Grinex Hack: 1B Ruble Stolen, Exchange to Compensate via A7A5
The Grinex hack has reportedly stolen about 1 billion rubles (over $13M) worth of crypto. Grinex halted deposits and withdrawals on Grinex.io after the mid-April breach and said the funds remain in attacker-controlled wallets, though AML services have marked them as stolen.
On-chain tracing cited by CoinKit shows attackers withdrew Tether (USDT) from 54 addresses—mostly on Tron—then converted USDT to TRX via SunSwap (Sun.io) and consolidated proceeds into a single Tron address. Russian police have opened an investigation.
In its latest update, Grinex said compensation will start with the ruble-pegged stablecoin A7A5. The exchange claims the A7A5 holdings are consolidated in a public attacker wallet and are “inaccessible for recovery,” while management says it will raise funds, restore infrastructure, and build mechanisms for future compensation. Grinex also floated a “Western intelligence” attribution, which compliance analysts at BitOK dispute.
For traders, the Grinex hack raises near-term counterparty and custody risk concerns around USDT on Tron and exposes liquidity/rollout risk tied to Russia-adjacent on-ramps and A7A5 stablecoin venues.
Neutral
For USDT specifically, the event is likely to be more about custody and venue risk than about forcing large spot price moves. Grinex stated funds remain in attacker-controlled wallets and that compensation will be paid via A7A5, which can create localized stress in Russia-adjacent rails. However, as a stablecoin, USDT price is typically insulated from single-exchange incidents, so broader market impact should be limited unless further major issuers/liquidity venues are implicated. Net effect: likely neutral on USDT’s price, with elevated short-term risk sentiment and potential spreads/volume shifts on Tron-linked on-ramps tied to Grinex.