- Blockchain analytics firm Elliptic estimates approximately US$15 million in USDT was drained from wallets linked to Grinex.
- Stolen funds were routed through Tron and Ethereum and converted into TRX and ETH, likely to avoid potential freezing by Tether, which can blacklist USDT tied to illicit activity.
- Grinex is widely identified as a successor to sanctioned exchange Garantex, which was shut down by US authorities last year for facilitating hundreds of millions in ransomware and darknet-linked flows.
Grinex, a Kyrgyzstan-registered crypto exchange tied to Russia’s digital asset market, halted withdrawals and trading on Thursday after what it described as a large-scale cyberattack on its wallet infrastructure.
The exchange said in a notice on its website that more than 1 billion rubles, or about US$13.1 million (AU$18.3 million), had been stolen.
It also described the breach as a coordinated attack meant to damage Russia’s financial sovereignty and suggested hostile state actors were behind it, but provided no evidence to support that claim.
Elliptic said the stolen funds moved through addresses on the Tron and Ethereum networks before being converted into TRX and ETH. That step likely reduced the risk of the assets being frozen, since Tether can blacklist USDT linked to illicit activity.
A wallet identified by Grinex still held about 45.9 million TRX worth more than US$15 million (AU$21 million), indicating that most of the stolen assets may have been consolidated into one address after the initial transfers.
It remains unclear (and worrisome) why the exchange’s estimate of the loss was lower than Elliptic’s figure.
Related: Trump Meme Coin Event Sees 90% Drop in VIP Buy-In as Hype Cools
Garantex’s Shadow
The incident also renewed scrutiny on Grinex’s role in Russia-linked crypto flows. The platform is widely viewed as a successor to Garantex, the sanctioned exchange targeted by US authorities for handling hundreds of millions of dollars tied to ransomware and darknet markets.
Elliptic has said the two exchanges likely share common ownership and management.
After Garantex was shut down, users and liquidity moved to replacement venues, with Grinex becoming a major hub for ruble-to-crypto trading and for the ruble-backed stablecoin A7A5. Elliptic estimates A7A5 has processed more than US$100 billion (AU$140 billion) in transactions.
US authorities have already acted against that network. The US Secret Service and Elliptic previously froze US$26 million (AU$36.4 million) in Garantex-linked stablecoins.
Read more: XRPL Pushes Into Wall Street Territory With Privacy-Focused Upgrade
Blockchain,Hackers#15M #Crypto #Hack #Forces #Grinex #Shutdown #Claims #StateLevel #Attack1776415419
