US-sanctioned crypto exchange blames Western intelligence for $15M cyberattack

A US-sanctioned cryptocurrency exchange based in Kyrgyzstan has suspended operations after suffering a multimillion-dollar cyberattack it claims was orchestrated Grinex, which faces American sanctions for allegedly facilitating ransomware operations, reported a $13 million theft but blockchain researchers at TRM identified approximately $15 million in stolen assets across 70 drained cryptocurrency addresses. The exchange said the sophisticated attack specifically targeted its Russian user base. "The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states," Grinex stated, suggesting Western government involvement aimed at damaging "Russia's financial sovereignty." Research firm TRM discovered that a second Kyrgyzstan-based exchange, TokenSpot, was breached simultaneously, with both platforms becoming inoperable on Wednesday. TRM identified TokenSpot as a front for Grinex, which itself was previously sanctioned as a rebrand of Garantex exchange. The U.S. Treasury Department sanctioned Garantex in 2022 for processing over $100 million in transactions linked to ransomware actors and other cybercriminal activities. Grinex faced sanctions last year following TRM's analysis that it likely served as a Garantex front operation. Grinex has reported the incident to law enforcement and initiated criminal proceedings while suspending all exchange operations indefinitely.