A US-sanctioned cryptocurrency exchange operating from Kyrgyzstan has suspended operations after hackers stole $13-15 million in digital assets. Grinex, which has been under constant attack attempts since its 2023 incorporation, blamed the sophisticated breach on “western special services” hackers targeting Russian users.

Blockchain researchers from TRM confirmed the theft affected roughly 70 addresses, about 16 more than Grinex initially reported. The exchange claims the attackers’ “digital footprints” and resources point to state-sponsored actors seeking to damage “Russia’s financial sovereignty.” Neither TRM nor Elliptic has disclosed how the hackers bypassed Grinex’s security measures.

TRM also linked the attack to TokenSpot, another Kyrgyzstan-based exchange that became inoperable on the same day. Researchers say TokenSpot appears to be a front for Grinex, which the US Treasury sanctioned last year as a rebrand of Garantex, previously sanctioned in 2022 for facilitating over $100 million in illicit transactions. The coordinated attack suggests a broader campaign against Russia-friendly cryptocurrency infrastructure.