Grinex is based in Kyrgyzstan but is linked to Russia. Last year, the exchange was sanctioned by the United States, the United Kingdom and the European Union. In a statement posted on Telegram, the company claimed that “foreign intelligence services” from unfriendly states may have been involved in the attack, but Reuters said it could not independently verify the claim.
On its website, the exchange said Grinex had been hit by a “targeted attack by Western intelligence services,” allegedly resulting in the theft of more than 1 billion rubles from Russian users.
Reuters recalled that U.S. authorities had previously accused Grinex of helping clients evade sanctions through the use of the A7A5 stablecoin, pegged to the Russian ruble. Western officials say this infrastructure became one of the tools used to support Russia’s foreign trade settlements after it was cut off from the SWIFT system following its full-scale war against Ukraine.
The Grinex incident is another blow to the crypto infrastructure Moscow has been building to circumvent sanctions. Reuters noted that Russia has in recent years actively developed alternative digital financial mechanisms due to restrictions on traditional banking access.
In August 2025, Reuters reported that the United Kingdom, together with the United States, imposed sanctions on crypto networks linked to the ruble-pegged A7A5 stablecoin, including Grinex LLC and Old Vector LLC in Kyrgyzstan. Western governments believe these entities helped Russia bypass financial restrictions imposed over its war against Ukraine.