The hackers drained the Greenex pockets and moved the funds to TRX by way of SunSwap earlier than consolidating the belongings right into a single TRON deal with.
Greenex, a licensed cryptocurrency change serving Russian firms and particular person customers, has introduced that it has suffered a significant cyberattack that stole funds value greater than 1 billion rubles from customers’ wallets.
The change described the incident as a focused operation and stated there have been indicators of overseas intelligence involvement. The report stated the assault’s technical signature and scale counsel the usage of refined assets usually obtainable to state-sponsored attackers.
Following the breach, Greenex ceased operations.
Publicity of laundering routes
Within the official replace, the change revealed All related data has been handed over to legislation enforcement authorities. Prison costs have additionally been filed on the location of the infrastructure. Greenex stated that the entire harm attributable to this assault is estimated to be roughly 13.74 million USDT.
Blockchain evaluation firm TRM Labs reported Roughly 70 addresses had been related to the hack, which is roughly 16 greater than the addresses printed by Grinex. In response to our findings, all stolen belongings had been exchanged into TRX by way of SunSwap after which pooled right into a single TRON deal with.
The report additionally states that TokenSpot, which TRM found to be a possible entrance associated to Garantex, was additionally affected across the identical time. Two of these wallets transferred funds to the identical built-in deal with utilized by the Grinex-linked pockets. Each platforms reportedly went offline on April 15 and will have been focused by the identical attackers.
Greenex was established in Kyrgyzstan in December 2024, just some weeks earlier than a coordinated legislation enforcement operation cracked down on cryptocurrency change Garantex, which had beforehand been flagged for high-risk exercise in March 2025. Shortly after Garantex was shut down, Telegram channels linked to it started directing customers to Grinex, providing it as a substitute platform with related performance. These channels additionally inspired former prospects emigrate to regain entry to frozen funds.
You might also like:
This led the US Treasury Division’s OFAC to impose sanctions on Grinex in the identical yr, together with people related to Garantex and Outdated Vector, the issuer of the A7A5 token. Earlier than the shutdown, Galantex had processed greater than $100 billion in transactions whereas underneath sanctions beginning in 2022.
The report additionally make clear the usage of A7A5, a ruble-pegged stablecoin issued by Outdated Vector. In response to our findings, the Garantex pockets started transferring funds to A7A5 in early 2025, earlier than the enforcement motion started. After the shutdown, former customers had been issued A7A5 credit on Grinex equal to their frozen balances, permitting them to proceed buying and selling by way of the brand new system.
Russia-related unlawful actions
A earlier report by the platform discovered that illicit cryptocurrency inflows surged in 2025, with roughly $158 billion flowing into suspicious wallets. This improve was primarily associated to Russia-related actions and improved monitoring strategies. Regardless of the rise, unlawful transactions nonetheless account for less than about 1.2% of whole on-chain transaction quantity.
A7A5 was the most important contributor, bringing in about $72 billion in income. One other $39 billion was related to the A7 pockets cluster. Most of this exercise was associated to Garantex, Grinex, and A7.
Binance Free $600 (Unique to CryptoPotato): Obtain an unique welcome provide of $600 on Binance while you register a brand new account utilizing this hyperlink (Full particulars).
Unique provide for Bybit’s CryptoPotato readers: Use this hyperlink to register and open a $500 free place on any coin!
