Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it’s halting operations after experiencing a $13 million heist carried out by “western special services” hackers.
Researchers from TRM, which has confirmed the theft, put the value of stolen assets at $15 million after discovering roughly 70 drained addresses, about 16 more than Grinex reported. Neither TRM nor fellow blockchain research firm Elliptic has said how the attackers slipped past Grinex’s defenses. Grinex said it has been under almost constant attack attempts since incorporating 16 months ago. The latest attacks, it said, targeted Russian users of the exchange.
Damaging “Russia’s financial sovereignty”
“The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” Grinex said. “According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia’s financial sovereignty.”
“Due to the attack, the Grinex exchange is forced to suspend operations,” Grinex continued. “All available information has been transferred to law enforcement agencies. An application has been submitted to the location of the infrastructure to initiate a criminal case.”
TRM said that TokenSpot, a second Kyrgyzstan-based exchange, was also breached. Two of the exchange’s addresses sent funds to the same consolidation address used by the affected Grinex-linked wallets. What’s more, both exchanges became inoperable on Wednesday, suggesting they were hit by the same attacker.
TRM said TokenSpot was a front for Grinex, which the US Treasury Department sanctioned last year. The department’s Office of Foreign Assets Control said that Grinex, in turn, was a rebrand of Garantex, an exchange it had sanctioned in 2022. The department said then that Ganantex had “directly facilitated notorious ransomware actors and other cybercriminals by processing over $100 million in transactions linked to illicit activities since 2019.” Last year’s sanctions against Grinex came a few months after TRM said that the exchange was likely a front for Ganantex.
