Grinex Halts Trading After $15M USDT Hack
Kyrgyzstan crypto exchange Grinex paused trading and withdrawals after hackers stole more than $15 million in USDT and moved the funds across Tron and Ethereum.
Kyrgyzstan-based crypto exchange Grinex halted trading and withdrawals on Tuesday after attackers stole more than $15 million in USDT and moved the tokens across the Tron and Ethereum networks to obscure their origin.
Grinex confirmed the breach in a public statement and reported it froze platform activity, including withdrawals, and filed a criminal complaint. The exchange provided available logs and transaction details to law enforcement to support the investigation.
Blockchain analytics firm Elliptic tracked transfers from Grinex wallets and reported that the stolen USDT were routed through multiple addresses and converted into TRX and ETH, a common tactic to reduce the chance that Tether would freeze the funds. Elliptic identified a consolidation step in which about 45.9 million TRX, roughly equal to $15 million, landed in a single wallet.
Security researchers have documented similar attacks in 2025 and 2026 that exploited hot-wallet vulnerabilities and signing-flow weaknesses. Attackers frequently use chain-hopping and layering-moving assets across different blockchains and many addresses-to complicate tracing on public ledgers.
Users could not access funds after Grinex froze operations. The exchange has previously reported pressure from sanctions, transaction restrictions and a pattern of smaller attacks. Market observers regard Grinex as a successor to Garantex, an exchange that shut down in 2025 after sanctions tied to alleged money laundering; many customers and liquidity moved to Grinex following that closure.
Grinex hosts activity in stablecoins, including a ruble-backed token called A7A5 that runs on Ethereum and Tron. Elliptic noted that a small number of wallets control a large share of transactions tied to sanctioned actors and that stablecoins can be used to route funds across borders.
Investigators are tracing the stolen funds and reviewing Grinex’s security controls. Grinex has said it shared data with authorities to assist asset recovery and identify perpetrators. The criminal complaint is under investigation.
Content on BlockPort is provided for informational purposes only and does not constitute financial guidance.
We strive to ensure the accuracy and relevance of the information we share, but we do not guarantee that all content is complete, error-free, or up to date. BlockPort disclaims any liability for losses, mistakes, or actions taken based on the material found on this site.
Always conduct your own research before making financial decisions and consider consulting with a licensed advisor.
For further details, please review our Terms of Use, Privacy Policy, and Disclaimer.
Articles by this author
