Grinex, a US-approved cryptocurrency exchange registered in Kyrgyzstan, said it is halting operations after experiencing a $13 million heist perpetrated by “Western special services” hackers.
TRM researchers, who confirmed the theft, estimated the value of the stolen assets at $15 million after discovering about 70 vacant addresses, about 16 more than what Greenex reported. Neither TRM nor fellow blockchain research firm Elliptic have explained how the attackers bypassed Greenex’s security. Grinex said it has faced almost constant attempts to attack it since it was incorporated 16 months ago. It said Russian users of the exchange were targeted in the latest attacks.
Harming “Russia’s financial sovereignty”
“The digital footprint and nature of the attack indicate an unprecedented level of resources and technology available to structures, particularly those of unfriendly states,” Grinex said. “According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia’s financial sovereignty.”
“Due to the attack, the Grinex exchange has been forced to suspend operations,” Grinex continued. “All available information has been transferred to law enforcement agencies. An application has been submitted to the location of the infrastructure to initiate a criminal case.”
TRM said another Kyrgyzstan-based exchange, TokenSpot, was also breached. The two addresses on the exchange sent funds to the same consolidation address that was used by the affected Greenex-linked wallet. Additionally, both exchanges went down on Wednesday, suggesting that they were attacked by the same attacker.
TRM said TokenSpot was a front for Grinex, which was approved by the US Treasury Department last year. The department’s Office of Foreign Assets Control said Grinex was, in turn, a rebrand of Guarantex, an exchange it approved in 2022. The department then said that Gannetx had “directly facilitated notorious ransomware actors and other cybercriminals by processing more than $100 million in transactions involving illicit activities since 2019.” The sanctions against Grinex last year came just months after TRM said the exchange was possibly a front for Gnantex.
<a href