Grinex Halts Trading and Withdrawals
On April 16, 2026, Grinex, a Kyrgyzstan-registered cryptocurrency exchange with strong ties to Russia’s crypto market, suspended all trading and withdrawals following a reported $15 million hack.
The exchange claimed the attack targeted its wallet infrastructure and described it as a coordinated effort by “hostile state” actors aimed at harming Russia’s financial sovereignty. Grinex initially reported losses of more than 1 billion rubles (approximately $13.1 million), but blockchain analytics firm Elliptic estimated the actual stolen amount at around $15 million in USDT.
Attack Details and Fund Flows
According to Elliptic, the attacker drained USDT from wallets linked to Grinex. The stolen funds were then routed through addresses on the Tron and Ethereum networks before being converted into TRX and ETH. This conversion was likely intended to reduce the risk of the funds being frozen by Tether, which can blacklist USDT associated with illicit activity.
Grinex’s own disclosure showed a remaining wallet balance of roughly 45.9 million TRX (worth over $15 million), indicating that most of the stolen assets were consolidated after the initial transfers.
Grinex as Successor to Sanctioned Garantex
Grinex has emerged as a key successor to the U.S.-sanctioned Garantex exchange, which was targeted last year for facilitating hundreds of millions of dollars in illicit flows tied to ransomware and darknet markets.
Following Garantex’s shutdown, liquidity and users quickly migrated to replacement platforms, with Grinex becoming a primary hub for ruble-to-crypto trading. It has also served as a major venue for the ruble-backed stablecoin A7A5, which Elliptic estimates has processed over $100 billion in transactions.
Market and Regulatory Context
The incident highlights ongoing risks in the Russian-linked crypto ecosystem, especially as platforms like Grinex fill the gap left by sanctioned entities. The quick conversion of stolen USDT into TRX and ETH underscores attackers’ awareness of Tether’s blacklisting capabilities.
Bitcoin (BTC) and Ethereum (ETH) prices showed limited immediate reaction, but the hack adds to broader concerns about security and compliance in less-regulated exchanges.
Investor Takeaway
Users of Grinex and similar platforms should exercise extreme caution. The rapid suspension of operations and the political framing of the attack suggest a complex situation that may involve both technical breaches and geopolitical tensions.
For those holding assets on any centralized exchange, especially those with ties to high-risk jurisdictions, it is advisable to move funds to self-custody or well-regulated platforms with strong security track records.
