Sanctioned crypto exchange Grinex halts after $15M drain, blames 'unfriendly states'
Original source
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Ars Technica →Grinex, a Kyrgyzstan-registered cryptocurrency exchange already under US Treasury sanctions, has suspended operations after attackers drained roughly $15 million across about 70 addresses. The exchange blamed ‘western special services,’ framing the intrusion as a coordinated strike against ‘Russia’s financial sovereignty,’ though neither Grinex nor the blockchain analytics firms tracking the incident have disclosed how the attackers bypassed its defenses.
TRM Labs identified a second Kyrgyz exchange, TokenSpot, as hit by the same actor: funds from both platforms funneled into a shared consolidation address, and both went offline on the same day. TRM assesses TokenSpot as a front for Grinex, which itself is a rebrand of Garantex — the exchange OFAC sanctioned in 2022 for processing over $100 million tied to ransomware operators and other cybercrime.
The pattern fits a now-familiar lifecycle for sanctioned exchanges: rebrand, relocate to a permissive jurisdiction, resurface under a new name, and attract targeted attention. Whether the attacker was a state service or an opportunistic crew exploiting a platform with limited legal recourse, the outcome is the same — a sanctioned entity laundering illicit flows cannot credibly call for help, and the funds are gone.
Read the full article
Continue reading at Ars Technica →This is an AI-generated summary. Read the original for the full story.