BREAKING
Jul 8Trump Says Iran Ceasefire Is 'Over' — $450M in Crypto Liquidated in HoursJul 8The SEC Just Surrendered: Startups Can Now Raise $75M in Crypto Without Getting SuedJul 7The U.S. Has $20 Billion in Bitcoin and Nobody's in Charge of ItJul 7Strategy Sold 3,588 Bitcoin at a $15,000-Per-Coin Loss — to Pay Its Own DividendsJul 6A Hacker Borrowed $65 Million, Gave It All Back, and Kept $6 MillionJul 6Someone Spent $4M to Vote $20M Out of BonkDAO's Treasury — And It Was All 'Legal'Jul 5Trump Pocketed $636M. The 988,905 People Who Bought His Meme Coin Lost $3.8 Billion.Jul 5White-Hat Hackers Cracked Aptos With a $3,000 Server — $70 Billion Was on the LineJul 4California Just Started Fining Unlicensed Crypto Platforms $100,000 a DayJul 4Six Feds Have 14 Days to Write the Rules for a $320 Billion IndustryJul 8Trump Says Iran Ceasefire Is 'Over' — $450M in Crypto Liquidated in HoursJul 8The SEC Just Surrendered: Startups Can Now Raise $75M in Crypto Without Getting SuedJul 7The U.S. Has $20 Billion in Bitcoin and Nobody's in Charge of ItJul 7Strategy Sold 3,588 Bitcoin at a $15,000-Per-Coin Loss — to Pay Its Own DividendsJul 6A Hacker Borrowed $65 Million, Gave It All Back, and Kept $6 MillionJul 6Someone Spent $4M to Vote $20M Out of BonkDAO's Treasury — And It Was All 'Legal'Jul 5Trump Pocketed $636M. The 988,905 People Who Bought His Meme Coin Lost $3.8 Billion.Jul 5White-Hat Hackers Cracked Aptos With a $3,000 Server — $70 Billion Was on the LineJul 4California Just Started Fining Unlicensed Crypto Platforms $100,000 a DayJul 4Six Feds Have 14 Days to Write the Rules for a $320 Billion Industry
BTC -- --%
ETH -- --%
Fear & Greed F&G 25 Extreme Fear
ESC
Type to search articles
The World's Most Sanctioned Crypto Exchange Just Got Hacked — and It's Blaming the CIA
BREAKING

The World's Most Sanctioned Crypto Exchange Just Got Hacked — and It's Blaming the CIA

An exchange that spent years helping ransomware gangs, darknet markets, and sanctioned entities launder money just had $13–15 million drained from its users’ wallets. Now it’s blaming the CIA.

Welcome to Grinex. Population: one very bad week.

What Just Happened

On April 16, 2026, Grinex — a Kyrgyzstan-based crypto exchange — announced it was suspending all operations after a “large-scale cyberattack.” The exchange claimed the hack bore “signs of involvement by foreign intelligence services of unfriendly states,” per their Telegram channel. Translation: they’re saying Western spies did it.

Blockchain intelligence firm Elliptic tracked approximately $15 million in USDT leaving Grinex wallets shortly after the incident, while the exchange itself acknowledged over 1 billion rubles ($13.1 million) stolen from user accounts. TRM Labs noted that TokenSpot, a linked Kyrgyzstani token issuer, was simultaneously hit in what appears to be a coordinated operation.

Trading, deposits, and withdrawals are all halted. The exchange says it’s working with law enforcement to open a criminal case — a sentence that lands differently when the entity in question is itself the subject of U.S. Treasury sanctions.

Who Is Grinex? (You Already Know This Exchange)

Grinex is Garantex 2.0 — and that’s not speculation, it’s documented fact.

Garantex was a Russian crypto exchange sanctioned by OFAC in April 2022 for processing over $100 million in illicit transactions linked to ransomware affiliates including Conti, LockBit, Black Basta, Ryuk, and NetWalker, plus major darknet marketplace Hydra. For years it operated openly, serving as a critical financial artery for Russia’s cybercriminal ecosystem.

In March 2025, a coordinated multinational law enforcement action finally dismantled Garantex. Within days, Telegram channels affiliated with the exchange began promoting Grinex — a freshly incorporated Kyrgyzstani exchange that offered “familiar functionality” and actively recruited former Garantex clients to recover their frozen assets. Same team, new shell.

The U.S. didn’t miss it. In August 2025, OFAC sanctioned Grinex along with Garantex co-owners Pavel Karavatsky and Aleksandr Mira Serda. Grinex kept running anyway — it had processed billions of dollars in crypto transactions since its December 2024 creation.

Now, seven months after being sanctioned, it’s dark.

The Irony Is Doing Heavy Lifting

Let’s be clear about what happened here: an exchange that existed specifically to help entities evade Western sanctions and law enforcement just had its users’ funds drained — and responded by accusing the West of attacking it.

There’s no independent evidence confirming the “foreign intelligence” theory. No attribution from any blockchain security firm. No on-chain indicators of a state-level actor. What there is evidence of is $15 million leaving wallets right before the exchange went silent.

The “blame Western spies” narrative also serves a convenient purpose: it frames Grinex as a victim of geopolitical warfare rather than a sanctioned criminal enterprise that failed to protect its users. Russian retail depositors who trusted a sanctioned exchange with their funds are the actual victims here.

What Happens to User Funds?

Unclear — and that’s the charitable answer. Grinex has “paused all exchange activity” and says it’s cooperating with law enforcement. But:

  • The exchange itself is under U.S., U.K., and EU sanctions
  • Its leadership is individually sanctioned
  • Its operating jurisdiction (Kyrgyzstan) has limited enforcement infrastructure
  • And the “foreign intelligence” claim, if taken seriously, implies the funds may already be gone

Users of sanctioned exchanges have essentially no legal recourse under Western law. Russian users may have some options via domestic legal channels, but recovery history for exchange hacks in this space is grim.

Why This Matters for Crypto Jobs

Events like this create real hiring pressure across several verticals:

Blockchain forensics and compliance is booming. Firms like Elliptic, TRM Labs, and Chainalysis that tracked this hack in real time are staffed by analysts who map on-chain fund flows for exactly these moments. These roles — blockchain investigator, sanctions compliance analyst, crypto AML specialist — are among the fastest-growing in the industry.

Exchange security engineering is a perpetual growth area. Every major hack drives a wave of hiring at centralized and decentralized exchanges for security architects, smart contract auditors, and threat intelligence analysts.

Regulatory and policy roles at both crypto companies and traditional financial institutions are expanding as governments escalate enforcement actions. If you’re a lawyer, policy analyst, or compliance professional who understands crypto, your career options have never been better.

The Grinex story is a reminder that “crypto compliance” isn’t a checkbox — it’s an entire ecosystem of jobs that didn’t exist a decade ago.


Looking to work in blockchain security, compliance, or DeFi infrastructure? Browse open roles at cryptogrind.com — the job board built for crypto builders.

How did this hit?

Discussion

Comments are powered by GitHub. Sign in with your GitHub account to chime in.

Related jobs on Cryptogrind

View all

Looking for your next crypto role?

Browse hundreds of Web3 and crypto positions on Cryptogrind — from smart contract engineers to DeFi analysts.

Browse jobs