Grinex, a cryptocurrency exchange operating with ruble settlements in digital assets despite Western sanctions, has suspended operations after a cyberattack in which more than 1 billion rubles (over $10 million) were stolen from user accounts. The platform blamed “Western intelligence services,” saying it had passed materials to law enforcement and was suspending operations.
In a social media statement, Grinex said its infrastructure has faced “systemic pressure” since its launch, including in the form of sanctions listings and wallet blockages. The exchange claimed the latest attack was an attempt to undermine Russia’s “financial sovereignty,” alleging that the scale and methods of the hack pointed to the involvement of state structures from “unfriendly countries.”
Grinex, registered in Kyrgyzstan, emerged shortly after U.S., German, and Finnish authorities shut down the Garantex crypto exchange in spring 2025. According to an investigation by Transparency International Russia, Grinex is among the services created by former Garantex executives using its previous infrastructure. Blockchain analysis found overlaps between Grinex’s cryptocurrency addresses and previously sanctioned Garantex wallets.
In August 2025, the U.S. Treasury added Grinex to its SDN sanctions list along with several affiliated companies and individuals, including Sergei Mendeleev, Alexander Mira Serda, and Pavel Karavatsky.
Garantex, founded in Estonia in 2019 and effectively operating out of the Russian capital’s Moscow City business district, was considered the country’s largest platform for converting rubles into cryptocurrency. According to the International Consortium of Investigative Journalists (ICIJ), it processed $96 billion in transactions, at least $1.3 billion of which were linked to criminal activity. U.S. authorities accused the exchange of working with Hezbollah, the darknet marketplace Hydra, and North Korean hackers from the Lazarus Group. In March 2025, the U.S. Justice Department announced the seizure of Garantex servers and the blocking of its domains. Its technical administrator, Alexei Beshchekov, and its commercial director, Mira Serda, were charged with offenses carrying up to 20 years in prison. Beshchekov was detained in India but died in custody in August 2025 under unclear circumstances.
Transparency International Russia said the Garantex ecosystem did not disappear after its shutdown but evolved into a network of services — including Grinex, Exved, MKAN Coin, and Indefiti — that continue to facilitate shadow financial flows, including supplies of dual-use goods for Russia’s military-industrial complex.
