On April 16, 2026, the Russian cryptocurrency exchange Grinex lost over 1 billion rubles in user funds. The exchange ceased operations. The office in Moscow City closed. Technical support disappeared. The first message from the administration: “Friends, technical break!” Then—silence. Fifty-four wallets were affected. That was four days ago.
We’re figuring out what’s happening with the crypto market in Russia, who’s behind these incidents, and where and how it’s actually safe to store cryptocurrency in 2026.
The hack of the Grinex crypto exchange in Moscow City: who, what, and why
Let’s start with what happened just this week—otherwise, the whole discussion about storage security will be abstract.
Grinex is a specialized cryptocurrency exchange that was founded in the spring of 2025.
The media immediately reported that it is the successor to the Russian crypto exchange Garantex, which the U.S. Treasury Department shut down in March 2025: it seized the domains, froze $26 million in assets, and filed charges against its founders. Garantex had been listed by OFAC as a money laundering tool since 2022. According to the regulator, transactions totaling over $100 million linked to the operators of the Conti ransomware and the Hydra darknet marketplace passed through it.
Just a few days after Garantex was shut down, advertisements for Grinex appeared on Telegram channels. The platform, which has a nearly identical interface, was registered in Kyrgyzstan in December 2024. As early as August 2025, OFAC explicitly named Grinex as Garantex’s successor and imposed sanctions against it. The United Kingdom and the European Union followed suit with their own restrictions.
Grinex itself denied everything: there is no connection to Garantex; this is “speculation.” At the same time, experts pointed to similarities in the registration data of both entities—the infrastructure and some of the staff, they said, are virtually identical.
On April 16, it all came to an end. The Grinex exchange announced a “targeted attack by Western intelligence agencies.”
I quote from the official statement:
“Digital traces and the nature of the attack indicate an unprecedented level of resources and technologies available exclusively to entities in unfriendly states.”
It sounds ominous. But who is really behind what happened is a big question. There are three main theories:
- A genuine external attack. The US and the UK had both the motive and the resources to put pressure on a sanctioned exchange. The Garantex incident showed that Western regulators know how to strike the crypto market with precision.
- An inside job or a “quiet scam.” The exchange is under sanctions, the founders have been exposed, and their business prospects are limited. A classic exit strategy: announce a hack and disappear. Analogy: CommEX, to which Binance transferred its Russian business in 2023, shut down in May 2024—quietly and without explanation.
- A combination. A real attack on a weakened infrastructure that had long had a vulnerability, and management took advantage of the situation to avoid returning funds.
We will most likely never know the truth.
Victims: 54 wallets, over a billion rubles, and victims are already contacting law enforcement. The precedent for fund recovery in Russian crypto bankruptcy cases is virtually nonexistent.
The moral is simple: when you store crypto on an exchange, you aren’t storing it yourself. You’re storing it with people you don’t know, in a jurisdiction they’ve chosen themselves, under laws that could change tomorrow. This isn’t an investment in an asset—it’s an unsecured, interest-free loan to the exchange.
Timeline: How Money Was Lost in the Past
Grinex is neither the first nor the last. The history of the crypto market is an endless lesson on “don’t store crypto on an exchange,” which people stubbornly continue to ignore.
| Year | Event | User losses |
|---|---|---|
| 2014 | Mt. Gox—the world’s largest exchange—was hacked and went bankrupt | ~$450 million (at 2014 exchange rates), payouts continued until 2024 |
| 2016 | Bitfinex — hot wallet hack | ~$72 million |
| 2022 | FTX — CEO fraud, client assets used for trading | $8 billion in client funds |
| 2022 | Celsius, BlockFi — withdrawal freeze and bankruptcy | Billions of dollars |
| 2023 | Binance exits Russia, CommEX acquires the business | Data and assets transferred in a non-transparent manner |
| 2024 | CommEX closes without explanation | Users withdrew funds in a panic |
| February 2025 | Bybit hack—the largest in crypto history | $1.5 billion (Lazarus hackers, North Korea) |
| March 2025 | Garantex liquidation | $26 million frozen |
| August 2025 | Sanctions against Grinex | Operations hampered |
| April 16, 2026 | Grinex hacked | >1 billion rubles (~$11 million) |
The big picture according to PeckShield: in 2025, losses from crypto asset thefts reached $4.04 billion—34% more than in 2024 ($3.01 billion). In the first half of 2025, the Bybit hack alone accounted for ~70% of all losses during that period. The number of incidents is growing every year.
Is it even legal to hold cryptocurrency in Russia?
In short: yes, as of April 2026, it is both possible and legal to hold cryptocurrency.
Under Federal Law No. 259, adopted in 2020 and amended in 2024 (Federal Law No. 418), cryptocurrency is recognized as property in Russia. This means you can own Bitcoin, Ether, and USDT—you can buy, hold, sell, gift, and bequeath them. Tax is only due upon sale (realization) at a profit. Cryptocurrency simply sitting in a wallet is not subject to declaration.
What is not allowed: using cryptocurrency as a means of payment within Russia—to pay for goods, services, or labor.
Starting July 1, 2026, a new rule will take effect: individuals will be required to notify the Federal Tax Service (FTS) about cryptocurrency held on foreign platforms. We are currently in a transition period; prepare for reporting.
On April 1, 2026, the government submitted Bill No. 1194918-8, “On Digital Currency and Digital Rights,” to the State Duma—this is the first attempt to create a unified legal framework. Key provisions are scheduled to take effect on July 1, 2026, with a transition period lasting until July 1, 2027. A separate Article 171.7 of the Criminal Code of the Russian Federation is being drafted for the illegal organization of digital currency circulation (large-scale: from 3.5 million rubles; especially large-scale: from 13 million rubles). This does not apply to ordinary users—it applies to exchanges, P2P infrastructure, and systematic businesses operating without a license.
