Kyrgyzstan-based CEX Halts Trading After $15M USDT Cyberattack and Wallet Breach

Gate News message, April 17 — A Kyrgyzstan-based cryptocurrency exchange halted all trading activity after hackers stole more than $15 million USDT from its wallets. The exchange confirmed the attack publicly, and British blockchain analytics firm Elliptic tracked the stolen funds, identifying how attackers moved them across multiple addresses to evade detection.

According to Elliptic, the attackers rapidly transferred the stolen USDT across Tron and Ethereum blockchains, then converted the funds into TRX and ETH to avoid Tether's ability to freeze USDT-linked addresses. The hackers ultimately consolidated approximately 45.9 million TRX (valued at roughly $15 million) into a single wallet. The exchange froze all platform activity, including withdrawals, preventing users from accessing their funds. The incident reflects broader vulnerabilities in centralized exchanges, particularly those operating in jurisdictions with limited regulatory oversight, where hot-wallet compromises and signing-flow weaknesses remain common attack vectors.

The exchange is viewed as a successor to a major CEX that shut down in 2025 following sanctions from the United States, European Union, and United Kingdom over money-laundering allegations. The migration of users and liquidity to this platform made it a key trading hub for ruble-to-crypto transactions and a center for stablecoin activity, including ruble-backed stablecoins. This concentration of activity and exposure to sanctioned jurisdictions has increased the platform's risk profile, making it an attractive target for sophisticated attackers.