As a consequence of a reported security breach valued at approximately $13.74 million, Grinex, a cryptocurrency exchange registered in Kyrgyzstan, has been suspended from operations as a consequence of sanctions imposed by both the United States and the UK in the previous year.
Based on the platform’s description of the incident, it alleges the involvement of Western intelligence-linked actors in a highly coordinated cyber intrusion. Consequently, unauthorized access to user assets exceeding 1 billion rubles resulted, prompting a temporary suspension of operations while internal containment and assessment procedures were implemented.
The company further asserted in its official disclosure that the compromise was of a level of sophistication that matches state-grade cyber capabilities. This suggests that advanced tools and infrastructure have been used beyond typical cybercriminal activity. According to Grinex, preliminary forensic analysis indicates a targeted operation that is likely to undermine perceptions of financial stability within sanctioned ecosystems in order to undermine perceived financial stability.
Additionally, the exchange outlined that its systems had been subjected to persistent probing and hostile activity since inception, and framed the latest incident as an important escalation in an ongoing pattern of attacks that have attempted to weaken the exchange’s financial stability and operational environment.
It has become increasingly difficult to assess Grinex’s potential continuity with previously sanctioned infrastructure following further investigations into its operational lineage and transactional footprint, particularly since multiple blockchain intelligence assessments have linked it to the defunct Garantex ecosystem.
The United States Treasury first designated Garantex in April 2022 on allegations that it assisted ransomware-related laundering activities through darknet markets such as Conti and Hydra. When authorities cited more than $100 million in illicit transaction processing and sustained exposure to money laundering networks, the company was subjected to renewed restrictions in August 2025.
As a result of enforcement actions, analysts from Elliptic and TRM Labs have concluded that Grinex may have effectively absorbed Garantex’s user base. During this process, Grinex deployed a ruble-pegged stablecoin mechanism identified as A7A5, which maintained liquidity flows and maintained transactional continuity despite regulatory pressure.
On-chain intelligence has also mapped a wider ecosystem of interconnected exchanges, according to Elliptic. Rapira, an exchange incorporated in Georgia with a presence in Moscow, has executed cryptoasset transfers to and from Grinex worth more than $72 million, reinforcing concerns regarding persistent sanctions circumvention channels linked to Russian financial institutions.
Elliptic has independently corroborated the timeline of the $13.74 million asset compromise, indicating that the breach occurred at approximately 12:00 UTC on April 15, 2026 and then the assets were rapidly dispersed across both TRON and Ethereum networks. An attacker is believed to have systematically converted USDT holdings into liquid and less traceable assets such as TRX and ETH to mitigate the risk associated with issuer-level freezing mechanisms.
The TRM Labs team has since identified approximately 70 blockchain a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: