$15M Grinex Cyberattack Halts Operations Amid Allegations of Foreign Intelligence Involvement

Severity: High (Score: 74.0)

Sources: Globalbankingandfinance, Uk.Finance.Yahoo, coinlaw.io, Thecyberexpress, www.trmlabs.com

Summary

Grinex, a Kyrgyzstan-based cryptocurrency exchange linked to Russia, suspended its operations following a cyberattack that resulted in the theft of over 1 billion rubles (approximately $13 million). The attack, which Grinex attributes to foreign intelligence services, involved a sophisticated breach of its wallet infrastructure. The stolen funds were rapidly moved across multiple blockchain networks, including Ethereum and Tron, to obscure their trail. Grinex has claimed that the attack aimed to undermine Russia's financial sovereignty, although no concrete evidence has been provided to support this assertion. The exchange has filed a police report and is currently assessing the damage. This incident highlights ongoing vulnerabilities within the cryptocurrency exchange ecosystem, particularly regarding hot wallet security. The attack follows a trend of increasing cyber threats targeting crypto exchanges in 2025 and 2026. Key Points: • Grinex lost over $13 million in a cyberattack attributed to foreign intelligence. • The stolen funds were quickly moved across multiple blockchains to evade tracking. • Grinex has suspended all operations and filed a police report regarding the incident.

Key Entities

• Data Breach (attack_type)
• DDoS (attack_type)
• Abcex (company)
• Grinex (company)
• Ethereum (company)
• Uniswap (company)
• Garantex (platform)
• BiFinance (platform)
• CoinGecko (platform)
• Telegram (platform)
• TRON (platform)
• Kyrgyzstan (country)
• Moldova (country)
• Russia (country)
• Ukraine (country)
• United Kingdom (country)
• cointelegraph.com (domain)
• Financial (industry)
• T1499 - Endpoint Denial of Service (mitre_attack)
• Etherscan (tool)
• Conti (ransomware_group)
• Hydra Market (ransomware_group)