Sanctioned Russia-Linked Exchange Grinex Suspends Operations

Summary

Grinex, the sanctioned successor to the Russian exchange Garantex, suspended operations yesterday following a claimed 1 billion ruble ($13.7 million) cyberattack. The exchange blamed “foreign intelligence services of unfriendly states” for the breach.

However, on-chain data shows the alleged hacker rapidly swapping exfiltrated fiat-backed stablecoins for Tron (TRX) using a decentralized exchange (DEX) previously favored by Garantex.

Because Western law enforcement typically freezes centralized stablecoins rather than swapping them, the movement of funds raises questions about who actually exfiltrated the funds.

At the time of writing, the exfiltrated funds remain as a balance on a single address; as the funds move downstream, forensic blockchain evidence will provide additional clues into who might be responsible for the alleged hack.

Sanctioned Russia-Linked Exchange Grinex Suspends Operations

Other newsrooms on this story

Related reading

US-sanctioned currency exchange says $15 million heist done by "unfriendly…

State Department offers $6 million reward in Russian crypto scheme - UPI.com

Russia and Iran are increasingly turning to crypto—especially stablecoins—to…

Crypto CEO accused of laundering $500 million linked to sanctioned Russian banks

‘Unstoppable’ Crypto Exchange Halts Trading After $10 Million Theft

Coinbase Will Reimburse Customers Up to $400 Million After Data Breach