Grinex Halts Trading and Withdrawals After Cyberattack Drains Up to $15M

• Grinex halts trading after cyberattack drains millions across blockchain networks
• Hackers move stolen funds through Tron and Ethereum to evade tracking
• Exchange tied to Russia faces scrutiny following major crypto security breach

Grinex abruptly halted trading and withdrawals after confirming a major security breach that compromised its wallet systems. Consequently, users could no longer access their funds as the exchange moved quickly to contain the damage and review internal controls. The platform, which operates from Kyrgyzstan, disclosed the incident through a notice on its website, where it outlined the scale of the attack and its immediate impact on operations.

According to the exchange, attackers stole more than 1 billion rubles, which equals roughly $13.1 million at current rates. Moreover, Grinex described the breach as a coordinated cyberattack designed to disrupt crypto infrastructure linked to Russia’s financial system. It further claimed that the attackers relied on advanced tools typically associated with state-backed entities, although it did not provide direct evidence to support that assertion.

However, blockchain data analysis suggests that the total losses may be higher than initially reported by the exchange. According to Elliptic, the attacker drained close to $15 million in USDT from wallets associated with Grinex, indicating a broader scope of compromise. Additionally, investigators observed that the stolen funds moved rapidly across multiple blockchain networks shortly after the breach occurred.

Also Read: XRP Nears Critical “Diamond Decision” as Chart Signals Major Breakout or Breakdown

Cross-Chain Transfers Complicate Recovery Efforts

The attacker routed the funds through both Tron and Ethereum networks before converting them into TRX and ETH. This strategy likely reduced the risk of intervention from Tether, which has the authority to freeze USDT linked to illicit activity. As a result, converting the assets into other cryptocurrencies made it significantly harder for authorities or issuers to block or recover the stolen funds.

Onchain records also show that a wallet linked to the incident still holds around 45.9 million TRX, valued at more than $15 million. This consolidation suggests that the attacker secured control over most of the stolen assets after completing the transfers. Meanwhile, the incident has drawn attention to Grinex’s position within a shifting crypto market landscape tied to Russia.

The platform gained prominence after the shutdown of Garantex, which faced enforcement action from U.S. authorities over alleged illicit financial activity. Following that crackdown, users and liquidity migrated to alternatives like Grinex, allowing it to expand its role in ruble-based crypto trading. Furthermore, the exchange became a key hub for the ruble-backed stablecoin A7A5, which has reportedly processed over $100 billion in transactions.

Grinex now faces mounting pressure as it works to address the breach and restore user confidence. The scale of the losses and the movement of funds across chains present significant challenges for recovery. At the same time, the incident highlights ongoing risks surrounding security and oversight in emerging crypto trading environments.

Also Read: UK Tightens Crypto Oversight as FCA Sets 2026 Authorization Timeline

The post Grinex Halts Trading and Withdrawals After Cyberattack Drains Up to $15M appeared first on 36Crypto.