BitOK states that the attack on the Grinex exchange is not linked to intelligence agencies., 2026/04/17 11:36:42

Analysts from the BitOK platform have stated that the attack on the Grinex cryptocurrency exchange does not exhibit characteristics of an operation linked to foreign intelligence agencies, resembling more of a typical theft of funds.

The incident took place on April 15, but the exchange did not disclose information regarding the breach for a full day. Experts estimate that the actions of the perpetrators indicate a desire to quickly withdraw funds without intricate coordination.

Hackers managed to extract approximately $6.56 million via the decentralized platform SunSwap. Such methods are atypical for entities associated with governments, which typically employ more sophisticated techniques to obscure transactions, as noted by BitOK.

Furthermore, the attackers accumulated around 45.9 million TRX in a single wallet, whereas groups operating on behalf of governments usually distribute funds across multiple addresses.

Analysts have also questioned the narrative of “political diversion.” They believe that if state structures were involved, asset blocking could have been executed through the issuer of the stablecoin Tether without the need for a hack.

“The actions of the perpetrators indicate a desire to withdraw and cash out funds as quickly as possible,” BitOK remarked.

Experts added that the amount of damage does not align with the scale of intergovernmental operations: with the platform’s turnover around $1 billion daily, the losses represented only a minor fraction.

Previously, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) added Grinex, the Estonian legal entity of the Russian exchange Garantex, as well as the payment services Exved and InDeFi, to its sanctions list.