For business
KYT office
Compliance solution to monitor risks, detect sanctions and ensure AML rules.
KYT office
Compliance solution to monitor risks, detect sanctions and ensure AML rules.
AML certification
How industry players can get up-to-date knowledge and professional certification.
AML certification
How industry players can get up-to-date knowledge and professional certification.
Comprehensive transaction analytics that helps to build graphs and trace funds.
Graph
Travel rule
(soon)
For personal use
Telegram bot
Bot for checking crypto for risks, providing AML reports.
Telegram bot
Bot for checking crypto for risks, providing AML reports.
Getting money back
Services are focused on tracking
and recovering crypto assets.
and recovering crypto assets.
Getting money back
Services are focused on tracking
and recovering crypto assets.
and recovering crypto assets.
Docs and reports
All types of documents related
to cryptocurrency.
to cryptocurrency.
Docs and reports
All types of documents related
to cryptocurrency.
to cryptocurrency.
Portfolio tracker
Information about all assets and risk assessment in one place.
Portfolio tracker
Information about all assets and risk assessment in one place.
AML checks
Сhecking wallets and transactions
for illicit funds.
for illicit funds.
AML checks
Сhecking wallets and transactions
for illicit funds.
for illicit funds.
AML-сертификация
Актуальные знания в области AML/KYT от ведущих экспертов отрасли.
AML-сертификация
Актуальные знания в области AML/KYT от ведущих экспертов отрасли.
Graph
Визуализация перемещения активов
и связей между кошельками.
и связей между кошельками.
Graph
Визуализация перемещения активов
и связей между кошельками.
и связей между кошельками.
KYT Office
Мониторинг транзакций и кошельков для вашего отдела комплаенса.
KYT Office
Мониторинг транзакций и кошельков для вашего отдела комплаенса.
Для себя
Для Бизнеса
Travel rule
(Cкоро)
Телеграм-бот
Бот для проверки кошельков и транзакций с выдачей отчётов.
Телеграм-бот
Бот для проверки кошельков и транзакций с выдачей отчётов.
Возврат средств
Услуги по отслеживанию и возврату украденных криптоактивов.
Возврат средств
Услуги по отслеживанию и возврату украденных криптоактивов.
AML-проверки
Проверка кошельков и транзакций на наличие "грязной" криптовалюты.
AML-проверки
Проверка кошельков и транзакций на наличие "грязной" криптовалюты.
Портфолио трекер
Информация о всех активах и оценка рисков в одном месте.
Портфолио трекер
Информация о всех активах и оценка рисков в одном месте.
Отчёты
Все типы документов связанные
с криптовалютой.
с криптовалютой.
Отчёты
Все типы документов связанные
с криптовалютой.
с криптовалютой.
The Russian cross-border payment market is facing its most significant crisis of the past year. The crypto exchange Grinex—widely regarded by market participants and international regulators as the direct successor to the shuttered Garantex platform—has officially announced a massive security breach.
The damage has already exceeded 1 billion rubles ($ 13.1 million), forcing the platform to halt all operations. The BitOK team has identified exactly where the trading platform’s funds were moved.
The damage has already exceeded 1 billion rubles ($ 13.1 million), forcing the platform to halt all operations. The BitOK team has identified exactly where the trading platform’s funds were moved.
Table of Contents:
1.Attack Details and Emergency Shutdown
2.BitOK Investigation: Arguments Against the "Secret Service" Theory
3.Comparative Analysis: Probability of State-Sponsored Involvement
4.The Legacy of Garantex
5.Russia's Depositary Plans Under Scrutiny
1.Attack Details and Emergency Shutdown
2.BitOK Investigation: Arguments Against the "Secret Service" Theory
3.Comparative Analysis: Probability of State-Sponsored Involvement
4.The Legacy of Garantex
5.Russia's Depositary Plans Under Scrutiny
Attack Details and Emergency Shutdown
Attack Details and Emergency Shutdown
Official representatives from Grinex confirmed they were the victims of a targeted cyberattack. The company claims the level of sophistication suggests the involvement of foreign intelligence services. According to the platform's version of events, the attack was a coordinated strike by "unfriendly states" aimed at the Russian financial system.
