Kyrgyzstan-based cryptocurrency exchange Grinex has suspended operations following a $13.74 million cyberattack that the company claims was orchestrated by Western intelligence agencies to undermine Russia's financial sovereignty.

Key Points

• Grinex, widely considered a rebrand of the U.S.-sanctioned exchange Garantex, reported the theft of over 1 billion rubles on April 15, 2026.
• Blockchain intelligence firms Elliptic and TRM Labs tracked the stolen funds to TRON and Ethereum addresses, noting the assets were converted to avoid Tether freezing.
• The Kyrgyzstan-based exchange TokenSpot, allegedly a front for Grinex, was also impacted by the breach, losing approximately $5,000 in assets.
• Chainalysis suggested the incident could be a "false flag" operation, noting the exchange's history of using obfuscation techniques to bypass international sanctions.
• Reports indicate Grinex and the Georgia-incorporated exchange Rapira facilitated over $72 million in transactions, highlighting ongoing efforts to evade financial restrictions.

Why it Matters

The collapse of Grinex disrupts a critical node in the infrastructure used to bypass international sanctions against Russia. Whether the breach was a genuine exploit or an internal maneuver, it highlights the persistent volatility and regulatory risks inherent in platforms operating outside the global financial system.