US-Sanctioned Exchange Blames $15M Heist on Unfriendly States
▼ Summary
– The US-sanctioned cryptocurrency exchange Grinex is shutting down after a heist it attributes to “western special services,” which stole approximately $13 million.
– Blockchain researchers at TRM confirmed the theft and identified a higher value of $15 million from about 70 drained addresses, more than Grinex initially reported.
– Grinex claims the sophisticated attack was aimed at damaging Russia’s financial sovereignty and that it has faced constant attack attempts since its launch 16 months ago.
– A second Kyrgyzstan-based exchange, TokenSpot, was also breached, with evidence suggesting it was a front for Grinex and both were hit by the same attacker.
– The US Treasury Department had previously sanctioned Grinex as a rebrand of Garantex, an exchange accused of facilitating over $100 million in illicit transactions.
A cryptocurrency exchange under U.S. sanctions has announced it is ceasing operations following a major security breach, alleging that sophisticated state-backed hackers were responsible. Grinex, which is registered in Kyrgyzstan, claims it lost $13 million in a heist orchestrated by “western special services.” Independent blockchain analysis from TRM Labs, however, places the total losses higher, valuing the stolen assets at approximately $15 million from around 70 compromised wallets. The exchange stated it has faced relentless cyber attacks since its launch over a year ago, with the most recent incidents specifically targeting its Russian user base. Neither TRM nor other analytics firms have detailed how the attackers bypassed the platform’s security.
In a public statement, Grinex framed the incident as a geopolitical attack, asserting the digital footprints pointed to capabilities only available to state entities. “The nature of the attack indicates an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” the exchange claimed. It further alleged the coordinated assault aimed at “causing direct damage to Russia’s financial sovereignty.” Following the breach, Grinex declared it was forced to suspend all operations and has provided available information to law enforcement to initiate a criminal investigation.
Blockchain researchers uncovered a connection to a second Kyrgyzstan-based platform, TokenSpot. Analysis shows that funds from TokenSpot were sent to the same consolidation address used in the Grinex theft. Both exchanges became inoperable on the same day, strongly suggesting they were compromised by the same actor. TRM Labs identified TokenSpot as a front for Grinex, which itself was sanctioned by the U. S. Treasury Department’s Office of Foreign Assets Control (OFAC) last year. U. S. authorities have stated that Grinex is a rebrand of Garantex, an exchange sanctioned in 2022 for facilitating illicit finance. OFAC previously reported that Garantex processed over $100 million in transactions linked to ransomware and cybercrime since 2019. The sanctions against Grinex followed a TRM report from earlier last year which had already identified the new entity as a likely successor to the sanctioned operation.
(Source: Ars Technica)
