Grinex, a Kyrgyzstan-registered exchange tied to Russia’s crypto market, suspended withdrawals and trading Thursday after a wallet-infrastructure attack. Elliptic estimated about $15 million in USDT was drained and then swapped into TRX and ETH, a routing pattern consistent with avoiding issuer freezes.
Key Takeaways
- Grinex froze withdrawals and trading on Thursday after reporting a “large-scale cyberattack” targeting its wallet infrastructure.
- The exchange said more than 1 billion rubles (nearly $13.1 million) was stolen and alleged the operation was designed to harm “Russia’s financial sovereignty.”
- Elliptic estimated roughly $15 million in USDT was drained from wallets linked to Grinex, moved across and , then converted into TRX and ETH.
- A wallet Grinex identified showed about 45.9 million TRX worth over $15 million remaining, pointing to rapid post-theft consolidation.
Grinex Freezes Withdrawals and Trading After Wallet-Infrastructure Attack
Grinex halted withdrawals and trading on Thursday after what it described as a “large-scale cyberattack” targeting the exchange’s wallet infrastructure, the custody and transaction systems used to move customer funds on-chain.
For traders, the immediate issue is operational, not narrative. When a venue that sits on ruble-to-crypto rails goes dark, liquidity can vanish mid-session and settlement paths can break without warning. Grinex is Kyrgyzstan-registered and tied to Russia’s crypto market, and it has been widely viewed as a successor venue after the sanctioned Garantex exchange was shut down and users migrated to replacement platforms.
Grinex’s website statement put the loss at more than 1 billion rubles, nearly $13.1 million, and framed the incident as a coordinated effort “with the aim of directly harming Russia's financial sovereignty.” It also alleged the attack required “resources and technologies available exclusively” to “hostile state” actors. Those claims are not independently substantiated in the provided material.
Elliptic’s On-Chain Trail: USDT Drain, Tron/Ethereum Hops, Then TRX and ETH
Elliptic estimated the suspected attacker drained approximately $15 million in USDT from wallets linked to Grinex, a higher figure than the exchange’s nearly $13.1 million ruble-denominated claim. The difference matters because it leaves uncertainty around the true hole in the exchange’s wallet stack and what portion, if any, could be recoverable.
Elliptic traced the USDT moving through addresses on Tron and Ethereum before being converted into TRX and ETH. TRX is Tron’s native token and is commonly used to pay fees and move value on Tron, which remains a major rail for USDT transfers.
btc$75,013+0.46%
eth$2,346.1-0.36%
usdt$1-0.01%
xrp$1.45+4.31%
bnb$635.53+2.10%
usdc$1+0.00%
sol$89+4.98%
trx$0.33-0.18%
doge$0.1+4.57%
ada$0.26+5.49%
bch$455.54+3.45%
link$9.56+3.36%
xlm$0.17+7.20%
ltc$56.35+2.24%
avax$9.73+3.14%
sui$1+4.53%
hbar$0.09+4.58%
dot$1.33+12.59%
uni$3.42+6.23%
etc$8.74+3.43%
algo$0.12+2.86%
atom$1.81+2.38%
fil$1+8.96%
vet$0.01+5.26%
