{"id":321358,"date":"2026-04-19T21:04:34","date_gmt":"2026-04-19T15:34:34","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=321358"},"modified":"2026-04-19T21:04:34","modified_gmt":"2026-04-19T15:34:34","slug":"us-sanctioned-currency-exchange-says-15-million-heist-done-by-unfriendly-states","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/04\/19\/us-sanctioned-currency-exchange-says-15-million-heist-done-by-unfriendly-states\/","title":{"rendered":"US-sanctioned currency exchange says $15 million heist done by &#8220;unfriendly states&#8221;"},"content":{"rendered":"<div>\n<p>Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it\u2019s halting operations after experiencing a $13 million heist carried out by \u201cwestern special services\u201d hackers.<\/p>\n<p>Researchers from TRM, which has confirmed the theft, put the worth of stolen assets at $15 million after discovering roughly 70 drained addresses, about 16 greater than Grinex reported. Neither TRM nor fellow blockchain research firm Elliptic has said how the attackers slipped past Grinex\u2019s defenses. Grinex said it has been under almost constant attack attempts since incorporating 16 months ago. The most recent attacks, it said, targeted Russian users of the exchange.<\/p>\n<h2>Damaging \u201cRussia\u2019s financial sovereignty\u201d<\/h2>\n<p>\u201cThe digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,\u201d Grinex <a href=\"https:\/\/grinex.io\">said<\/a>. \u201cIn keeping with preliminary data, the attack was coordinated with the aim of causing direct damage to Russia\u2019s financial sovereignty.\u201d<\/p>\n<p>\u201cAs a consequence of the attack, the Grinex exchange is forced to suspend operations,\u201d Grinex continued. \u201cAll available information has been transferred to law enforcement agencies. An application has been submitted to the placement of the infrastructure to initiate a criminal case.\u201d<\/p>\n<p>TRM <a href=\"https:\/\/www.trmlabs.com\/resources\/blog\/sanctioned-russian-exchange-grinex-and-kyrgyzstani-exchange-tokenspot-hit-in-usd-15-million-theft\">said<\/a> that TokenSpot, a second Kyrgyzstan-based exchange, was also breached. Two of the exchange\u2019s addresses sent funds to the identical consolidation address utilized by the affected Grinex-linked wallets. What\u2019s more, each exchanges became inoperable on Wednesday, suggesting they were hit by the identical attacker.<\/p>\n<p>TRM said TokenSpot was a front for Grinex, which the US Treasury Department <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/sb0225\">sanctioned<\/a> last yr. The department\u2019s Office of Foreign Assets Control said that Grinex, in turn, was a rebrand of Garantex, an exchange it had sanctioned <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy0701\">in 2022<\/a>. The department said then that Ganantex had \u201cdirectly facilitated notorious ransomware actors and other cybercriminals by processing over $100 million in transactions linked to illicit activities since 2019.\u201d Last yr\u2019s sanctions against Grinex got here just a few months after TRM <a href=\"https:\/\/www.trmlabs.com\/resources\/blog\/grinex-emerges-as-likely-garantex-rebrand\">said<\/a> that the exchange was likely a front for Ganantex.<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it\u2019s halting operations after experiencing a $13 million heist carried out by \u201cwestern special services\u201d hackers. Researchers from TRM, which has confirmed the theft, put the worth of stolen assets at $15 million after discovering roughly 70 drained addresses, about 16 greater than Grinex reported. Neither [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":321359,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[13764,2631,15338,692,884,50783,50782],"class_list":["post-321358","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-currency","tag-exchange","tag-heist","tag-million","tag-states","tag-unfriendly","tag-ussanctioned"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/321358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=321358"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/321358\/revisions"}],"predecessor-version":[{"id":321361,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/321358\/revisions\/321361"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/321359"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=321358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=321358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=321358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}