Grinex Exchange Faces $14M Hack, Trading Suspended

By: crypto insight|2026/04/17 19:00:10

Key Takeaways:

Grinex, a Kyrgyzstan-registered crypto exchange linked to Russia, lost $13.7 million in an advanced cyberattack.
US authorities suspect Grinex of facilitating sanctions evasion and laundering activities for Russian hackers.
The hack involved draining funds from 54 addresses, raising security concerns over sophisticated state-supported cyber intrusions.
Blockchain analytics reveal potential connections between Grinex and another Kyrgyzstan-based exchange, TokenSpot.
Analysis suggests hackers smartly converted $15 million worth of USDT to evade asset freezing.

WEEX Crypto News, 2026-04-17 07:11:24

Grinex Halts Trading Post-Hack

The cryptocurrency world was jolted when Grinex, an exchange with ties to Russia, announced the suspension of its trading operations after a staggering $13.7 million hack. This incident represents a major breach within the crypto industry, given that Grinex has been under suspicion for aiding in sanctions evasion alongside conducting laundering for Russia-linked hacker networks. The origins of the attack hint at highly resource-equipped entities, potentially backed by adversarial nations.

Grinex has now provided law enforcement with all relevant details, and a criminal complaint has been filed at the exchange’s infrastructure location. Seen as a successor to the besieged Garantex platform, both exchanges have been under the spotlight for similar illicit activities. The founder of Elliptic, Tom Robinson, implicated Grinex as a paramount platform for trading the ruble-tied stablecoin A7A5, spotlighting its role in circumventing sanctions.

Possible Linkage to TokenSpot

Investigations imply Grinex might not stand as the sole victim. TRM Labs, a respected blockchain intelligence firm, suggests two wallets from TokenSpot, another Kyrgyzstan-based entity, transferred $5,000 to the address utilized by Grinex’s hacker. TokenSpot’s operational hiccup was noted on April 15, with a subsequent service restoration announcement the next day. Additionally, TRM Labs flagged 16 extra addresses connected to the breach, which collectively hold 45.9 million TRX, translating to nearly $15 million.

Detailing the Sophisticated USDT Theft

Not only was the hack bold in its execution, but it also showcased cunning with regards to fund management. Elliptic’s analysis pinpointed the movement of $15 million in USDT away from Grinex. These funds, redirected to Tron or Ethereum accounts, presented a challenge in potentially freezing the assets, hence illustrating a savvy understanding of the blockchain’s vulnerabilities. By transacting this USDT for TRX or ETH, the cybercriminals effectively circumvented the risk of asset freezing by Tether.

Recurring Threats in Sanctions-Evasion Platforms

This breach is not entirely isolated in the crypto landscape. Recalling previous instances, the Iranian exchange, Nobitex, experienced a crippling hack in June 2025, with $81 million depleted by actors claiming a stance pro-Israel. Notably, Grinex’s event underscores a persistent threat in exchanges that have affiliations with nations sidestepping US sanctions.

Grinex had voiced opposition to illegal practices like sanctions evasion or money laundering. However, the recent attack highlights the pervasive security vulnerabilities and geopolitical entanglements that exchanges face when accusations of sanctions-busting arise.

FAQ Section

What is the magnitude of loss in the Grinex hack?

Grinex experienced a loss totaling 1 billion Russian rubles, equivalent to $13.7 million, revealing a critical security lapse and raising stakes about the involvement of hostile state-backed entities.

How does the Grinex incident relate to TokenSpot?

Blockchain intelligence has identified potential on-chain links between Grinex and the Kyrgyzstan-based TokenSpot, suggesting shared vectors for similar security breaches.

Why is the conversion of USDT significant in this hack?

The hackers’ decision to convert USDT to other cryptocurrencies like TRX or ETH displays calculated evasion techniques, thwarting potential asset freezes by companies like Tether.

Has Grinex been implicated in prior illegal activities?

