In response to recent allegations of concealing a security breach, Kris Marszalek, CEO of Crypto.com, has taken to social media to assert the company’s commitment to transparency. This comes after a Bloomberg report from September 19 indicated that the exchange experienced a security incident in early 2023, where teenage hacker Noah Urban, linked to the Scattered Spider group, gained unauthorized access to an employee account. During the breach, personal data of a limited number of users was exposed; however, it was clarified that customer funds remained secure.
Urban was apprehended in January 2024 and later admitted guilt in connection with a series of hacks involving multiple companies, culminating in a ten-year prison sentence and mandated restitution following his sentencing in August 2025.
Marszalek emphasized that Crypto.com adhered to legal protocols by notifying the necessary authorities. He stated that the breach, which arose from a phishing scam targeting an employee, was swiftly contained within hours. He expressed his desire to combat misinformation surrounding the incident, asserting that any claims suggesting the company failed to report the security breach are “completely unfounded.”
He reiterated the company’s proactive measures, including the filing of a Notice of Data Security Incident with the Nationwide Multistate Licensing System (NMLS) and communications with pertinent regulatory bodies. Marszalek’s remarks aim to quell concerns about the integrity of Crypto.com’s security practices and reaffirm the organization’s transparency regarding the incident.
