Grinex, a cryptocurrency exchange popular with sanctions-avoiding Russians, suspended operations after saying a cyber attack drained about 1 billion rubles ($13 million) from its systems.

The platform, based in Kyrgyzstan, disclosed the breach on its Telegram channel and a statement on its website. It said the attack showed a level of coordination and technical skill that points to state-backed actors from “unfriendly states.”

“The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” the Grinex statement reads. “According to preliminary data, the attack was coordinated with the goal of inflicting direct damage on Russia’s financial sovereignty.”

Grinex itself was placed under sanctions by the U.S., U.K. and European Union last year. Officials in Washington D.C. have said the exchange, originally known as Garantex, helped users move funds around restrictions through a ruble-backed stablecoin known as A7A5.

The token allowed cross-border payments when Russia’s access to the Swift inter-bank messaging system was cut off over the country’s invasion of Ukraine. Shortly after being taken down, the platform resurfaced as Grinex.

The pause in trading leaves users unable to access funds while the company investigates. Access to its office in Moscow was also restricted.

Grinex has published a list of 54 affected wallet addresses and the drained amounts, most of which were in the form of USDT on the TRON blockchain.