Crypto exchange Crypto.com has found itself at the center of controversy following claims that it covered up a significant data breach affecting user information. Reports surfaced when a member of the hacking group Scattered Spider, identified as Noah Urban, disclosed that the group successfully phished their way into one of Crypto.com’s employee accounts prior to early 2023, leading to unauthorised access of personal details of certain users.
In the wake of this revelation, blockchain investigator ZachXBT took to X, formerly Twitter, to assert that Crypto.com concealed the breach, which allegedly impacted users’ personal information multiple times. Critics within the crypto community voiced concerns over Crypto.com’s transparency, especially given the heightened scrutiny surrounding data security following a similar incident involving major exchange Coinbase earlier this year.
In response, a spokesperson for Crypto.com stated that the company formally filed a “Notice of Data Security Incident” through the US-based Nationwide Multistate Licensing System and provided additional reports to pertinent regulatory authorities. They emphasized that the hack’s impact was “limited,” claiming that the phishing attack targeted a single employee and resulted in the exposure of minimal Personally Identifiable Information (PII) affecting a very small number of individuals. The representative assured that the incident was contained within hours of detection, with no customer funds accessed or compromised.
Despite these claims, there remains uncertainty regarding whether affected users were notified about the breach and if the company’s regulatory filings were made publicly accessible. Crypto.com has not responded to requests for further clarification on these matters.
CEO Kris Marszalek echoed the company’s defense on X, labeling the circulating information as “misinformation” from poorly informed sources. He firmly stated that any implications of the company failing to report or disclose the security incident were “completely unfounded,” reiterating that the breach was reported accordingly to US authorities and other relevant regulators.
Earlier in the month, Crypto.com expanded its influence by finalising a deal with the Trump Media & Technology Group, the parent company of Truth Social, to establish a Cronos (CRO) treasury. This move signifies a strengthening of connections between the cryptocurrency industry and the Trump administration, signaling noteworthy developments as Crypto.com navigates the challenges posed by the recent allegations.
