Grinex, a Kyrgyzstan-incorporated crypto exchange believed to be a rebrand of sanctioned Garantex, said it is suspending operations after a hack that stole about $13.74 million (over 1 billion rubles) and blamed Western intelligence agencies. Blockchain analysts traced the theft to transfers on TRON and Ethereum, highlighted rapid swaps from USDT to non-freezable tokens and use of the A7A5 ruble-backed stablecoin, and warned the incident could be either criminal exploitation or a false-flag attack undermining Russia-linked sanctions-evasion infrastructure. #Grinex #Garantex
Keypoints
- Grinex reported a large-scale April 15, 2026 breach that stole roughly $13.74 million and suspended services.
- The company alleges the attack showed foreign intelligence-level sophistication aimed at damaging Russiaβs financial sovereignty.
- Analysts observed stolen USDT routed through TRON and Ethereum and quickly swapped to TRX/ETH to avoid freezing by Tether.
- Grinex is widely believed to be a rebrand of U.S.-sanctioned Garantex, which used the A7A5 ruble stablecoin and processed over $100 million in illicit transactions.
- Investigations identified about 70 related addresses and linked TokenSpot and Rapira to transaction flows, while some experts suggested the possibility of a false-flag operation.
Read More: https://thehackernews.com/2026/04/1374m-hack-shuts-down-sanctioned-grinex.html