GRINEX , a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, says it is halting operations after a $13 million heist carried out by “western special services” hackers, with researchers from TRM later confirming the theft and raising the value to $15 million after about 70 drained addresses were identified. Grinex has said the attack came despite what it described as almost constant targeting since the exchange began operating 16 months ago, with the latest attempts aimed at Russian users.
The US Treasury Department sanctioned Grinex last year, describing it as a rebrand of Garantex, which had itself been sanctioned in 2022 for facilitating ransomware actors and other cybercriminals. TRM said it could not confirm that Western special services were behind the heist, and Elliptic noted that Grinex has strong ties to Russia and has handled significant volumes of Russian ruble exchanges.
The drained funds, totaling about $15 million in USDT, were moved through the TRON and Ethereum networks and then converted to other currencies to avoid freezing by Tether. According to preliminary data, the attack appears to be an external cyber operation rather than an exit scam, with Grinex remaining under investigation by law enforcement.