Yes, US authorities have long suspected Grinex of aiding in sanctions evasion and laundering for Russian hacking entities, marking it similar to the former Garantex exchange.

Are similar breaches common in the crypto sector?

Unfortunately, yes. Exchanges with links to nations under US sanctions often face such breaches, as evidenced by the Nobitex hack in 2025, emphasizing ongoing geopolitical and cyber vulnerabilities in cryptocurrency platforms.

On June 9, according to related disclosures, on-chain investigator ZachXBT posted an update on Humanity’s roughly $31 million security incident, saying that after further analyzing fund flows, he currently tends to believe the project team was not involved in an “inside job” or a self-staged attack. According to him, the official explanation about the private key leak was broadly accurate, but before the token unlock, the price of H had been artificially pushed higher, and the hacker later took advantage of that market environment; therefore, the private key leak and the earlier abnormal price pumping should be regarded as two separate and independent events. This reframing has shifted the market’s understanding of the nature of the incident. Earlier discussion around Humanity had focused on whether the team directly participated in the attack or used the security incident to cover up internal operations. ZachXBT’s latest remarks shift the focus from “whether it was self-theft” to “whether there were pre-unlock market structure issues.” He also questioned whether the team may have.

Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing

Overview of Important Market Events on June 9th

Morning Report | BitMine increased its holdings by 126,971 ETH last week; trader Eugene announced his exit from the crypto market

Overview of Important Market Events on June 8th

Wang Chuan: How can one not feel anxious after the neighbor Old Wang made thirty times profit by investing in storage stocks? (Seven) - A quarter-century cycle

In-depth analysis of the "reflexivity" bubble trap in storage stocks: Beware of the backlash from the bullwhip effect and the false narrative of high growth; do not let the short-term myth of wealth become a wealth abyss that cannot be recovered for 25 years.

Cryptocurrency CEXs are flocking to sell US stocks, and traditional brokerages are facing an "uninvited guest."

The major reshuffle has just begun.

$75 billion in foreign capital has fled, and South Korean retail investors have absorbed it all using leverage

Despite the accelerated migration of Korean funds from cryptocurrency to the stock market, the Korean market remains an important barometer for global cryptocurrency retail liquidity and recovery turning points.

Japan’s Three Megabanks Plan Joint Stablecoin Issuance in Fiscal 2026

MUFG, SMBC, and Mizuho reportedly plan to jointly issue fiat-pegged stablecoins in fiscal 2026, signaling Japan’s growing push into bank-led digital payment infrastructure.

Humanity Discloses H Token Dual-Chain Attack Details, With Losses on Ethereum and BSC Exceeding $36 Million

Humanity said the H token attack across Ethereum and BSC caused more than $36 million in losses after leaked ProxyAdmin keys enabled malicious contract upgrades and token minting.

White House Discusses CLARITY Act With Law Enforcement Ahead of Senate Vote

The White House discussed the CLARITY Act with law enforcement ahead of a Senate vote, focusing on illicit finance risks and developer protections.

Foreign selling in the South Korean stock market accelerates, with cumulative net sales reportedly reaching $75 billion this year

On June 9, The Kobeissi Letter, citing Goldman Sachs data, reported that global investors are selling South Korean stocks at an unusually rapid pace. In the latest trading session, foreign investors sold about $801 million worth of Kospi constituent stocks again; total foreign outflows last week reached about $10 billion, and the market has been in net foreign selling on nearly every trading day over the past month. According to the data cited in the report, foreign investors have sold about $75 billion worth of South Korean stocks so far this year. Meanwhile, South Korean retail and institutional investors together recorded roughly $69 billion in net buying over the same period, suggesting that the market’s main buying support has come from domestic capital rather than returning overseas funds. The information currently disclosed still mainly comes from The Kobeissi Letter’s retelling and Goldman Sachs data summaries, while public details on the statistical period and the specific definition of “selling” remain relatively limited.

