Gate News message, April 17 — A cyberattack on Grinex, a Kyrgyzstan-based cryptocurrency exchange under US sanctions, has exposed a shadow financial network allegedly used to circumvent Western restrictions on Russia. Hackers stole approximately $15 million from Grinex in the attack, which also appears to have targeted TokenSpot, a closely linked platform. Both exchanges showed overlapping wallet activity and simultaneous downtime, suggesting a single attacker targeted an interconnected network.
Grinex was incorporated in Kyrgyzstan in December 2024, weeks before US authorities dismantled Garantex, a Russia-linked exchange sanctioned by the US Treasury’s Office of Foreign Assets Control (OFAC) since April 2022. According to OFAC, which sanctioned Grinex in August 2025, the exchange was a direct continuation of Garantex with the same owners, clients, and infrastructure. When Garantex was shut down, Telegram channels affiliated with it immediately directed users to migrate their assets to Grinex. Before its takedown, Garantex had processed over $100 billion in transactions despite being under sanctions, with 82% of its volume linked to sanctioned entities globally.
Blockchain analysts identified more than 70 wallets linked to the theft, exceeding the number Grinex publicly disclosed. Stolen funds, mostly USDT on the TRON network, were swapped into ETH and TRX via the SunSwap decentralized exchange before being routed to a single consolidation address. TokenSpot was found routing funds to the same wallet while briefly going offline, pointing to shared infrastructure. Trading activity on Grinex also involved A7A5, a ruble-backed stablecoin, raising additional concerns about the nature of transactions processed.
Grinex blamed the attack on what it called the special services of unfriendly states, describing it as a systematic attempt to destabilize Russia’s domestic financial sector and framing the hack as an act of financial warfare rather than a criminal breach. Blockchain intelligence firm TRM Labs said it had not verified that claim.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Duke Lecturer Argues World Liberty Financial's WLFI Token May Be Unregistered Security
According to Lee Reiners, a lecturing fellow at Duke University and former Federal Reserve Bank of New York examiner, World Liberty Financial's WLFI token may constitute an unregistered security, in a blog post on Friday. Reiners argues
GateNews1h ago
Duke Lecturer Argues World Liberty Financial Issued Unregistered Security, Citing 25B WLFI Token Sale
According to Lee Reiners, a lecturing fellow at Duke University and former Federal Reserve Bank of New York examiner, World Liberty Financial's WLFI token may constitute an unregistered security, as argued in a blog post on Friday (May 8). Citing the SEC's recent token taxonomy, Reiners notes that W
GateNews5h ago
Australian Police Seize 52.3 Bitcoin Worth $4.1M in Dark Web Enforcement on May 9
According to Crypto.news, Australian New South Wales police seized 52.3 Bitcoin, valued at approximately $4.1 million USD (570 million Australian dollars), in an enforcement operation targeting dark web markets on May 9. The seizure represents one of the largest cryptocurrency asset confiscations in
GateNews6h ago
Pi Network Bans Top DApp WorldBanksPi With 140K Users Without Warning
According to Pi Network DEX, on May 9, 2026, Pi Network's Core Team removed WorldBanksPi, a top-ranked DApp in the Pi Browser with over 140,000 users, without advance notice or appeal process. The project was identified as a Ponzi-style operation marketing false valuations and deposit-to-earn
GateNews8h ago
A former Navy captain in Singapore stole 1.7 million USDT and was sentenced to six years and ten months in prison
According to a report by The Straits Times on May 9, Singapore’s National Court judge Wang Qinru made a ruling on May 8 in the case of the defendant, Zhang Rongxuan (35, phonetic transliteration), sentencing him to six years and ten months in prison. Zhang Rongxuan, a former captain in the Naval Diving Unit’s elite diving unit, was found to have, while a friend was out, entered the apartment, photographed the cold wallet seed phrases, and later stole 1.7 million USDT held by the friend. Criminal
MarketWhisper9h ago
Former New York Fed examiner: WLFI linked to Trump may issue unregistered securities
On May 8, Lee Reiners, a lecturer at the Duke University School of Law and a former examiner at the New York Federal Reserve Bank, said in a blog post that World Liberty Financial, a decentralized finance agreement closely connected to the Trump family, may have issued unregistered securities, and that the WLFI token should fall under scrutiny by the U.S. Securities and Exchange Commission (SEC). Reiners’ Core Analysis: The Howey Test and WLFI’s Legal Characterization According to Reiners’ blog
MarketWhisper9h ago
