A crypto exchange already under heavy scrutiny just got hit — and it wasn’t a small attack.
Grinex has stopped all trading after losing around $13–15 million in what it says looks like a highly sophisticated, possibly state-level cyberattack. The funds were drained from 54 different wallets, suggesting this wasn’t random — it was planned.
According to the exchange, the attackers operated with a level of skill and resources that “don’t look like normal hackers.” That’s why they believe it could be linked to a state-backed group.
Here’s how it played out.
The stolen funds, mostly in USDT, were quickly moved across different blockchains like Tron and Ethereum. Then they were converted into other assets. That step matters — because once funds leave USDT, they can’t be frozen by issuers like Tether as easily. In simple terms, the attackers knew exactly how to cover their tracks.
There’s also a bigger layer to this story.
Grinex itself has been under suspicion for a while. Analysts have linked it to the now-shutdown Garantex, which was sanctioned by the US and later targeted by the EU for alleged involvement in illicit finance. Reports suggested that after Garantex went down, some of its activity quietly shifted over to Grinex.
Now this attack raises even more questions.
Blockchain investigators say the trail doesn’t stop at Grinex. Some wallet activity linked to another platform, TokenSpot, overlaps with the same addresses used in the hack. That doesn’t confirm involvement, but it shows how connected these ecosystems can be.
What stands out most is how clean the operation was. Funds were consolidated into a single wallet holding tens of millions, then moved and converted fast enough to avoid being locked.
Right now, Grinex is offline, law enforcement is involved, and the bigger question is whether the platform can even recover from this — especially given its already controversial position in the crypto world.
