Roughly $13 million in user funds vanished from Russia crypto exchange Grinex in April 2026, and by the time the exchange suspended trading, the money was already moving fast across blockchain networks toward a single destination wallet. The halt left users unable to access their funds, withdraw balances, or execute trades, with no timeline given for restoration of services.
Blockchain intelligence firm Elliptic confirmed the exploit and began tracking the stolen assets on-chain. The firm identified Grinex as one of the largest venues for converting Russian rubles into crypto assets, despite the exchange being formally registered in Kyrgyzstan, a detail that matters a great deal for the users now waiting on answers.
The full scope of the breach, and whether all affected funds can be accounted for, remains under active investigation.
Grinex, one of Russia's largest cryptocurrency exchanges, was attacked, resulting in a loss of approximately 13 million USDT
Grinex reported a cyberattack that resulted in losses of about 1 billion rubles (approximately $13 million) and led to a suspension of trading services.…
— Wu Blockchain (@WuBlockchain) April 17, 2026
DISCOVER: The Next 1000x Crypto Gem Before It Lists on Binance
How Attackers Drained and Disappeared $13M From One of the Biggest Russia Crypto Exchanges
The attackers targeted Grinex’s hot wallets, the exchange’s internet-connected storage used for processing live trades, and drained a mix of cryptocurrencies in a single coordinated operation. They then converted those assets into Tron ($TRX) tokens across decentralized and over-the-counter trading venues, before consolidating approximately 45.9 million TRX into one destination wallet.
The choice of TRX was not accidental. Tron offers lower transaction fees and faster settlement times than Ethereum, which reduces both cost and complexity during the laundering phase, the kind of operational detail that points to planning, not opportunism. An anonymous blockchain forensics analyst noted that “the rapid conversion to a single asset like $TRX, followed by consolidation, indicates a highly planned operation.”
Grinex publicly attributed the attack to “foreign intelligence services”, specifically pointing fingers at Western state actors. Elliptic found no clear evidence supporting that claim. The stolen funds remain traceable on-chain but have not been recovered. Grinex says it filed criminal complaints and handed all available evidence to law enforcement.
The exchange also has reported ties to A7A5, a ruble-backed stablecoin allegedly used to facilitate over $100 billion in sanctions-evasion activity, a connection that adds a significant layer of regulatory complexity to an already messy situation.
DISCOVER: Best Meme Coin ICOs to Invest in 2026
The post Russia Crypto Exchange Grinex Halts Trading After Reported $13M Exploit appeared first on 99Bitcoins.
