A suspected state-linked cyberattack has wiped out more than $13 million from Grinex and forced the sanctioned Russian crypto exchange to suspend trading and ultimately shut down — removing one of the last big ruble-to-crypto channels used to skirt Western sanctions.
What happened
- Russian outlet DL News reported Grinex lost over 1 billion rubles (roughly $13 million) after attackers hit its core wallet infrastructure. The platform halted withdrawals and trading, then announced it would cease operations.
- In a Telegram post, Grinex alleged the breach bore “signs of involvement from foreign intelligence agencies,” saying the resources and tools used were “beyond typical hackers.” Outside outlets have described the incident as a suspected state-linked hack.
Why it matters
- Grinex was widely viewed as a major conduit for converting rubles into stablecoins and other liquid crypto assets that could be cashed out overseas — a critical piece of the informal payments network that helped Russian actors evade sanctions.
- Several experts told DL News that the exchange’s collapse could be more damaging than the theft itself because it removes one of the last sizable venues for moving ruble liquidity into crypto, complicating imports, contractor payments and capital flight for sanctioned entities.
Sanctions background
- Grinex was created by former employees of Garantex after U.S. authorities and allies sanctioned Garantex for processing more than $100 million in ransomware and other illicit proceeds, according to the U.S. Treasury’s Office of Foreign Assets Control (OFAC).
- In August 2025 OFAC labeled Grinex “another cryptocurrency exchange created by Garantex employees to support the company’s sanctions evasion efforts,” and sanctioned the exchange along with A7A5, a ruble‑backed token used to move funds through Kyrgyz and other regional intermediaries.
- Chainalysis has characterized the 2025 designations as part of a “multi‑year effort to dismantle a sanctions‑evasion infrastructure” that laundered ransomware, darknet market revenue and other illicit flows since at least 2019.
Wider context
- The shutdown comes as Russia’s economy shows signs of strain. President Vladimir Putin recently acknowledged a 1.8% year‑on‑year GDP decline for January–February and warned maritime oil exports could fall to their lowest level since 2023, tightening pressure on hard‑currency inflows.
- Analysts say losing a hub like Grinex highlights how quickly geopolitical pressure and cybersecurity risks can undo the opacity and convenience that off‑shore exchanges and tokenized rails once provided to Russia‑linked actors.
Bottom line
The Grinex incident is a double blow: a direct financial hit from a large wallet compromise and the sudden disappearance of a key sanctions‑evasion route. For enforcement agencies it’s a win; for sanctioned businesses and crypto intermediaries in the region it removes a major avenue for liquidity, forcing them to either scatter into smaller, harder‑to‑use channels or face increased exposure and scrutiny.
Read more AI-generated news on: undefined/news
