U sers who held cryptocurrency on Grinex lost $13 million in a large-scale cyberattack that forced the platform to shut down. The stolen funds, equivalent to 1 billion Russian rubles, were taken from user wallets, and the exchange has publicly disclosed the addresses affected. Grinex claims the attack was so sophisticated that it points to the involvement of hostile state actors, suggesting the breach may be part of an effort to destabilize Russia’s financial system.
Related Brief 10h ago
cybersecurity A billion-ruble hack of Grinex reveals the fragility of Russian sanctions evasion conduits
User accounts at Grinex, a sanctioned Russia-linked crypto exchange, lost more than one billion rubles ($13.7 million) in a large-scale cyberattack. The exchange has suspended its services. Grinex claims the attack was organized to inflict direct damage on Russia's financial system and was linked to foreign intelligence agencies with capabilities limited to state-backed entities. The exchange continues to face sanctions, targeted wallet monitoring, and blocked transactions limiting crypto transfers beyond the CIS. TRM Labs identified Grinex as a likely successor to Garantex, an exchange that processed $96 billion in transactions from 2019 through March 2025. To preserve liquidity and bypass enforcement actions, Garantex transferred assets into A7A5, a ruble-linked stablecoin. International law enforcement shut down Garantex in March 2025.
The platform, which is under U.S. sanctions for allegedly enabling sanctions evasion, operates a ruble-pegged stablecoin called A7A5. The token is backed by deposits at Promsvyazbank, a Russian lender also under international sanctions. Grinex has been linked to Garantex, a previously sanctioned crypto exchange accused of facilitating illicit financial activity. The U.S. imposed sanctions on Grinex in August 2025 for its role in enabling transactions that bypass restrictions on Russia.
Related Brief 16h ago
cybersecurity Grinex Hack Erases $13.7 Million in Ruble-Backed Assets
Users of the Grinex cryptocurrency exchange are locked out of their accounts and funds. All trading, deposits, and withdrawals have been suspended indefinitely. The suspension follows a cyberattack that drained more than 1 billion Russian rubles, approximately $13.7 million, from 54 wallet addresses. Blockchain analytics firms Elliptic and TRM Labs tracked approximately $15 million in USDT leaving Grinex-linked accounts. To prevent Tether from freezing the stolen stablecoins, the attackers routed funds through the Tron and Ethereum networks and converted the USDT into TRX and ETH. The stolen assets were consolidated into a single wallet holding 45.9 million TRX, valued at approximately $15 million. Grinex, a Kyrgyzstan-registered exchange tied to Russia's domestic crypto-ruble ecosystem, attributed the breach to "foreign special services" and "foreign intelligence agencies." The platform is the successor to Garantex, a Moscow-based exchange sanctioned by the U.S. Treasury in 2022 for processing over $150 million in ransomware payments. After Garantex ceased operations in March 2025, liquidity and users migrated to Grinex, which other sources describe as a primary hub for the ruble-backed stablecoin A7A5, which Elliptic estimates has processed more than $100 billion in transactions. Two wallets linked to TokenSpot, another Kyrgyzstan-based exchange, transferred roughly $5,000 to the same consolidation address used in the Grinex heist.
The shutdown and theft represent a direct financial loss for users who held assets on the platform, and the complexity of the attack raises concerns about the vulnerability of sanctioned financial systems to state-level cyber operations.
Related Brief 1h ago
crypto security Crypto Exchanges Face New Risk: AI Model That Can Chain Zero-Day Exploits
Security experts warn that a new artificial intelligence model developed by Anthropic could significantly raise the risk of cyberattacks on cryptocurrency exchanges. The AI, called Mythos, is capable of autonomously detecting and chaining together zero-day software vulnerabilities — a capability that has raised alarms in the security community. In one test, the model reportedly identified a decades-old bug in OpenBSD and used it to bypass browser lockouts, a task that typically requires elite security teams. Anthropic launched the model as part of its 'Claude Mythos Preview,' but developers have since described it as 'too dangerous' for public release. In 2025 alone, $3.4 billion in crypto assets were stolen through exploits, and high-profile hacks at exchanges like Bybit and Drift Protocol have underscored the fragility of platform security. Despite these concerns, Coinbase and Binance are exploring the use of Mythos for defensive purposes, with Coinbase’s chief security officer acknowledging that the model will accelerate both digital threats and digital defense. Centralized exchanges, which process billions in user funds and store vast amounts of personal data, are now considered prime targets for AI-powered attacks.
The Ledger Morning The essential intelligence to start your trading day. Delivered 6:00 AM EST.
Join 50,000+ professionals who start their day with The Digital Ledger.