Conclusion: You can hold it. You cannot use it as money within the country. Starting in 2026–2027, everything will be subject to stricter control.
Ways to store cryptocurrency
There is no such thing as absolutely secure cryptocurrency storage. There are different types of risks and different levels of control over assets. Let’s break down each option.
Centralized Exchange (CEX)
For most users, a CEX remains the first point of entry into crypto: it’s easier to buy, sell, and exchange assets here and quickly enter the market. But access to funds always goes through the platform. If the exchange gets hacked, goes bankrupt, or shuts down—as happened with Grinex—you’ll end up in the queue of creditors, not as the owner.
The pros are obvious: high liquidity, ease of trading, low entry barrier, and P2P exchange. There is one drawback, but it’s a fundamental one: you depend on the exchange’s decisions, its security, regulatory pressure, and the team’s stance. None of these factors are under your control.
On a CEX, it’s wise to keep only your working trading capital—no more than 20% of your portfolio.
Software (hot) wallet
A hot wallet is suitable for those who want to control their assets independently without sacrificing convenience. You own the private key—this is your actual asset. No exchange can freeze it. However, the key is stored on a device connected to the internet, which creates a constant risk: viruses, phishing, and hacking.
Popular hot wallets: Metamask, Trust Wallet, Exodus, Phantom.
The main security rule: a 12- or 24-word seed phrase is your wallet. Whoever owns the seed owns everything. Never enter it on third-party websites, take a photo of it, or store it in the cloud or messaging apps.
When basic digital hygiene is followed, a hot wallet is perfectly acceptable for small amounts and active use.
Hardware (cold) wallet
A cold wallet is chosen when you need to store cryptocurrency for the long term, not just keep it on hand. This is the best option for protecting your capital.
Examples: Ledger, Trezor, Coldcard.
The private key is stored in an isolated device that is never connected directly to the internet. Transactions are signed within the device—even if your computer is infected with a virus, the key remains secure.
A few important details: only buy the device from an official supplier—counterfeit wallets exist and pose a real threat. Store the seed phrase in physical form: write it down on paper or engrave it on metal. If the device is lost, access is restored via the seed; if the seed itself is lost, access is lost forever.
The risk of hacking or theft is significantly lower here than on an exchange or in a hot wallet. The main threat is the physical loss or destruction of the seed phrase.
Less common storage options
The private key is generated offline and printed on paper. There is no network attack vector. But paper can burn, get wet, and be lost. By 2026, this method had practically fallen out of use—it was supplanted by hardware wallets. Technically, the risk is low; physically, it is high.
A scheme in which multiple keys are required to confirm a transaction, for example, 2 out of 3. It is used by corporations, large holders, and DAOs. Notably, the Bybit hack in February 2025 occurred precisely through the compromise of a multisig: hackers from the Lazarus group spoofed the signing interface and altered the smart contract logic.
For individual users: the concept is strong, but implementation is complex.
How to allocate a portfolio wisely
There is no universal formula. There are principles that work.
Don’t keep everything in one place. This applies to any asset—stocks, cash, real estate. Especially for crypto.
The level of security should match the amount of funds. For amounts up to $1,000, a hot wallet and one reliable exchange are sufficient. In the $1,000–$10,000 range, a hardware wallet becomes a necessity. For amounts over $10,000, consider multi-signature or splitting the seed using the Shamir scheme.
Your exchange balance is a working account, not a safe. Keep only what you plan to use in the coming weeks there.
Approximate allocation for a long-term holder:
- 60–70% — hardware wallet (Ledger, Trezor). Seed phrase stored on the hardware or in several secure locations.
- 20–30% — hot wallet for active use (Metamask, Trust Wallet).
- 10–20% — exchange for trading and conversion. Only major platforms with verified reserves (proof-of-reserves).
Red flags: when immediate action is required
There are signs that indicate a problem has already begun—regardless of what is stated on the platform’s official channel:
- Withdrawal delays without explanation
- Notifications about “maintenance” specifically when attempting to withdraw
- Disappearance or replacement of the support team
- Exchange subject to international sanctions
- Opaque jurisdiction: offshore locations without real regulation
- Refusal to undergo an independent audit of reserves
- Project history mirroring patterns of known scams: overlapping personnel, infrastructure, and operational schemes
Grinex exhibited all these signs well in advance. U.S. sanctions — August 2025. European Union — the same year. The connection to Garantex was public knowledge. Those who followed the news managed to withdraw their funds. The rest found themselves in line at law enforcement offices.
Practical checklist
Right now:
- Check if your exchange is under sanctions
- Withdraw everything from the exchange that you don’t plan to trade in the coming days
- Buy a hardware wallet from an official supplier
- Write down your seed phrase on paper or metal—not on your phone, not in the cloud
- Never enter your seed phrase on unfamiliar websites or in apps
Once a month:
- Check the news about the exchanges where your assets are stored
- Update your hardware wallet’s firmware
Once a year:
- Review your portfolio allocation
- Make sure your loved ones know where and how to access your assets in an emergency
In Conclusion
Cryptocurrency in Russia in 2026 is legal, but with constant underlying tension. Legislation is moving toward regulation, but there is no complete clarity yet. Exchanges are closing, getting hacked, and falling under sanctions. Hackers are becoming more sophisticated: in February 2025, Lazarus hacked the multi-billion-dollar Bybit without resorting to brute force—by spoofing the multi-signature interface.
Complete security is unattainable. Reducing risks is both possible and necessary. A rule that worked in 2014 and works today:
Not your keys — not your coins.
Grinex has just reminded us of this with a 1 billion ruble loss.
