Grinex, a cryptocurrency exchange popular with sanctions-avoiding Russians, suspended operations after saying a cyber attack drained about 1 billion rubles ($13 million) from its systems.

The platform, based in Kyrgyzstan, disclosed the breach on its Telegram channel and a statement on its website. It said the attack showed a level of coordination and technical skill that points to state-backed actors from “unfriendly states.”

“The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” the Grinex statement reads. “According to preliminary data, the attack was coordinated with the goal of inflicting direct damage on Russia’s financial sovereignty.”

Grinex itself was placed under sanctions by the U.S., U.K. and European Union last year. Officials in Washington D.C. have said the exchange, originally known as Garantex, helped users move funds around restrictions through a ruble-backed stablecoin known as A7A5.

The token allowed cross-border payments when Russia’s access to the Swift inter-bank messaging system was cut off over the country’s invasion of Ukraine. Shortly after being taken down, the platform resurfaced as Grinex.

The pause in trading leaves users unable to access funds while the company investigates. Access to its office in Moscow was also restricted.

Grinex has published a list of 54 affected wallet addresses and the drained amounts, most of which were in the form of USDT on the TRON blockchain.

TLDR

• Brent crude slipped toward $98 per barrel, WTI approached $93, with both benchmarks losing more than 3% over the week
• President Trump announced a 10-day Israel-Lebanon truce and stated Iran accepted critical terms
• Tehran has not publicly verified any agreements, including reopening the Strait of Hormuz
• IEA cautioned that restoring oil and gas output could require as long as two years
• IEA and OPEC both project softer global oil demand in the months ahead

Oil prices tumbled on Friday following diplomatic overtures from Washington suggesting a potential resolution to the nearly 50-day US-Iran standoff.

Brent crude declined 1.1% to approximately $98.32 per barrel, while West Texas Intermediate fell 1.3% to $89.95. Weekly losses for both benchmarks exceeded 3%.

The confrontation erupted in February following coordinated US-Israeli strikes against Iran. In response, Tehran severely restricted traffic through the Strait of Hormuz, choking off approximately 20% of worldwide oil shipments. Washington subsequently imposed its own naval blockade.

President Donald Trump adopted an upbeat stance on Thursday, asserting that Iran had accepted previously rejected conditions, notably agreeing to reopen the Strait of Hormuz. Iranian officials have not publicly acknowledged these claims.

Trump simultaneously unveiled a 10-day ceasefire arrangement between Israel and Lebanon. He extended White House invitations to Israeli Prime Minister Benjamin Netanyahu and Lebanese President Joseph Aoun for further discussions.

Incorporating Lebanon into a ceasefire framework represented a critical Iranian prerequisite for wider negotiations. The agreement remained intact through Friday morning.

“The prevailing narrative has shifted from escalation to stabilization,” remarked Priyanka Sachdeva, senior market analyst at Phillip Nova. “Fear propelled the surge, diplomacy is fueling the pullback.”

Peace Negotiations May Require Months

Several Gulf Arab and European officials indicated that finalizing a comprehensive US-Iran agreement might span approximately six months. They encouraged both nations to prolong the existing ceasefire throughout this negotiation window.

OCBC analysts observed that the US naval blockade reached its fourth day, maintaining Hormuz traffic at virtually stagnant levels. Oil transit through the waterway remains minimal compared to pre-conflict volumes.

Trump expressed confidence he wouldn’t need to prolong the ceasefire to secure an agreement, forecasting a settlement “fairly soon.” He mentioned potentially visiting Pakistan, which facilitated the initial negotiating round, should a deal materialize.

Following weeks of extreme market turbulence, price fluctuations have moderated. Brent oscillated within roughly a $10 per barrel range this week, sharply contrasting with the historic $38 swing recorded in mid-March.

Production Disruptions Could Persist for Years

IEA Executive Director Fatih Birol cautioned that restoring a substantial portion of interrupted oil and gas production might extend up to two years. Any recovery would unfold incrementally, he emphasized.

Both the IEA and OPEC released downwardly revised global oil demand projections for upcoming months, compounding bearish pressure on crude prices.

“Despite some encouraging geopolitical developments, they haven’t resulted in concrete improvements in actual flows,” observed Rebecca Babin, senior energy trader at CIBC Private Wealth Group.

Authority over the Strait of Hormuz continues unresolved. Iran has indicated intentions to impose transit fees on vessels even following the conflict’s conclusion.

The present US-Iran ceasefire is scheduled to lapse on April 21.

A Texas man who helped orchestrate a cryptocurrency scam that defrauded roughly $20 million from about 1,000 investors was sentenced to 23 years in federal prison on Tuesday. U.S. District Judge LaShonda Hunt handed down the sentence to Robert Dunlap, who served as a trustee for the Meta-1 Coin project and helped market the fictitious token.

