A significant security breach at the cryptocurrency exchange Crypto.com has come to light, involving an employee’s account that was compromised by hackers. According to reports from Bloomberg, the incident was orchestrated by a teenager named Noah Urban, part of a hacking group known as Scattered Spider, along with an accomplice. The attackers utilized phishing techniques to gain access to the employee’s login credentials.
In response to the breach, a representative from Crypto.com indicated that the incident had an impact on the personal data of “a very small number of individuals,” while assuring stakeholders that customer funds remained secure throughout the attack.
The breach occurred in 2023, leading to a significant investigation by federal authorities. The FBI was involved in seizing approximately $4 million in cryptocurrency, cash, and jewelry linked to Urban. Later, in January 2024, Urban faced arrest on charges related to hacking 13 companies, ultimately receiving a 10-year prison sentence as a result of his actions.
ZachXBT, an on-chain investigator, publicly criticized Crypto.com for allegedly concealing the breach, noting that this incident is not the first time the exchange has encountered security issues. He highlighted the recurrence of breaches within the exchange, suggesting an ongoing vulnerability.
In response to allegations of concealing the breach, a representative from Crypto.com stated that the company took appropriate steps by filing a notice of the incident with the U.S. licensing system NMLS and informing relevant regulatory bodies. Crypto.com CEO Kris Marszalek addressed the controversy directly, asserting that claims of failure to report or disclose the security incident are unfounded. He emphasized that the company has acted transparently, filing official notices and complying with U.S. regulations.
The exchange faced further scrutiny when, in May, ZachXBT revealed that attackers had stolen $45 million from Coinbase users through social engineering tactics. Additionally, a December 2024 data leak resulted in data from over 69,000 customers of Coinbase being compromised, raising concerns about the security protocols of cryptocurrency exchanges in general.
As the narrative unfolds, the implications of these security breaches highlight the ongoing challenges faced by cryptocurrency platforms in safeguarding user data and maintaining trust within the digital currency ecosystem.
