The infrastructure that was supposed to liberate money from nation-states is being repurposed to centralize AI compute under their watch. A $15 million heist on a sanctioned Russian exchange and a $75 million capital raise by Bitcoin miners aren’t separate stories—they’re the same reckoning: automation tools that enable financial sovereignty are now weaponizable chokepoints, and nobody’s decided who owns them.
Three events, same week. HIVE Digital Technologies announces a $75 million raise to buy Nvidia GPUs and build AI data centers. Grinex, a Russia-linked crypto exchange, gets drained of $15 million and blames Western intelligence services. UAE investors, watching Gulf data centers take fire, buy the AI dip anyway. Read them together and you see the same infrastructure being sold as financial sovereignty, repurposed as AI compute, and drained by state-level attackers—in the same week.
Why Bitcoin Miners Are Suddenly AI Infrastructure Companies
This isn’t a pivot. Call it what it is: a recognition that GPU capacity is worth more than hashing power right now, and the companies that figured that out earliest are pulling away from those that didn’t.
According to Cointelegraph’s reporting, HIVE Digital Technologies plans to raise $75 million through a private offering of 0% exchangeable senior notes due 2031, with proceeds earmarked for GPU purchases, data center development, and capital expenditures. The company also has an option to raise an additional $15 million. This follows a third quarter in which HIVE reported $93.1 million in revenue—up 219% year over year—despite weaker Bitcoin prices and rising network difficulty. The revenue isn’t coming from mining. It’s coming from compute.
In February, HIVE signed a two-year, $30 million agreement to deploy 504 Nvidia B200 GPUs for enterprise AI cloud services. The GPU market, the AI inference market, and the high-performance computing market have all converged on exactly the kind of infrastructure that Bitcoin miners built: large power footprints, dense rack deployments, and aggressive cooling. The marginal cost to repurpose that infrastructure is low. The upside is not.
HIVE isn’t alone. According to Cointelegraph, MARA Holdings, Riot Platforms, Bitdeer Technologies, TeraWulf, Hut 8, CleanSpark, and IREN have all made moves into AI and high-performance computing. CleanSpark agreed to buy 447 acres in Texas to build a 300-megawatt AI-focused data center. MARA acquired a majority stake in French computing infrastructure company Exaion. CoreWeave—which began as a crypto mining operator—has grown into a major AI cloud provider, recently announcing a $6 billion agreement with Jane Street to provide AI computing capacity, alongside a $1 billion equity investment from the firm. Days before that, CoreWeave signed a multi-year deal with Anthropic to support Claude large language models.
The financial logic is hard to argue with. Mining revenue is a function of Bitcoin price, network difficulty, and energy cost—three variables you don’t control. AI cloud revenue is a function of contracts you negotiate. HIVE’s management understood this in 2022. The market is only now pricing it in.
The Geopolitical Tripwire Nobody Expected
Here’s what makes the Grinex breach interesting to anyone building automation tools: neither TRM Labs nor Elliptic—two of the most sophisticated blockchain forensics firms in the business—has explained how attackers bypassed Grinex’s defenses.
According to Ars Technica’s Dan Goodin, TRM confirmed the theft after discovering roughly 70 drained addresses—about 16 more than Grinex itself reported. The stolen assets totaled $15 million in USDT, an Ethereum-based stablecoin. Attackers then converted the USDT to TRX or ETH to avoid the risk of Tether freezing the stolen assets. A coordinated move, not a smash-and-grab.
Grinex claimed the attack required “an unprecedented level of resources and technology available exclusively to the structures of unfriendly states.” TRM declined to confirm that attribution. What TRM did say is that TokenSpot—a second Kyrgyzstan-based exchange and apparent front for Grinex—was hit simultaneously, with funds flowing to the same consolidation address. Both exchanges went offline the same day.
The exchange itself has processed more than $6 billion in transactions, according to Elliptic, and is effectively a rebrand of Garantex, which the US Treasury Department sanctioned in 2022 for processing over $100 million in transactions linked to illicit activities since 2019. Grinex emerged after Garantex was shut down. After Grinex was sanctioned, much of Garantex’s liquidity and client base migrated to it.
What the forensics can’t tell you is the attack vector. That’s not a detail. That’s the whole story for infrastructure builders. When sophisticated attackers breach a hardened financial platform and the two best blockchain forensics firms in the world can’t explain the method, the implication is that the automation layer—the APIs, the custody integrations, the wallet management tooling—is where the exposure lived. Distributed ledger security is only as strong as the software stack sitting on top of it.
Gulf Tech Hubs Are Betting on Resilience They Don’t Control
UAE investors watched Gulf data centers take reported strikes from the US-Israel conflict with Iran—Deutsche Bank cited reported hits on Amazon Web Services data centers in the UAE and Bahrain, and threats against the planned 1GW Stargate campus in Abu Dhabi—and bought more AI infrastructure stock anyway.
