Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to The Block, Grinex, an exchange registered in Kyrgyzstan with ties to the Russian crypto market, has suspended withdrawals and trading following a large-scale cyberattack. A statement on the exchange’s website said that more than 1 billion rubles (approximately $13.1 million) were stolen, describing the attack as a “coordinated operation aimed at undermining Russia’s financial sovereignty,” requiring resources and capabilities exclusive to “hostile states” to carry out. Blockchain analytics firm Elliptic stated that the suspected attacker stole approximately $15 million worth of USDT from wallets associated with Grinex. The funds were then routed through the TRON and Ethereum networks and converted into TRX and ETH, likely in an attempt to reduce the risk of being frozen by Tether. Grinex is considered the successor to the previously sanctioned Garantex exchange. After Garantex shut down, Grinex absorbed its liquidity and users and has since become a major venue for ruble-to-crypto trading. Attack method (per SlowMist): Hot Wallet Compromise. Reported loss: $ 15,000,000.
- chain
- ethereum
- protocol
- Grinex
- bug_class
- private-key
- date_occurred
- 2026-04-16
- loss_usd
- $15,000,000
- source_id
- sm:grinex::2026-04-16