Grinex, a cryptocurrency exchange popular with sanctions-avoiding Russians, suspended operations after saying a cyberattack drained about 1 billion rubles ($13 million) from its systems.
The platform, based in Kyrgyzstan, revealed the breach on its Telegram channel and in a statement on its website. He said the attack showed a level of coordination and technical skill that indicates state-backed actors are coming from “hostile states.”
“The digital footprints and nature of the attack indicate an unprecedented level of resources and technologies available exclusively to hostile state structures,” reads the Grinex press release. “According to preliminary data, the attack was coordinated with the aim of directly undermining Russia’s financial sovereignty.”
Grinex itself was subject to sanctions by the United States, the United Kingdom and the European Union last year. Officials in Washington DC said the exchange, initially known as Garantex, was helping users move funds despite restrictions through a ruble-backed stablecoin known as A7A5.
The token enabled cross-border payments when Russia’s access to the Swift interbank messaging system was cut off following that country’s invasion of Ukraine. Shortly after being taken down, the rig resurfaced as Grinex.
The trading pause prevents users from accessing funds while the company investigates. Access to his office in Moscow was also restricted.
Grinex published a list of 54 affected wallet addresses and the amounts drained, most of which were in the form of USDT on the TRON blockchain.
