Representatives of the Grinex cryptocurrency exchange, considered by Western authorities to be the successor to the sanctioned Garantex, published a statement on their Telegram channel about a large-scale hack. Western intelligence agencies were reportedly behind the attack, and over 1 billion rubles belonging to Russian users were stolen from the exchange's crypto wallets.
The company's statement stated that the "digital traces and nature of the attack" indicate "an unprecedented level of resources and technology available exclusively to entities of hostile states." According to preliminary data from Grinex, the attack was coordinated with the aim of "causing direct damage to Russia's financial sovereignty."
[td]"From the very beginning, the exchange's infrastructure has been subject to attacks," Grinex representatives write. "We have documented systematic attempts to restrict the transfer of cryptocurrency outside the CIS: the exchange was placed on sanctions lists, crypto wallets were deliberately targeted, and transactions were blocked. Today, attempts to destabilize the domestic financial sector have reached a new level—the direct theft of assets from Russian citizens and companies using complex cyberattacks."[/td]The exchange's operations have been suspended pending investigation. The company reports that it has already passed on all information to law enforcement agencies and filed a criminal complaint.
The wallet addresses from which the funds were withdrawn are attached to the report in a separate document.
However, the platform has not yet disclosed any technical details of the attack, indicators of compromise, or the hacking vector.
As a reminder, Grinex has long been under scrutiny by Western authorities. Specifically, the US Treasury Department considers the exchange a direct successor to Garantex, a platform that the Office of Foreign Assets Control (OFAC) linked back in 2022 to the laundering of over $100 million in cryptocurrency for the operators of the Conti ransomware and the Hydra darknet marketplace.
It's worth noting that the platform's representatives themselves have stated that reports of a "rebranding" are "speculative and not supported by facts."
In March 2025, the US Secret Service led an operation to seize Garantex's domains. Just a few days later, associated Telegram channels began actively promoting Grinex, a platform with a nearly identical interface that had been registered in Kyrgyzstan back in December 2024.
Last year, OFAC extended sanctions against Garantex and its three co-founders. Concurrently, US authorities extended sanctions to Grinex and six related entities in Russia and Kyrgyzstan. At that time, the State Department separately announced a reward of up to $6 million for information leading to the arrest of Garantex's executives.
The company's statement stated that the "digital traces and nature of the attack" indicate "an unprecedented level of resources and technology available exclusively to entities of hostile states." According to preliminary data from Grinex, the attack was coordinated with the aim of "causing direct damage to Russia's financial sovereignty."
The wallet addresses from which the funds were withdrawn are attached to the report in a separate document.
However, the platform has not yet disclosed any technical details of the attack, indicators of compromise, or the hacking vector.
As a reminder, Grinex has long been under scrutiny by Western authorities. Specifically, the US Treasury Department considers the exchange a direct successor to Garantex, a platform that the Office of Foreign Assets Control (OFAC) linked back in 2022 to the laundering of over $100 million in cryptocurrency for the operators of the Conti ransomware and the Hydra darknet marketplace.
It's worth noting that the platform's representatives themselves have stated that reports of a "rebranding" are "speculative and not supported by facts."
In March 2025, the US Secret Service led an operation to seize Garantex's domains. Just a few days later, associated Telegram channels began actively promoting Grinex, a platform with a nearly identical interface that had been registered in Kyrgyzstan back in December 2024.
Last year, OFAC extended sanctions against Garantex and its three co-founders. Concurrently, US authorities extended sanctions to Grinex and six related entities in Russia and Kyrgyzstan. At that time, the State Department separately announced a reward of up to $6 million for information leading to the arrest of Garantex's executives.