{"id":5173,"date":"2026-04-20T11:37:46","date_gmt":"2026-04-20T11:37:46","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/04\/20\/crypto-exchange-grinex-blames-western-spies-for-13m-theft\/"},"modified":"2026-04-20T11:37:46","modified_gmt":"2026-04-20T11:37:46","slug":"crypto-exchange-grinex-blames-western-spies-for-13m-theft","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/04\/20\/crypto-exchange-grinex-blames-western-spies-for-13m-theft\/","title":{"rendered":"Crypto Exchange Grinex Blames Western Spies for $13m Theft"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n

A sanctioned cryptocurrency exchange has claimed that Western intelligence agencies are to blame for a targeted attack last week which led to the theft of one billion rubles ($13.2m) from Russian customers.<\/p>\n

Kyrgyzstan-based Grinex is believed to be the successor to Garantex, which was sanctioned by the US in 2022 for enabling money laundering and illegal transactions. Grinex suffered the same fate last August, but continues to help Russian\u2019s evade sanctions via crypto-transactions.<\/p>\n

However, in a statement late last week, the firm said it had been forced to suspend operations following a \u201clarge-scale cyber-attack\u201d by \u201cforeign\u201d intelligence agencies.<\/p>\n

It claimed that only these actors would be able to muster the \u201cunprecedented level of resources and technology\u201d used in the raid, saying that it was done to harm Russia\u2019s \u201cfinancial sovereignty.\u201d<\/p>\n

“From the very beginning, the exchange’s infrastructure has been subject to attacks,” said a Grinex spokesperson.<\/p>\n

“We have documented systematic attempts to restrict the transfer of cryptocurrency outside the CIS: the exchange was placed on sanctions lists, crypto wallets were deliberately targeted, and transactions were blocked. Today, attempts to destabilize the domestic financial sector have reached a new level \u2013 the direct theft of assets from Russian citizens and companies using complex cyber-attacks.”<\/p>\n

Read more on crypto-heists: DeFi Protocol Balancer Loses Over $120m in Cyber Heist<\/em><\/p>\n

Grinex said it had filed a criminal complaint about the attack and shared relevant information with law enforcers.<\/p>\n

It also shared the crypto address where the funds were allegedly deposited, after being converted to TRX.<\/p>\n

Experts Question Narrative<\/strong><\/h2>\n

However, blockchain experts are skeptical about the story Grinex is floating.<\/p>\n

Forensics firm Chainalysis said that Western agencies typically freeze centralized stablecoins rather than swapping them. But in this attack, they were quickly swapped for a non-freezable, more decentralized token \u2013 a classic tactic apparently used by cybercriminals looking to quickly launder funds.<\/p>\n

\u201cShortly after the funds were exfiltrated, they were actively moved by leveraging a popular Tron-based decentralized exchange (DEX) to swap the stablecoins into Tron (TRX), the native token of the Tron blockchain. Interestingly, this specific DEX was previously heavily leveraged by Garantex \u2013 Grinex\u2019s sanctioned predecessor \u2013 as a source of liquidity to gas-fund its hot wallets,\u201d Chainalysis explained.<\/p>\n

\u201cThis behavior immediately raises reasonable questions about Grinex\u2019s claim that Western authorities are behind the attack.\u201d<\/p>\n

Chainalysis suggested that this may be a false flag attack \u2013 potentially to cover an attempt by admins to move funds to their own wallets.<\/p>\n

\u201cFaced with mounting international pressure and a shrinking operational footprint, actors associated with Grinex could be using the guise of an alleged hack to quietly siphon liquidity and execute an exit scam,\u201d it said.<\/p>\n

\u201cAt the time of writing, the exfiltrated funds remain as a balance on a single address; as the funds move downstream, forensic blockchain evidence will provide additional clues into who might be responsible for the alleged hack.\u201d<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

A sanctioned cryptocurrency exchange has claimed that Western intelligence agencies are to blame for a targeted attack last week which led to the theft of one billion rubles ($13.2m) from Russian customers. Kyrgyzstan-based Grinex is believed to be the successor to Garantex, which was sanctioned by the US in 2022 for enabling money laundering and<\/p>\n","protected":false},"author":2,"featured_media":5174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5173","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5173-24a41386-d0fe-4b2b-8be4-0e28edb1dbbe-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=5173"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5173\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/5174"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=5173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=5173"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=5173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}