According to the U.S. Attorney’s Office for the Northern District of Illinois, Dunlap and his co-conspirators used a self-created Meta Exchange to inflate the token’s market price and trading volume with automated trading bots, while presenting investors with misleading assurances about asset backing and potential returns. Prosecutors said the scheme relied on false statements and concealed expenses, with funds ultimately used for personal purchases, including luxury vehicles such as a Ferrari.

The defendant was convicted in November on two counts of mail fraud, each carrying a potential sentence of up to 20 years in federal prison. Prosecutors noted in the sentencing memorandum that Dunlap was “unrepentant” and that his misrepresentations escalated over time, underscoring the seriousness of the case as a warning to would-be crypto scammers.

The SEC has been active in pursuing similar schemes. In March 2020, the agency ordered an asset freeze and other emergency relief against Dunlap, an alleged accomplice, Nicole Bowdler, and former Washington state Senator David Schmidt to stop marketing and selling Meta-1 Coin. The SEC alleged that investors were told Meta-1 Coin was risk-free and could deliver enormous returns—claims that investors later learned were false. The agency noted that the coins were never distributed and that funds were diverted to personal use.

Token claims, market manipulation, and the broader crackdown

The case centers on Meta-1 Coin, a token that prosecutors said was touted as backed by a $1 billion art collection—including works by Picasso and van Gogh—and $44 billion in gold. Those asset-backed claims were part of the fraud profile presented by the government, which also described how Dunlap and associates marketed the token through a trust structure from 2018 to 2023. The government alleged investors were promised returns that would dwarf typical crypto gains, with figures that were manipulated to create an illusion of robust trading activity.

Beyond the Meta-1 case, regulators and authorities have signaled a broader push to curb crypto fraud and manipulation. In parallel reporting, authorities have pursued other crypto-related prosecutions, including charges related to hacking and DeFi-related exploits, underscoring a tightening stance as enforcement agencies increasingly scrutinize market misconduct in digital assets.

What this means for investors and the market

The Dunlap sentence highlights the risk profile of investment projects that promise outsized, rapid returns and rely on opaque asset claims. For investors, the case emphasizes the importance of due diligence, independent verification of asset backing, and a healthy skepticism toward platforms that blend trading activity with promises of instant wealth. For the crypto industry, the outcome signals regulators’ willingness to pursue not only misrepresentation but also the operational mechanics that enable such fraud, including automated market manipulation tied to self-hosted exchanges.

Looking ahead, readers should watch how the regulatory pendulum continues to swing on disclosure standards, enforcement actions, and the treatment of asset-backed crypto products. While the Meta-1 saga has reached a definitive sentencing point, the broader crackdown on crypto scams is far from over, with ongoing investigations and charges shaping market expectations for investor protection and compliance in the sector.

According to the U.S. Attorney’s Office in Illinois, the case serves as a stark reminder that alleged crypto fraud carries serious, long-lasting consequences. For further context, the original SEC filing and press release detailing the 2020 asset freeze are available through the agency’s public records.

• Circle is accused of failing to freeze exploit-linked transfers.
• Approximately $230 million in stolen funds was routed through Circle’s USDC.
• Drift plans $147.5 million recovery backed by future revenue.

Circle Internet Group, the issuer of the USDC stablecoin, is facing a class action lawsuit over its alleged failure to stop the movement of stolen funds linked to the Drift Protocol exploit.

The lawsuit, filed by Drift investor Joshua McCollum at the US district court in Massachusetts on behalf of over 100 impacted users, centres on whether the company had both the ability and the obligation to intervene as the exploit unfolded.

Lawsuit targets Circle’s role in fund transfers

The legal action stems from the April 2026 breach of Drift Protocol, a Solana-based decentralised exchange, where attackers drained roughly $285 million.

A significant portion of those funds, estimated at around $230 million, was quickly converted into USDC.

From there, the funds were moved across chains, primarily from Solana to Ethereum, using cross-chain infrastructure.

The transfers were not instantaneous. They occurred over several hours and were split into more than 100 transactions.

This detail sits at the centre of the lawsuit.

Plaintiffs argue that Circle had a window of opportunity to act.

According to the claim, the company could have frozen the affected wallets or halted the transfers, limiting the damage. Instead, the funds continued moving until they were fully out of reach.

The case accuses Circle of negligence and of indirectly facilitating the loss by failing to act despite having the technical capability to do so.

This argument is reinforced by previous instances where the company has frozen wallets tied to illicit activity, showing that such intervention is not only possible but already part of its operational toolkit.

At its core, the lawsuit raises a difficult question: when a centralised entity operates within a decentralised system, where does its responsibility begin and end?

