A recent investigation by Bloomberg has unveiled a significant data breach at Crypto.com, perpetrated by the notorious Scattered Spider hacking group, which has gained notoriety for its high-profile cyberattacks on various enterprises, including MGM Resorts. The breach reportedly involved teenage hackers, among whom was 18-year-old Noah Urban from Florida, who is now considered a prominent figure in one of the world’s most dangerous cybercriminal organizations.
ZachXBT, a well-known blockchain investigator, has publicly criticized Crypto.com for allegedly downplaying the severity of the breach. The exchange’s response indicated that the attack impacted a “very small number of individuals” and stressed that no customer funds were compromised. However, the company did not disclose the breach to affected users whose personal information was leaked.
This revelation comes as Crypto.com’s CEO, Kris Marszalek, anticipates a robust performance in the fourth quarter and explores potential initial public offering (IPO) opportunities while establishing partnerships with Trump Media & Technology Group. The exchange generated an impressive $1.5 billion in revenue in the previous year, reflecting its status as one of the industry’s most profitable platforms despite the undisclosed security incident.
Noah Urban’s cybercriminal career began in gaming communities centered around Minecraft at the tender age of 15. There, he learned SIM-swapping techniques that didn’t require extensive coding knowledge. Armed with exceptional skills in social engineering and a voice that belied his age, Urban was effective in deceiving telecommunications representatives into transferring phone numbers. This scheme enabled him to earn substantial sums, beginning with $50 per successful call and accumulating $3,000 within his first week, all while garnering attention from his peers on Discord during gaming sessions.
As Urban’s operation expanded during the COVID-19 pandemic, he formed a network of callers, compensating them based on the security levels they breached. His newfound wealth allowed him to purchase luxury items, including a $35,000 diamond-studded Rolex and an $80,000 Minecraft username, while maintaining the guise of a successful cryptocurrency trader.
The Scattered Spider group transformed from basic SIM-swapping techniques to more sophisticated corporate infiltrations. In a significant breach in August 2022, Urban and his associates created counterfeit Okta login pages targeting Twilio employees, leading to the unauthorized access of customer data from 209 companies. This operation earned them the moniker “0ktapus” and elevated Urban’s sense of invulnerability, as expressed during jail interviews.
Following their success with Twilio, the group set their sights on Universal Music Group and Warner Music Group, obtaining unreleased music tracks. Urban ran a Twitter account, “King Bob,” which swiftly gained popularity after he posted leaked music, further expanding their criminal activities from financial scams to intellectual property theft.
At Crypto.com, Urban and the Scattered Spider team utilized their social engineering tactics to exploit employee credentials, gaining undue access to the exchange’s systems. The personal information of users was compromised, yet the company maintained that customer funds remained secure. The breach only came to light following Bloomberg’s probe into Scattered Spider’s activities, as Crypto.com did not issue a public disclosure about the incident.
The timing of the attack was particularly critical, coinciding with Scattered Spider’s maturation from simplistic scams to aggressive corporate infiltration efforts. They not only targeted prominent tech firms but also tapped into United Parcel Service systems to amass personal data for future targets.
While Crypto.com pursued aggressive growth strategies and high-profile partnerships—including a recent $6.42 billion digital asset treasury partnership with Trump Media—this breach presents a shadow over the company’s ambitions. Marszalek has noted interest from several investment banks regarding potential IPO opportunities, yet Crypto.com continues to prioritize operational flexibility by remaining privately held.
At the time of publication, Crypto.com had not responded to queries regarding the breach.
