$15M Grinex Cyberattack Halts Trading Amid Allegations of Foreign Involvement

Severity: High (Score: 71.8)

Sources: www.elliptic.co, Uk.Finance.Yahoo, Decrypt.Co, Thecyberexpress

Summary

On April 16, 2026, Grinex, a Kyrgyzstan-based crypto exchange, suspended all trading after a cyberattack resulted in the theft of over 1 billion rubles (approximately $13-15 million) in USDT. The exchange alleged that the attack was executed by 'Western special services,' suggesting a coordinated effort to undermine Russia's financial sovereignty. The attackers breached the wallet infrastructure of Grinex, quickly transferring and converting the stolen funds across multiple blockchain networks, including Ethereum and Tron, to obscure their trail. Grinex has reported the incident to law enforcement and is currently investigating the breach, which reflects a broader trend of vulnerabilities in the crypto exchange sector. The attack has raised concerns about the security of hot wallets and transaction processes within the industry. As of now, trading and withdrawals remain halted while the situation is assessed. Key Points: • Grinex halted all trading after a cyberattack stole $13-15 million in USDT. • The exchange alleges involvement of foreign intelligence services in the attack. • Funds were quickly moved across multiple blockchains to obscure tracking efforts.

Key Entities

• Data Breach (attack_type)
• Grinex (company)
• Ethereum (company)
• Kyrgyzstan (country)
• Russia (country)
• Ukraine (country)
• United Kingdom (country)
• United States (country)
• Financial (industry)
• TRON (platform)