Sanctioned Grinex halts after $14M hack, USDT traced to TRON/Ethereum flows
Sanctioned crypto exchange Grinex has suspended trading after a $14M (about 1B rubles) hack. Grinex said stolen funds came from 54 addresses and the attack showed an “unprecedented level of resources,” which it claims could align with hostile-state capabilities. The exchange is registered in Kyrgyzstan but linked to Russia’s crypto ecosystem and has faced US allegations tied to sanctions evasion and money laundering.
Latest reporting adds more chain-level detail. TRM Labs said wallets linked to TokenSpot (an exchange with on-chain ties to Grinex) sent about $5,000 to the same consolidation address used by the attacker. Elliptic estimated roughly $15M in USDT left Grinex accounts, and the stolen USDT was converted into other assets on TRON or Ethereum to reduce exposure to potential USDT freezes. Elliptic also identified the consolidation address holdings at 45.9M TRON (TRX), worth nearly $15M.
For traders, the key takeaway is risk to sanctioned on/off-ramps: Grinex is disrupted, while investigators continue to track USDT/TRX/Ethereum flows tied to alleged sanctions evasion. Grinex said it transferred information to law enforcement and filed a criminal complaint.
Neutral
This is primarily a counterparty and compliance shock, not a change to USDT/USDT mechanics or to TRON/Ethereum protocol fundamentals. In the short term, the Grinex hack and the traced USDT→TRON/Ethereum conversions can increase perceived settlement and custody risk around sanctioned on/off-ramps, which may pressure liquidity and widen risk premiums for assets associated with that flow. Over the medium term, enforcement pressure and ongoing investigations can further reduce trust in similar entities, but there is no direct market-wide token supply or utility impact implied by the reports. Net effect on the mentioned cryptocurrencies’ prices is therefore likely limited, hence neutral.