s financial system,.
Grinex has been facing ongoing challenges since its inception, including sanctions, targeted wallet monitoring and blocked transactions designed to limit crypto transfers beyond the CIS, according to the exchange.
The breach is described as a new phase of destabilization involving coordinated cyber theft targeting Russian users.
Therefore, Grinex has halted its services and provided all the data that was collected to police. A criminal investigation is now underway and relevant authorities have been alerted to the incident.
The Garantex backstory
In order to know what the origin of Garantex is for a person, it should be first considered in understanding why Grinx matters at all. During its six-year run, that exchange, approved by OFAC in April 2022, became one of the most active conduits to Russian sanctions defence and ransomware laundering.
As a result of its disruption by international police in March 2025, Garantex processed $96 billion transactions from 2019 through the interception of . When authorities closed it down, they froze $26 million in assets — a rounding error relative to the volume that had already flowed through.
Investigators from TRM Labs said investigators on the new exchange, Grinex, had been identified as a likely successor after international law enforcement took over Garantex.
Analysis by TRM Labs, based on the study of Garantex, shows that “Gerrex was heavily involved in sanctions evasion and illegal finance” processing massive transaction volumes even though OFAC restrictions were limited. After it closed, its assets were being transferred to A7A5 (an underlying ruble-linked stablecoin) which may have been designed to maintain liquidity and bypass enforcement actions across the Ethereum and TRON networks before closing.
After that, Grinex was promoted by communities affiliated with Garantex and had strong operational ties (including interface design patterns as well as user migration patterns).
Thanks for reading Sanctioned Russia-linked Grinex halts operations after large-scale crypto hack