Fortune Warns of Strategy’s Financing Structure Risks as Bitcoin Premium Narrows

Fortune warned that Strategy’s Bitcoin treasury model faces growing financing risks as MSTR’s net asset premium narrows and preferred stock dividend pressure increases.

Ferrari Challenge Le Mans: Carl Moon to Dominate in WEEX Livery

The art of absolute control. Inside Carl Moon’s Ferrari 296 Challenge quest at Le Mans, taming the storm together with the official WEEX livery.

Sahara AI Responds to SAHARA’s Sharp Drop: No Contract or Product Security Issues Found, Internal Investigation Underway

Sahara AI responded to SAHARA’s 60% price drop, saying no token contract or product security issues have been found and an internal investigation is underway.

WEEX Deposit/Withdrawal Dynamic Island: Your Asset Status, Always in Sight

WEEX introduces Deposit and Withdrawal Info on Dynamic Island for iOS. See fund transfer progress on your dynamic island, lock screen, or while using other apps. No more guessing. No more refreshing.

Scaling Crypto Derivatives: The Digital Asset Infrastructure Behind High-Volume Trading

In the fast-moving digital asset ecosystem, derivatives platforms face an extreme architectural test. High-leverage futures markets demand more than just standard security—they require absolute operational precision, zero-latency matching engines, and ironclad structural scalability, all while navigating intense market volatility.

As global platforms scale to meet these demands, the industry is shifting away from rigid, monolithic setups toward a more agile, "decoupled" infrastructure philosophy.

The Blueprint for High-Volume Copy Trading

For elite global exchanges like WEEX (founded in 2018), this architectural choice becomes critical when scaling high-volume retail features like social copy trading. When thousands of users automatically mirror the real-time strategies of elite traders simultaneously, it triggers sudden, monumental spikes in concurrent transactional volume.

To prevent execution latency or settlement bottlenecks during these peak volatility events, a platform's primary engine must remain entirely dedicated to risk management, copy-trade synchronization, and order matching.

The Architectural Rule: New-generation platforms must separate front-end user execution engines from heavy backend infrastructural overhead to eliminate operational friction.

By separating these layers, platforms can maintain complete sovereignty over their trading environments and user experiences while strategically aligning with institutional-grade infrastructure ecosystems. This strategic framework allows modern exchanges to leverage advanced Digital Asset Custody infrastructure such as Cobo’s behind the scenes, ensuring that backend wallet management scales elastically alongside trading spikes.

Capitalizing on Market Momentum and 400× Leverage

In a derivatives arena where platforms offer up to 400× leverage on perpetual contracts, capital efficiency and market agility are core business metrics. To capture market momentum, an exchange needs the ability to rapidly expand its asset offerings, supporting everything from legacy crypto assets to sudden, trending altcoins across a massive library of trading pairs.

Adopting a flexible, scalable Wallet-as-a-Service (WaaS) solution such as Cobo’s could completely rewrite the development timeline for high-growth exchanges. Instead of spending months of engineering capital building out custom backend wallet architectures for every new blockchain network, platforms can deploy localized infrastructure in days.

This agility allows platforms to instantly scale their listings to over a thousand trading pairs without compromising security or delaying time-to-market. It mirrors the exact operational advantages seen during high-velocity market events, similar to how advanced wallet infrastructure empowers platforms during sudden asset surges; allowing exchanges to pass that speed and liquidity directly to their global user base.

A Mature Foundation for Growth

The synergy between trusted infrastructure ecosystems and global trading platforms represents the natural evolution of a maturing crypto market. As WEEX continues to scale its global spot and derivatives offerings for over 6 million users, adopting robust backend paradigms proves that platforms no longer have to compromise between cutting-edge trading velocity and uncompromised structural security.

ZachXBT: Humanity private key leak and abnormal surge in H token should be viewed separately