Sanctioned Russia-linked crypto exchange Grinex halts operations after $13-15M hack

Exchange blames 'hostile states' and Western intelligence services; Elliptic links it to banned Garantex

Share

Briefing

Grinex, a Kyrgyzstan-based cryptocurrency exchange sanctioned by the US, UK and EU, has suspended trading after a hack that the exchange itself estimates at between $13 million and $15 million. Grinex publicly attributed the attack to foreign special services and hostile states. Blockchain analytics firm Elliptic has previously identified Grinex as the primary destination for liquidity and users migrating from Garantex, the Russian exchange that was sanctioned and shuttered for sanctions evasion and laundering funds for Russia-linked hackers.

Grinex suspends trading after multi-million dollar hack

Grinex, a Kyrgyzstan-based cryptocurrency exchange operating under US, UK and EU sanctions, has halted trading following a hack that the platform variously pegged at between $13 million and $15 million across public statements. The exchange attributed the attack to what it called "foreign special services" and "hostile states" — language its officials used to implicate Western intelligence agencies without providing technical evidence.

The exchange is the rebranded successor to Garantex, the Russia-linked platform that US authorities sanctioned and effectively dismantled for facilitating sanctions evasion and laundering proceeds for Russia-linked hacking groups. According to Elliptic, liquidity and users from Garantex flowed into Grinex in the period following Garantex's closure, making Grinex the functional continuation of that network.

US authorities have separately accused Grinex of assisting Russia and other entities in circumventing international sanctions. The platform's sanctioned status means that any counterparties transacting with it — including users seeking to recover funds — face potential exposure under US, UK and EU sanctions regimes.

The suspension leaves an unresolved question over user funds at a platform that operated outside mainstream compliance frameworks by design. Given the discrepancy in the hack figures cited across the exchange's own communications, the precise scale of losses remains unconfirmed.

Why it matters

→Grinex's operational suspension leaves user funds in limbo at a sanctioned platform with no legitimate recovery path. Any attempt by users to retrieve funds requires transacting with a sanctioned entity, creating direct OFAC, FCDO, and EU sanctions exposure for counterparties including any exchange that receives inbound flows from Grinex wallets. Compliance desks at Coinbase, Kraken, and other regulated venues will need to screen and potentially block wallet addresses linked to the platform.
→The Garantex-to-Grinex rebranding pattern, now terminated by a hack rather than law enforcement, validates the Western sanctions enforcement model of attacking infrastructure rather than individuals. However, the $13-15M discrepancy in the platform's own loss figures suggests either an ongoing attack, internal fund movement being mischaracterized, or deliberate obfuscation to complicate asset tracing by Elliptic and Chainalysis. The ambiguity gives blockchain forensics firms a concrete commercial case to present to regulators seeking to trace residual Garantex-era fund flows.

Connected Events

Regulation · 5 days ago

UK FCA launches perimeter consultation as October 2027 crypto regime takes shape

The UK FCA's forthcoming crypto regime explicitly covers trading platforms and AML perimeter enforcement. Grinex operating as a rebranded sanctions-evading exchange until a hack forced its closure is precisely the scenario regulators cite when arguing for hard authorisation requirements. This episode strengthens the FCA's hand in the June 3 consultation, particularly on whether offshore platforms serving UK users require pre-authorisation rather than a transition grace period.

Crypto · 6 days ago

eToro acquires self-custody wallet startup Zengo for $70 million

Drift Protocol's $280M exploit and Grinex's $13-15M hack represent two large custodial loss events within weeks. Taken together, they reinforce the commercial thesis behind eToro's $70M acquisition of self-custody wallet Zengo: custodial and exchange-held funds remain structurally vulnerable, and retail demand for non-custodial solutions is being driven by repeated loss events rather than ideological preference.

Sanctioned Russia-linked crypto exchange Grinex halts operations after $13-15M hack

Grinex suspends trading after multi-million dollar hack

Why it matters

Connected Events

UK FCA launches perimeter consultation as October 2027 crypto regime takes shape

eToro acquires self-custody wallet startup Zengo for $70 million

Further reading

Related Stories

Bank of Korea governor backs CBDC and deposit tokens, silent on stablecoins

Arbitrum freezes $71M in ETH linked to Kelp DAO exploit

Zanzibar police question Asymmetric founder McCann over fiancée's death