What to know:
- Two Russia Sanctioned Excahnges have been hacked, causing a combined drain of over $15 Million in users funds.
- The attacker converted stolen funds into TRX and consolidated nearly $15 million into a single wallet, making tracking easier but recovery unlikely.
A recent cyberattack has hit two platforms linked to Russia Sanctioned Exchanges. According to TRM Labs report, the recent attack targeted Grinex and TokenSpot, causing the two platforms to loose about $15 million. The incident raises concerns about the security and stability of Russia Sanctioned Exchanges.
Grinex has confirmed the breach and has so far suspended its operations after most of its users funds were drained.
Source: TRMLabs
According to blockchain analysis, the attacker moved stolen funds through the TRON network. Most of the assets, initially held in USDT, were quickly converted into TRX using decentralized exchanges and then consolidated into a single wallet. Investigators identified around 70 wallet addresses tied to the hack, more than what the exchange publicly disclosed.
Also Read: Russia-Linked Crypto Exchanges Continue to Move Billions for Sanctioned Entities
Interestingly, TokenSpot appears to have been affected at the same time. Although the losses there were much smaller, its wallets sent funds to the same destination address used in the Grinex attack, suggesting a coordinated operation. TokenSpot briefly went offline before resuming services, describing the disruption as “technical work.”
How the Russia Sanctioned Exchanges Built Networks to Evade Sanction
Grinex, one of the Russia Sanctioned Exchanges has long been suspected of acting as a replacement for Garantex, which was dismantled in 2025. After that shutdown, Grinex came back again, attracting former users and continuing similar operations.
Authorities, including Office of Foreign Assets Control, had already sanctioned Grinex for helping users facilitate financial activity tied to restricted entities. Before its closure, Garantex managed to processed over $100 billion in transactions, much of it linked were tied to other Russia Sanctioned Exchanges actors.
TokenSpot also plays a key role in this ecosystem. Despite being registered in Kyrgyzstan, it has processed billions in crypto transactions and shows strong financial links to both Grinex and the wider sanctions-evasion network. Analysts believe it may function as a front operation supporting these activities.
The attack, while relatively small compared to the scale of these networks, highlights a deeper vulnerability. It shows that even systems designed to bypass global financial restrictions are not immune to cyber threats.
Also Read: CEX Trading Plunges 39% in Q1 as CoinGecko Warns of Brutal Crypto Winter
Be the first to comment