Around $13 million in user funds disappeared from Russian crypto exchange Grinex in April 2026, and by the time the exchange suspended trading, money was already moving quickly through blockchain networks to a single destination wallet. The shutdown prevented users from accessing their funds, withdrawing their balances or executing transactions, with no delay for services to be restored.
Blockchain intelligence firm Elliptic confirmed the exploit and began tracking stolen assets on-chain. The company identified Grinex as one of the largest sites for converting Russian rubles into crypto assets, although the exchange is officially registered in Kyrgyzstan, a detail that matters a lot to users who are now waiting for answers.
The full extent of the breach and whether all affected funds can be accounted for are still under active investigation.
Grinex, one of Russia’s largest cryptocurrency exchanges, was attacked, resulting in a loss of around 13 million USDT.
Grinex reported a cyberattack that resulted in losses of approximately 1 billion rubles (approximately $13 million) and led to the suspension of trading services.…
-Wu Blockchain (@WuBlockchain) April 17, 2026
DISCOVER: The Next 1000x Crypto Gem Ahead of Its Listing on Binance
How attackers drained and disappeared $13 million from one of Russia’s largest crypto exchanges
The attackers targeted Grinex’s hot wallets, the exchange’s internet-connected storage used to process live transactions, and drained a mix of cryptocurrencies in a single coordinated operation. They then converted these assets into Tron ($TRX) tokens on decentralized and over-the-counter trading platforms, before consolidating approximately 45.9 million TRX into a single destination wallet.
The choice of TRX was not accidental. Tron offers lower transaction fees and faster settlement times than Ethereum, reducing both costs and complexity during the laundering phase, the kind of operational details that indicate planning, not opportunism. An anonymous blockchain analyst noted that “rapid conversion to a single asset like $TRX, followed by consolidation, indicates a highly planned operation.”
Grinex publicly attributed the attack to “foreign intelligence services,” specifically pointing the finger at Western state actors. Elliptic found no clear evidence to support this claim. The stolen funds remain traceable on-chain but have not been recovered. Grinex claims to have filed criminal complaints and turned over all available evidence to law enforcement.
The exchange also reported ties to A7A5, a ruble-backed stablecoin that was allegedly used to facilitate more than $100 billion in sanctions evasion activities, a connection that adds a significant layer of regulatory complexity to an already complicated situation.
DISCOVER: The best Meme Coin ICOs to invest in 2026
The post Russia Crypto Exchange Grinex Halts Trading After Reporting $13M Exploit appeared first on 99Bitcoins.
