Gate News message, April 17 — A cyberattack on Grinex, a Kyrgyzstan-based cryptocurrency exchange under US sanctions, has exposed a shadow financial network allegedly used to circumvent Western restrictions on Russia. Hackers stole approximately $15 million from Grinex in the attack, which also appears to have targeted TokenSpot, a closely linked platform. Both exchanges showed overlapping wallet activity and simultaneous downtime, suggesting a single attacker targeted an interconnected network.
Grinex was incorporated in Kyrgyzstan in December 2024, weeks before US authorities dismantled Garantex, a Russia-linked exchange sanctioned by the US Treasury’s Office of Foreign Assets Control (OFAC) since April 2022. According to OFAC, which sanctioned Grinex in August 2025, the exchange was a direct continuation of Garantex with the same owners, clients, and infrastructure. When Garantex was shut down, Telegram channels affiliated with it immediately directed users to migrate their assets to Grinex. Before its takedown, Garantex had processed over $100 billion in transactions despite being under sanctions, with 82% of its volume linked to sanctioned entities globally.
Blockchain analysts identified more than 70 wallets linked to the theft, exceeding the number Grinex publicly disclosed. Stolen funds, mostly USDT on the TRON network, were swapped into ETH and TRX via the SunSwap decentralized exchange before being routed to a single consolidation address. TokenSpot was found routing funds to the same wallet while briefly going offline, pointing to shared infrastructure. Trading activity on Grinex also involved A7A5, a ruble-backed stablecoin, raising additional concerns about the nature of transactions processed.
Grinex blamed the attack on what it called the special services of unfriendly states, describing it as a systematic attempt to destabilize Russia’s domestic financial sector and framing the hack as an act of financial warfare rather than a criminal breach. Blockchain intelligence firm TRM Labs said it had not verified that claim.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Circle Faces Class Action Lawsuit Over $280M Drift Protocol Exploit Response
Circle Internet Group is facing a class action lawsuit for failing to quickly halt a $280 million exploit involving its Cross-Chain Transfer Protocol, as investors claim it could have intervened. The lawsuit highlights Circle's prior ability to freeze funds, raising questions about their responsiveness.
GateNews1m ago
Ethereum Foundation: Ketman project identifies 100 North Korean agents within six months
According to an ETH Rangers project recap report published by the Ethereum Foundation on April 17, 2026 (Thursday), within its six-month funding period the Ketman project funded by the Ethereum Foundation identified 100 North Korean IT workers using false identities to infiltrate Web3 organizations, and contacted roughly 53 crypto projects to warn them they may have hired active North Korean agents.
MarketWhisper23m ago
Polymarket Audits Builders Program Startups Over Insider Trading Concerns - Unchained
Polymarket has initiated an audit of its Builders Program after finding third-party tools that may facilitate insider trading by mimicking successful trades. The review follows scrutiny over potential market abuse linked to these apps.
UnchainedCrypto2h ago
Kalshi appeals Nevada event contract ban; CFTC jurisdiction dispute may reach the Supreme Court
Prediction market platform Kalshi has appealed a ruling by the state of Nevada banning its event contracts, and the U.S. Ninth Circuit Court of Appeals held oral arguments on April 17, but did not issue an immediate decision after the hearing. The core dispute in the case is whether Kalshi’s event contracts are “swap agreements” that fall under the jurisdiction of the Commodity Futures Trading Commission (CFTC), or whether they must be regulated by state-level activity under gambling licensing regimes. Multiple legal experts predict that the case may ultimately be appealed to the U.S. Supreme Court.
MarketWhisper3h ago
Circle faces a class action lawsuit from Drift; USDC freeze obligations spark legal debate
Representing more than 100 members, Joshua McCollum, a Drift Protocol investor, filed a lawsuit against Circle on Wednesday in the U.S. District Court for the District of Massachusetts. The lawsuit alleges that in the April 1 theft incident involving approximately $280 million worth of Drift Protocol, Circle allowed the attacker to transfer roughly $230 million USDC to Ethereum via a cross-chain transfer protocol.
MarketWhisper3h ago
Tether Freezes 3.29M USDT in Rhea Finance Hacker Address
Tether CEO Paolo Ardoino announced the freezing of 3.29 million USDT connected to a hacker linked to Rhea Finance's $7.6 million theft due to a fake token contract attack.
GateNews4h ago
