Grinex, a cryptocurrency exchange based in Kyrgyzstan and previously sanctioned by both the U.K. and U.S., has announced the suspension of its operations following a cyber attack that resulted in a theft of $13.74 million. The exchange claims that the attack bears the hallmarks of involvement from Western intelligence agencies.
Details of the Cyber Attack
The attack, which occurred on April 15, 2026, is described by Grinex as a large-scale operation that utilized advanced resources typically associated with state-sponsored actors. The company stated that over 1 billion rubles in user funds were stolen, and preliminary investigations suggest the attack aimed to undermine Russia’s financial sovereignty.
Background on Grinex and Garantex
Grinex is believed to be a rebranding of Garantex, another cryptocurrency exchange that faced sanctions from the U.S. Treasury Department in April 2022 for facilitating money laundering linked to ransomware and darknet markets. Garantex was sanctioned again in August 2025 for processing over $100 million in illicit transactions. Following these sanctions, Garantex reportedly transitioned its customer base to Grinex while continuing operations through a ruble-backed stablecoin.
Implications of the Incident
The breach not only impacts Grinex but also raises concerns about the broader implications for cryptocurrency exchanges operating in sanctioned environments. The incident has been linked to ongoing efforts to evade sanctions against Russia, with blockchain intelligence firms noting that Grinex had engaged in significant transactions with other exchanges, including Rapira, which totaled more than $72 million.
Aftermath and Speculation
Following the attack, Grinex’s infrastructure has been under scrutiny, with claims that it has faced ongoing cyber threats since its inception. The incident has prompted discussions about whether it could be a false flag operation, potentially orchestrated by insiders to create a narrative around external threats. Regardless, the disruption to Grinex significantly affects the infrastructure that supports sanctions evasion efforts.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
