US-Sanctioned Kyrgyz Exchange Grinex Halts Operations After $15M Cyber Heist Linked to 'Unfriendly States'

Grinex Suspends Operations After $15 Million Cyberattack

Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, announced it is halting operations following a $15 million cyber heist allegedly perpetrated by hackers linked to 'western special services.'

Confirmed Theft by TRM Labs

Researchers at TRM Labs, a blockchain intelligence firm, confirmed the theft and adjusted the stolen amount to $15 million after identifying 70 drained addresses—16 more than Grinex initially reported. Neither TRM Labs nor blockchain research firm Elliptic has disclosed how the attackers bypassed Grinex’s security measures.

Ongoing Cyberattacks Since 2022

Grinex revealed it has faced near-constant attack attempts since its incorporation 16 months ago. The most recent attacks specifically targeted Russian users of the exchange.

Alleged State-Sponsored Attack

In a statement, Grinex claimed the digital footprints and nature of the attack suggest an unprecedented level of resources and technology exclusive to state structures. The exchange alleged the attack was coordinated to directly damage Russia’s financial sovereignty.

"The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states. According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia's financial sovereignty."

Exchange’s Response and Future Plans

Grinex has not provided further details on its operational shutdown or potential resumption of services. The exchange’s statement did not include additional technical or legal disclosures regarding the incident.