Crypto.com has denied allegations of covering up a data breach after a report on cybercriminal activities tied to Scattered Spider claimed the group had accessed an employee account at the cryptocurrency exchange.
The Bloomberg piece, published on September 19, 2025, centers on the criminal history of Noah Urban, a convicted social engineer and alleged key member of the Scattered Spider hacking group. According to the report, Urban and his collaborators exploited a Crypto.com employee account and used data from a separate breach at UPS to target users, an incident not previously disclosed in public breach databases.
Crypto.com CEO Kris Marszalek refuted these claims in a statement posted to X, calling the allegations “completely unfounded.” He clarified that the company did experience a phishing attempt targeting an employee in 2023, but emphasized that the incident was “contained within hours,” did not compromise customer funds, and involved only “a very small number of users' partial PII [personally identifiable information].”
Marszalek further asserted that the incident was appropriately disclosed through formal channels, including a notice filed with the Nationwide Multistate Licensing System (NMLS) and reports submitted to relevant regulatory bodies.
Crypto.com, founded in 2016 and headquartered in Singapore, is one of the world's largest cryptocurrency trading platforms, serving over 80 million users. The platform offers exchange services, a DeFi wallet, Visa crypto cards, and a mobile app. Its rapid growth and global reach have made it a high-value target for cybercriminals, and the company has invested heavily in acquiring security certifications and publicizing its “security-first culture.”
The renewed attention on Crypto.com was sparked by Urban's jailhouse accounts, in which he describes using social engineering techniques, like impersonating IT personnel, to breach various corporate networks. His crew, linked to both the 0ktapus and Scattered Spider threat groups, reportedly moved on from SIM swapping to more elaborate phishing and data theft campaigns by 2022.
While the Crypto.com incident reportedly “involved information affecting a very small number of individuals,” the lack of public evidence prompts skepticism. Blockchain security researcher ZachXBT criticized the platform's lack of transparency and challenged Marszalek to publicly link to the breach disclosure.
ZachXBT also shared a redacted sample allegedly pulled from one of Crypto.com's internal databases, containing full names, email addresses, phone numbers, wallet balances, and partial PIN data. The format of the dataset closely mirrors those seen in past leaks attributed to Scattered Spider operations.
At this stage, no public breach notification specifically detailing the incident described by Bloomberg has surfaced on Crypto.com's website, and it is unclear if the platform has plans to publish anything.
Leave a Reply