Approximately $13 million in user funds disappeared from Russian cryptocurrency exchange Greenex in April 2026, and by the time the exchange stopped trading, funds were already rapidly moving through the blockchain network towards a single destination wallet. The outage prevents users from accessing funds, withdrawing balances, or performing transactions, and there is no timeline for service restoration.
Blockchain intelligence firm Elliptic confirmed the exploit and began tracking the stolen assets on-chain. The company identifies Greenex as one of the largest exchanges converting Russian rubles into crypto assets, even though it is officially registered in Kyrgyzstan, a detail that is very important for users who are currently waiting for answers.
The full scope of the breach and the ability to account for all funds affected remains an active investigation.
Greenex, one of Russia’s largest cryptocurrency exchanges, was attacked, resulting in a loss of approximately 13 million USDT
Greenex reported a cyber attack that resulted in losses of approximately 1 billion rubles (approximately $13 million) and led to the suspension of trading services.
— Wu Blockchain (@WuBlockchain) April 17, 2026
Discover: Next 1000x Crypto Gems before being listed on Binance
How attackers drained $13 million from Russia’s largest cryptocurrency exchange and made it disappear
The attackers targeted Greenex’s hot wallet, the exchange’s internet-attached storage used to process live trades, and exfiltrated various cryptocurrencies in a single, coordinated operation. They then converted those assets into Tron ($TRX) tokens across decentralized over-the-counter trading venues, and then consolidated approximately 45.9 million TRX into a single destination wallet.
The choice of TRX was no accident. Tron has lower transaction fees and faster settlement times than Ethereum, reducing both cost and complexity during the laundering stage. This is the kind of operational detail that shows planning rather than opportunism. An anonymous blockchain forensic analyst pointed out that “the rapid transformation and subsequent consolidation into a single asset like $TRX indicates a highly planned operation.”
Greenex publicly claimed that the attack was the work of “foreign intelligence” and specifically blamed Western state actors. Elliptic found no clear evidence to support its claims. The stolen funds can be tracked on-chain, but have not yet been recovered. Greenex said it has filed criminal charges and turned over all available evidence to law enforcement.
The exchange also reported a link to the ruble-backed stablecoin A7A5, which was allegedly used to facilitate over $100 billion in sanctions evasion activities, adding significant regulatory complexity to an already confusing situation.
Discover: The Best Meme Coins ICOs to Invest in in 2026
The post Russian cryptocurrency exchange Greenex suspends trading after $13 million exploit report appeared first on 99Bitcoins.
