TLDR
- Grinex said hackers stole more than 1 billion rubles, or about $13 million, from user accounts.
- The sanctioned exchange suspended operations and sent breach data to law enforcement.
- Grinex blamed “foreign intelligence services,” but Reuters said it could not verify that claim.
- U.S. officials said Grinex helped users move funds through the ruble-backed A7A5 stablecoin.
- TRM Labs identified Grinex as a likely successor to Garantex after the 2025 shutdown.
Grinex, a sanctioned crypto exchange linked to Russia, halted operations after a large hack drained user funds. The platform said thieves stole more than 1 billion rubles, or about $13 million. It also claimed the attack may involve “foreign intelligence services,” though Reuters said it could not verify that claim.
Hack forces an immediate shutdown
Grinex announced the breach on Thursday through its Telegram channel. It said the attack forced an immediate shutdown of services. The exchange said it sent collected data to law enforcement.
Grinex said “digital footprints” showed an “unprecedented level” of resources. It said such tools are usually linked to state-backed actors. However, it offered no public technical proof.
Russia-linked Grinex crypto exchange suspends operations after cyber attack | Reuters https://t.co/4HpPyrIvzW
— Andro (@AndroOxinu) April 17, 2026
The exchange said the attack aimed to hurt Russia’s financial sovereignty. It called the breach a new stage of cyber theft against Russian users. Authorities opened a criminal investigation, according to the exchange.
Sanctions had already tightened pressure
Grinex is based in Kyrgyzstan, but Western governments link it to Russia. The United States, Britain, and the European Union sanctioned it last year. Those measures targeted its role in sanctions evasion.
U.S. officials said Grinex helped users move funds through A7A5. A7A5 is a ruble-backed stablecoin tied to cross-border transfers. Western authorities said such tools can bypass financial controls.
Grinex said wallet monitoring and blocked transactions had challenged the exchange since launch. It added that transfers beyond the CIS faced limits. As a result, the platform described the hack as part of broader pressure.
Garantex links keep Grinex in focus
Grinex drew attention after the March 2025 shutdown of Garantex. Garantex had been accused of handling sanctions evasion and ransomware funds. International authorities froze about $26 million during that action.
TRM Labs later said Grinex appeared to be a likely successor. It cited user migration, similar design, and links in Telegram communities. It also pointed to activity involving the A7A5 stablecoin.
Reuters said Russia built crypto channels after its removal from SWIFT. Those channels supported trade as sanctions tightened after the war in Ukraine. Now, the Grinex halt disrupts one of those routes.
Kelvin Munene
Kelvin Munene is a crypto and finance journalist with over 5 years of experience in market analysis and expert commentary. He holds a Bachelor’s degree in Journalism and Actuarial Science from Mount Kenya University and is known for meticulous research in cryptocurrency, blockchain, and financial markets. His work has been featured in top publications including Coingape, Cryptobasic, MetaNews, Coinedition, and Analytics Insight. Kelvin specializes in uncovering emerging crypto trends and delivering data-driven analyses to help readers make informed decisions. Outside of work, he enjoys chess, traveling, and exploring new adventures.
