USDGrinex halts trading after $13.7 million crypto exploit
Exchange links hack to geopolitical actors as broader attack wave intensifies
TL;DR
- Grinex suspended operations after a $13.7 million crypto exploit involving multiple wallets.
- The exchange attributed the attack to “special services” of “unfriendly states.”
- The incident follows a surge of attacks affecting at least 12 crypto entities since April 1.
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
Grinex halted trading and withdrawals after a confirmed $13.7 million exploit drained funds from its wallets, forcing the exchange to suspend operations and launch a technical audit while attributing the attack to state-linked actors.
Grinex said the breach targeted dozens of high-value accounts, with reporting indicating 54 wallets were affected during the incident. The exchange immediately stopped trading activity and disabled withdrawals as it began what it described as a deep technical review, without providing a timeline for restoring services or compensating users.
On-chain analysis tied to the exploit showed rapid movement of stolen assets across multiple networks, with funds initially withdrawn in USDT before being converted into other cryptocurrencies. The conversion pattern was consistent with efforts to avoid asset freezing, as stablecoin issuers can restrict compromised funds under certain conditions.
Grinex framed the attack as politically motivated, stating it was carried out by the “special services” of “unfriendly states.” The exchange said the operation demonstrated an “unprecedented level of resources and technologies available exclusively to structures of unfriendly states” and was designed to inflict “direct damage to Russia’s domestic financial sovereignty.”
Sanctions-linked exchange faces systemic pressure
The exchange has been identified as a key infrastructure node in Russia-linked crypto activity, operating as a successor platform to Garantex, which had previously faced sanctions. Authorities in the United States, United Kingdom, and European Union sanctioned Grinex between August and October last year, describing it as part of a broader network facilitating financial activity outside traditional systems.
Grinex also served as a primary venue for trading A7A5, a ruble-backed stablecoin associated with large-scale transaction flows. The ecosystem linked to that token has processed more than $100 billion in transfers, highlighting the exchange’s role in regional liquidity and settlement.
The shutdown is expected to disrupt crypto liquidity channels connected to Russian markets, particularly over-the-counter desks that rely on the platform for converting local currency into digital assets.
Part of broader April crypto attack wave
The exploit occurred during a sharp increase in cyberattacks across crypto platforms. At least 12 crypto protocols and entities have been targeted since the April 1 Drift Protocol exploit, which alone resulted in $280 million in losses.
Other affected platforms include CoW Swap, Hyperbridge, Bybit, Dango, Silo Finance, BSC TMM, Aethir, MONA, Zerion, Rhea Finance, and Grinex. Combined losses from Grinex and Rhea Finance over a two-day period reached approximately $21 million.
Data showed more than $168.6 million stolen from 34 decentralized finance protocols during the first quarter of 2026, reflecting a sustained escalation in exploit activity.
The attack environment has grown more complex, with reporting linking recent incidents, including Drift Protocol and Zerion, to tactics associated with DPRK-affiliated actors and the use of advanced social engineering techniques.
FAQ
What happened to Grinex?
Grinex halted operations after a $13.7 million exploit targeting its wallets.
How many wallets were affected?
Reporting indicates 54 wallets were impacted.
Who did Grinex blame for the attack?
Grinex blamed “special services” of “unfriendly states.”
Is this part of a wider trend?
Yes, at least 12 crypto entities have been attacked since April 1.
This article has been refined and enhanced by ChatGPT.
