Grinex says a major cyberattack forced it offline

Grinex, a Russia-linked crypto exchange based in Kyrgyzstan, said it suspended operations after a cyberattack drained about 1 billion rubles, roughly $13.1 million, from the platform. Reuters reported that the exchange announced the suspension on Telegram and described the attack as large-scale and highly resourced.

The exchange also claimed the hack was carried out by “foreign intelligence services” from unfriendly states. Reuters said that allegation has not been independently verified.

The exchange is tied to the old Garantex network

This is not just another exchange hack story. Grinex is widely described as the successor to Garantex, the sanctioned Russian crypto exchange that had already come under intense pressure from Western authorities. Chainalysis explicitly called Grinex the sanctioned successor to Garantex in its analysis of the shutdown.

Reuters reported that Grinex had already been sanctioned by the United States, the United Kingdom, and the European Union in 2025. Those sanctions were tied to accusations that the platform helped users evade sanctions and move money through crypto infrastructure linked to Russia.

Sanctions evasion was already central to the case against it

The exchange’s legal and political problems were already severe before the hack. Reuters said U.S. officials accused Grinex of helping sanctions evasion through the use of a ruble-backed stablecoin called A7A5.

That connects Grinex to a broader financial workaround network that has grown since Russia was cut off from parts of the global financial system after the invasion of Ukraine. Reuters said this crypto infrastructure has been part of Russia’s effort to support foreign trade after losing normal access to SWIFT channels.

Why this matters for the market

This matters because it shows how geopolitical pressure and exchange security risk can collide in the same place. Grinex was already under sanctions and already operating in a politically sensitive corner of crypto. The hack now raises the risk even further for any users or counterparties still connected to that system.

It also highlights how vulnerable sanctioned crypto infrastructure can be. Even if Grinex’s claim about foreign intelligence involvement is never proven, the incident still shows that exchanges operating in sanctions-heavy environments face a very different risk profile from ordinary platforms. That last point is an inference based on the sanctions backdrop and the nature of the incident.

The bigger story is that Grinex was already under pressure

The clean takeaway is that the hack did not hit a normal exchange. It hit a platform already accused of helping Russia-linked sanctions evasion and already targeted by Western regulators. The theft may have been about $13 million, but the real damage is bigger because it lands on top of an exchange structure that was already under strain.