Drift’s recovery plan

In response to the exploit, Drift Protocol has outlined a structured recovery plan aimed at addressing user losses while rebuilding the platform’s liquidity and operations.

The protocol is seeking to mobilise up to $147.5 million, with a significant portion backed by Tether and other ecosystem partners.

This figure, however, should not be viewed as immediate compensation.

A large share of the funding comes in the form of a revenue-linked credit facility estimated at around $100 million.

This means the protocol will draw funds over time and repay them using future trading fees and platform revenue rather than distributing the full amount upfront.

To manage user claims, Drift plans to issue a new recovery token, though its official name and final structure are yet to be confirmed.

This token will be distributed to affected users and will represent their share of the recovery pool.

It is expected to be transferable, allowing users to either hold it and wait for gradual repayments or sell it on secondary markets for immediate liquidity, likely at a discount.

The recovery pool itself will not rely solely on external funding.

It is designed to be continuously replenished through multiple sources, including protocol revenue, partner contributions, and any funds that may be recovered from the attackers.

This creates a system where repayments are tied directly to the platform’s ability to restart operations and generate consistent trading activity.

Despite these measures, there remains a clear shortfall.

With total losses estimated at approximately $285 million and recovery efforts targeting up to $150 million, a large portion of user funds is not immediately covered.

This gap highlights that users are unlikely to be fully reimbursed in the near term, and recovery will depend heavily on Drift’s long-term performance.

To support a relaunch, part of the recovery framework is also focused on restoring liquidity.

Incentives and financial support are being directed toward market makers to rebuild order books and improve trading conditions once the platform resumes full operations.

Without sufficient liquidity, even a technically sound relaunch would struggle to attract users back.

Another major shift is the protocol’s decision to move away from USDC as its primary settlement asset and instead adopt USDT.

This change comes after roughly $230 million of the stolen funds were converted into USDC and moved across chains during the exploit.

The switch signals a reassessment of risk and reflects a broader effort to restructure the platform’s core infrastructure following the incident.

Overall, Drift’s recovery plan is built around gradual restitution rather than immediate payouts.

Its success will depend on how quickly the platform can regain user trust, restore liquidity, and generate enough revenue to sustain long-term repayments.

A Brazilian security researcher has warned others of the latest counterfeit Ledger device scam aimed at stealing users’ crypto.

Posting as “Past_Computer2901” on the “ledgerwallet” Reddit channel on Thursday, the security researcher said they purchased what they thought was a legitimate Ledger device for personal use, but soon realized after it arrived that it was a sophisticated counterfeit aimed at stealing user funds. 

“This isn’t meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation,” they said. 

Scammers are adopting increasingly sophisticated strategies to target users opting for self-custody, from supply chain attacks to social engineering and approval scams.

Earlier this month, more than 50 victims were tricked into revealing their seed phrases on a fake Ledger Live app that made its way to the Apple App Store via a bait-and-switch strategy. The victims lost a combined $9.5 million before Apple took down the malicious app.

How the counterfeit Ledger device scam works

The researcher said he bought the Ledger Nano S Plus from a Chinese marketplace, which was priced the same as the official Ledger store. The packaging and the listing also appeared legitimate at first.

However, when they connected the device to the genuine Ledger Live app — which was luckily already installed on their computer — it failed Ledger’s built-in “Genuine Check.” 

This prompted them to pull apart the device, discovering modified hardware and firmware designed to capture and expose sensitive wallet data.

The security researcher said the scammers target first-time Ledger users, as the QR code that comes in the box would normally direct users to download a malicious version of the Ledger Live app that would show a fake “Genuine Check.”

Users continuing to follow the prompts will eventually allow scammers to obtain a user’s seed phrases and drain funds at any time.

“Stay safe out there. Only download Ledger Live from ledger.com. Only buy hardware from ledger.com,” the security researcher said. 

“If your device fails the Genuine Check — stop using it immediately.”

After pulling apart the device, they discovered clear signs of tampering, including scraped chip markings and a WiFi and Bluetooth antenna embedded inside the unit. 

Legitimate Ledger hardware products are designed to keep private keys fully offline.

Related: Musician loses $420K Bitcoin ‘retirement fund’ via fake Ledger app

The security researcher then looked into the firmware, putting the “chip into boot mode,” which initially identified the device as a Nano S Plus 7704 with an attached serial number.

However, once the boot sequence completed, another manufacturer’s name showed up: Espressif Systems, a publicly listed Chinese semiconductor company based in Shanghai.

Cointelegraph reached out to Espressif for comment but didn’t receive an immediate response.

Magazine:  What’s a ‘Network State’ and are there real-life examples? Big Questions