{"id":874888,"date":"2025-09-22T21:13:39","date_gmt":"2025-09-23T02:13:39","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/09\/22\/crypto-com-team-covered-up-a-breach-scattered-spider-breach-revealed\/"},"modified":"2025-09-22T21:13:39","modified_gmt":"2025-09-23T02:13:39","slug":"crypto-com-team-covered-up-a-breach-scattered-spider-breach-revealed","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/09\/22\/crypto-com-team-covered-up-a-breach-scattered-spider-breach-revealed\/","title":{"rendered":"Crypto.com team \u2018covered up a breach\u2019 \u2013 Scattered Spider breach, revealed!"},"content":{"rendered":"
\n

\"Crypto.com\n\t\t\t\t\t\t<\/p>\n

\n
\n
\n

\"Avatar\"<\/p>\n

Journalist<\/p>\n<\/p><\/div>\n

\n

Posted:

<\/p><\/div>\n<\/p><\/div>\n

\n

Key Takeaways<\/h2>\n

Were Crypto.com customer funds affected?<\/em><\/h3>\n

No, Crypto.com confirmed that no customer funds were accessed or at risk. Only a very small number of users\u2019 partial personal information was affected.<\/p>\n

Did Crypto.com disclose the breach publicly?<\/em><\/h3>\n

No, the company did not publicly notify the impacted users, which drew criticism from blockchain investigator ZachXBT.<\/p>\n

\n

Crypto.com reportedly suffered a previously undisclosed data breach linked to the Scattered Spider hacking group, raising concerns over its security posture.<\/p>\n

Details of the attack<\/strong><\/h2>\n

According<\/a> to a Bloomberg investigation, the attack involved teenage hackers, including 18-year-old Noah Urban from Florida, who specialized in phishing employees at telecom, tech, and cryptocurrency firms. <\/span><\/p>\n

Urban and his collaborators accessed sensitive user information. The group previously targeted MGM Resorts and other corporations.<\/p>\n

Crypto.com acknowledged that the breach impacted \u201ca very small number of individuals\u201d but emphasized that no customer funds were compromised.<\/span><\/p>\n

Crypto.com\u2019s response<\/strong><\/h2>\n

Despite this, the company did not notify the affected users publicly.<\/span><\/p>\n

Remarking on the same, <\/span>Crypto.com<\/span> CEO, Kris Marszalek, noted<\/a>,\u00a0<\/span><\/p>\n

\n

\u201cAny suggestion that we did not report or disclose a security incident is completely unfounded \u2013 as we reported in a NMLS Notice of Data Security incident filing and in additional reports with the relevant jurisdictional regulators, we detected a phishing campaign that targeted one of our employees in 2023.\u201d<\/span><\/p>\n<\/blockquote>\n

Marszalek stated that the incident was contained within hours, with no customer funds ever at risk, and only a very limited number of users\u2019 partial personal information was affected. <\/span><\/p>\n

He even emphasized the company\u2019s \u201csecurity-first\u201d culture.<\/span><\/p>\n

What does ZachXBT have to say about this breach?<\/strong><\/h2>\n

However, blockchain investigator ZachXBT took<\/a> to X to call out Crypto.com for not disclosing the data breach. He said,<\/span><\/p>\n

\n

\u201cYour team covered up a breach that impacted the personal information of your users.\u201d<\/span><\/p>\n<\/blockquote>\n

He added<\/a>,\u00a0<\/span><\/p>\n

\n

\u201cThey\u2019ve been breached several times.\u201d<\/span><\/p>\n<\/blockquote>\n

That being said, the Crypto.com breach was part of a larger criminal campaign orchestrated by the Scattered Spider group, which had evolved from simple SIM-swapping to sophisticated corporate infiltration.<\/span><\/p>\n

Florida native Noah Urban, then a teenager, acted as a \u201ccaller\u201d inside the group, persuading employees to hand over credentials that unlocked internal systems.<\/span><\/p>\n

Broader criminal campaign<\/strong><\/h2>\n

The attack happened before March 2023. Urban was arrested nine months later, in January 2024, and charged with hacking 13 companies.<\/p>\n

Authorities said the group also misused United Parcel Service data.<\/p>\n

Following indictments of Urban and four accomplices, he pled guilty to wire fraud and aggravated identity theft.<\/p>\n

It resulted in the seizure of $4.8 million in crypto, $13 million in restitution, and a 10-year prison sentence with additional supervised release.<\/p>\n

All these disclosures coincided with CEO Marszalek\u2019s predictions<\/a> of a strong fourth-quarter performance and a partnership<\/a> with Yorkville Acquisition Corp. and Trump Media to form Trump Media Group CRO Strategy, Inc., a digital asset treasury focused on acquiring Cronos (CRO). <\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

\n
\n

\"Avatar\"<\/p>\n