A suspected state-linked $13 million hack has shut down sanctioned Russian cryptocurrency exchange Grinex, cutting off a key sanctions evasion channel from the ruble to cryptocurrencies.
summary
- Russia-linked cryptocurrency exchange Grinex has been shut down after losing more than $13 million in a suspected nationwide cyberattack.
- The platform, which has already been sanctioned by the US, UK and EU, has served as a major support for the ruble to help Russian companies evade sanctions.
- Experts say the loss of Greenex would “severely damage” Russia’s shadow economy and its ability to move money abroad
A major Russian cryptocurrency exchange used to transfer funds around Western sanctions has been shut down after a suspected widespread cyberattack that wiped out more than $13 million and cut off an important financial channel to the country’s shadow economy.
According to DL News, Grinex I mentioned It lost more than 1 billion rubles, or nearly $13 million, in a hack that targeted its core wallet infrastructure, prompting it to halt trading and withdraw before announcing a complete halt to its operations.
In a statement On its Telegram channel, the platform claimed that the hack showed “signs of involvement from foreign intelligence agencies,” suggesting that the tools and resources used were “beyond traditional hackers” and part of “broader pressure on the Russian financial system.”
Grinex was created by former Garantex employees as a follow-on platform after US authorities and its allies sanctioned Garantex for processing more than $100 million in ransomware and other illicit flows, according to the US Treasury Department’s Office of Foreign Assets Control.
OFAC described Grinex as “another cryptocurrency exchange established by Garantex employees to support the company’s efforts to evade sanctions,” and in August 2025 sanctioned Grinex along with A7A5, a ruble-backed token that helped move Russian funds through Kyrgyzstan and other regional intermediaries.
Chainalogy, which tracked the network, said the August 2025 designations were part of a “multi-year effort to dismantle the sanctions evasion infrastructure” that has laundered ransomware proceeds, darknet market revenues and other illicit transactions since at least 2019.
DL News reports that experts now view the collapse of Grinex as more damaging than the hack itself, because it takes away one of the last large trading venues that Russian companies used to convert rubles into stablecoins and other liquid crypto assets that can be exchanged abroad.
A sanctions researcher, quoted by the outlet, said closing Greenex would “seriously damage” the shadow infrastructure that allows Russia to evade Western measures, making it difficult for companies to import goods, pay contractors, and move capital out of the country.
Grinex has also closed RussiaRussia’s economy is generally weakening, with President Vladimir Putin recently admitting that GDP fell by 1.8% year-on-year during January and February, and warning that offshore oil exports could fall to their lowest level since 2023, adding pressure on hard currency inflows.
As mentioned in a previous crypto.news story on how to do this Featured bars While it is possible to reuse offshore exchanges to evade sanctions, the loss of a position like Greenex underscores how quickly geopolitical pressure and volatility can occur. Cyber security The risks could reverse the advantages that obscure platforms once granted to Russia-linked actors.