As of now, the situation stands as follows:
As of now, the situation stands as follows:
- Total Loss: Over 1 billion rubles ($13.1 million) stolen.
- Method: Assets were rapidly converted into Tron (TRX) and consolidated into a single wallet.
- Current Wallet Status: The attackers' address currently holds approximately 45.9 million TRX (roughly $15 million).
Management has contacted law enforcement, providing investigators with all technical "digital footprints" left by the attackers.
The breach was recorded on April 15, 2026, but it was kept hidden for 24 hours.
The breach was recorded on April 15, 2026, but it was kept hidden for 24 hours.
BitOK Investigation: Arguments Against the "Secret Service" Theory
BitOK Investigation: Arguments Against the "Secret Service" Theory
Independent investigators from BitOK conducted their own analysis of the fund movements, casting doubt on the theory of foreign intelligence involvement. According to experts, the attackers' actions resemble a standard high-stakes robbery for profit rather than a political sabotage mission.
BitOK analysts discovered the following:
BitOK analysts discovered the following:
- All stolen funds were withdrawn through the decentralized platform SunSwap.
- The total amount withdrawn via this service was approximately $6.56 million.
- The nature of the transactions does not match the signature of elite, state-sponsored hacking groups.
Visualizing the Theft: BitOK used its Graph tool to map the path of the assets stolen from Grinex.
Experts highlight a crucial detail: if foreign authorities were behind the attack, they wouldn't need to "hack" the wallets. Tether (USDT), the issuer of the most popular stablecoin, could simply freeze the exchange's accounts upon an official request, as previously seen with Garantex assets. The direct withdrawal through SunSwap indicates the criminals' desire to quickly "cover their tracks" and cash out.
Experts highlight a crucial detail: if foreign authorities were behind the attack, they wouldn't need to "hack" the wallets. Tether (USDT), the issuer of the most popular stablecoin, could simply freeze the exchange's accounts upon an official request, as previously seen with Garantex assets. The direct withdrawal through SunSwap indicates the criminals' desire to quickly "cover their tracks" and cash out.
Comparative Analysis: Probability of State-Sponsored Involvement
Comparative Analysis: Probability of State-Sponsored Involvement
The Legacy of Garantex
The Legacy of Garantex
Grinex was no random player in the market. The platform emerged in the spring of 2025, just two weeks after the closure of the notorious Garantex exchange. The connection is evident: Grinex not only adopted the interface and infrastructure but also continued serving the old platform's clientele.
The core team and established transfer routes remained intact under the new brand. This continuity allowed the exchange to dominate the ruble-to-crypto cash market quickly, but it also made it a primary target.
The core team and established transfer routes remained intact under the new brand. This continuity allowed the exchange to dominate the ruble-to-crypto cash market quickly, but it also made it a primary target.
Russia’s Depositary Plans Under Scrutiny
Russia’s Depositary Plans Under Scrutiny
The Grinex incident raises serious questions about the security of Russian crypto assets. While the proposed creation of regulated crypto-depositaries in Russia might protect users from technical theft, it creates new global risks.
Centralized stablecoins like USDT remain highly vulnerable. Their issuer can freeze any address instantly. If official registries are established in Russia, those wallets will become "transparent" to Western monitoring systems, making them easier to block. Businesses may soon have to choose between domestic legal compliance and using decentralized tools that cannot be remotely deactivated.
Ultimately, the Grinex situation highlights the ongoing risk of asset theft. In such cases, users of national depositaries could lose everything. As of this writing, Russian law provides no established norms for compensating such losses.
Centralized stablecoins like USDT remain highly vulnerable. Their issuer can freeze any address instantly. If official registries are established in Russia, those wallets will become "transparent" to Western monitoring systems, making them easier to block. Businesses may soon have to choose between domestic legal compliance and using decentralized tools that cannot be remotely deactivated.
Ultimately, the Grinex situation highlights the ongoing risk of asset theft. In such cases, users of national depositaries could lose everything. As of this writing, Russian law provides no established norms for compensating such losses.