New eToro data shared with Cointelegraph show UAE users boosted holdings of AI infrastructure names that fell sharply in Q1. According to Josh Gilbert, market analyst at eToro, the clearest signal was in names like ServiceNow, Super Micro Computer, Adobe, and Oracle, which all saw significant increases in UAE investor holdings despite market pressure. On the crypto side, Strategy Inc. remained the eighth-most-held stock among UAE eToro users.
Dubai-based investment firm Ento Capital’s senior executive officer Hayssam El Masri told Cointelegraph that investors have shifted from “confidence-driven to risk aware” but are generally not exiting the region. HashKey MENA’s managing director Ben El-Baz told Cointelegraph that operations remained “broadly functional,” helped by cloud-based trading and custody systems less dependent on physical location.
That last clause deserves attention. Cloud-based systems that are less dependent on physical location are also, by definition, more dependent on whoever controls the cloud. The resilience story UAE investors are buying is real. But it’s resilience that runs through a small number of hyperscaler data centers, most of them American-owned, all of them concentrated in ways that create single points of failure at exactly the geopolitical fault lines where conflict is already active.
Dubai’s Virtual Assets Regulatory Authority has continued rolling out its activity-based framework throughout the turmoil. VARA’s head of market assurance Sean McHugh told Cointelegraph that serious market participants in periods of stress don’t seek the lightest-touch jurisdiction—they look for the clearest one. Regulatory clarity tells you who to call after the breach. It does not change the fact that the compute runs through three American hyperscalers at active geopolitical fault lines.
The Real Question: Who Owns the Automation Layer?
Put the three stories together and the structural shift becomes visible. Mining infrastructure was distributed by design—thousands of operators running commodity hardware across dozens of jurisdictions, no single point of control, no single point of failure. That model generated Bitcoin’s security guarantees. It also generated terrible unit economics once the halving compressed margins.
AI infrastructure runs the opposite direction. HIVE’s $75 million raise funds GPU clusters that serve enterprise clients under contract. CoreWeave’s $6 billion Jane Street deal and its Anthropic partnership represent exactly the kind of long-term, concentrated compute arrangements that look nothing like the distributed mining model they replaced. The same power infrastructure, the same rack density, the same operational expertise—now organized around centralized client relationships rather than protocol-level competition.
The Grinex breach is a preview of what happens when that centralized infrastructure becomes a geopolitical target. The exchange processed over $6 billion in transactions. It was sanctioned, it was watched, it was hardened against constant attack attempts over 16 months by its own account. It got drained in a single operation that the best forensics firms couldn’t reconstruct. The automation tooling that made it efficient to run also made it efficient to attack.
For developers building custody solutions, infrastructure tooling, or regulatory compliance systems, the question isn’t whether AI compute consolidation is happening—it obviously is. The question is whether the tools you’re building assume a distributed trust model or a centralized one. Those two assumptions produce radically different security architectures, different regulatory exposure, and different failure modes when a state actor decides your infrastructure is a valid target.
Capital is flowing toward consolidation. The UAE investors buying the AI dip, the institutional buyers taking HIVE’s exchangeable notes, the sovereign wealth funds that Deutsche Bank estimates control about $5 trillion worldwide—they are all betting on scale, not sovereignty. That’s a coherent bet—until a state actor decides the automation layer is a target, and the forensics firms can’t tell you how it was breached.
The miners who pivoted to AI didn’t abandon decentralization. They priced it correctly and decided it wasn’t worth what the market was paying for centralized compute. That’s honest. What’s less honest is pretending the security model transferred with the hardware.
Whoever controls the automation layer controls the money. Right now, that’s a smaller group of entities than it was five years ago, and it’s getting smaller.
The infrastructure question and the security question were always the same question—the market just took a $90 million week to make that obvious.
Q: Are Bitcoin miners actually making more money from AI than from mining?
A: HIVE Digital Technologies reported $93.1 million in revenue in its third quarter, up 219% year over year, despite weaker Bitcoin prices and rising network difficulty—suggesting AI and high-performance computing workloads are driving the growth, not mining. The company’s $30 million Nvidia B200 GPU deployment deal and its $75 million raise for further GPU and data center expansion confirm that high-performance computing is now a primary revenue strategy, not a supplement to mining.
Q: How did attackers drain Grinex of $15 million without detection?
A: That’s the problem—neither TRM Labs nor Elliptic has explained the attack vector, despite TRM confirming the theft across roughly 70 drained addresses. The attackers converted stolen USDT to TRX and ETH to avoid asset freezes by Tether, suggesting operational sophistication. Grinex, which had been under near-constant attack attempts for 16 months, attributed the breach to state-level resources, though TRM declined to confirm that attribution.
Q: Why are UAE investors still buying AI infrastructure stocks during active regional conflict?
A: According to eToro market analyst Josh Gilbert, UAE investor behavior in Q1 was driven by long-term themes rather than a risk-off mindset, with significant increases in holdings of AI infrastructure and software names despite market pressure. An April 2026 Deutsche Bank report cited by Cointelegraph concluded that the geopolitical shock is more likely to sharpen than derail demand for AI, cybersecurity, and sovereign digital infrastructure in the Gulf region.
Sources
Synthesized from reporting by arstechnica.com, cointelegraph.com.