Cryptocurrency exchange Greenex announced it would suspend operations amid a large-scale cyberattack “with signs of foreign intelligence services being involved,” the platform’s Telegram channel reported on April 16.
The report indicates that as a result of the hack, Russian user funds worth more than one billion rubles were stolen from cryptocurrency wallets on the exchange. The stock exchange published the addresses of the wallets that were attacked.
“The digital fingerprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states. According to preliminary data, the attack was coordinated with the aim of causing direct damage to the financial sovereignty of Russia,” Greenx representatives said, noting that they had contacted law enforcement agencies.
Grinex calls itself a “leading cryptocurrency exchange” that provides “settlements between Russian companies and citizens.” The Financial Times reported that the platform appeared in Kyrgyzstan at the beginning of 2025.
At the same time, it launched trading in the A7A5 stablecoin, pegged to the ruble and backed by deposits in the sanctioned Promsvyazbank. The newspaper’s investigation said that the A7A5 is designed to facilitate cross-border payments between Russia and other sanctioned countries. Greenex stated that it adheres to international sanctions regulations.
Anti-corruption organization Transparency International Russia described Grinex as a reincarnation of the Garantex exchange. This platform was subject to Western sanctions on charges of cooperating with criminals from different countries, and after the start of the major war between Russia and Ukraine, it began to be used as a tool to circumvent financial restrictions.
In August 2025, USA foot Sanctions against Grinex, stating that the platform is linked to the Garantex cryptocurrency exchange and engages in cryptocurrency transactions aimed at circumventing sanctions.