Grinex, a cryptocurrency exchange registered in Kyrgyzstan, stopped withdrawals and trading operations after a large-scale cyber attack targeting its wallet infrastructure. Users trying to access the platform encountered a statement published on the home page. The statement stated that more than 1 billion rubles, or approximately $13.1 million, in assets were stolen.
Size of the attack and movements on the chain
In the information shared by the exchange, it was claimed that the attack was carried out in an organized manner and its goal was to prevent the exit of crypto assets from the region. It was also claimed that the attack was carried out with resources and technologies that only certain state actors could have.
The blockchain analysis company shared a higher estimate of the size of the attack. According to the company, the attacker withdrew approximately $15 million worth of USDT from wallets linked to Grinex. This figure is above the amount announced by the stock exchange.
It was reported that the funds in question were then directed to different addresses via Tron and Ethereum networks. It was then determined that the assets were converted into TRX and ETH. It is considered that this step was taken to reduce the risk of freezing stolen assets.
According to Elliptic’s assessment, this conversion process may have been specifically chosen to limit the risk of blacklisting that could be imposed by the stablecoin issuer. Tether has the authority to block addresses associated with illegal activities.
It was seen that there was approximately 45.9 million TRX in a wallet pointed out by Grinex, and its value was over 15 million dollars. This suggests that most of the stolen assets were concentrated in a single location after the initial transfers.
A rising platform after Garantex
Grinex is often considered by the market as a continuation of its stock exchange. Last year, Garantex was targeted by US authorities on the grounds that it was intermediating illegal transactions and its activities were stopped.
Following this development, users and liquidity turned to alternative platforms such as Grinex. Grinex, which has become an important center for crypto asset transactions, especially in ruble, has played a remarkable role in regional markets.
The platform also stands out as an important center for ruble-backed stablecoin A7A5 transactions. According to Elliptic’s estimates, the total transaction volume through this asset has exceeded 100 billion dollars.
Elliptic’s findings reveal that the attacker is trying to make funds harder to track by moving them across different networks and converting them into TRX and ETH, aiming to reduce the risk of possible freezing.
