Data Leak? Crypto.com Fires Back At ‘Unfounded’ Allegations
According to Bloomberg and a number of other different information retailers, Crypto.com has pushed again in opposition to a report {that a} 2023 breach uncovered consumer particulars and was stored from authorities.
The story facilities on a hacking group referred to as Scattered Spider and a younger suspect who, in keeping with reviews, used phishing and social engineering to entry an worker account. Crypto.com says the claims that it hid the incident are “unfounded.”
Company Statement And Regulators
Crypto.com’s management has mentioned the incident was reported to regulators on the time. CEO Kris Marszalek and firm spokespeople instructed reporters that the breach affected a “very small variety of people,” concerned restricted personally identifiable info (PII), and didn’t put buyer funds in danger.
Based on reviews, the agency says it notified US regulators and related jurisdictional authorities concerning the matter in 2023. The firm known as any suggestion of a cover-up misinformation.
I wish to instantly and clearly handle some misinformation spreading from uninformed sources…
Any suggestion that we didn’t report or disclose a safety incident is totally unfounded – as we reported in a NMLS Notice of Data Security incident submitting and in further…— Kris | Crypto.com (@kris) September 22, 2025
Crypto.com: What Reporters Found About The Hack
Bloomberg’s investigation names Scattered Spider and one alleged member, 18-year-old Noah Urban, as central to the operation. Reports say the attackers used social engineering and phishing to trick an worker into giving entry, and that the intrusion occurred someday earlier than early 2023.
Multiple retailers repeated Bloomberg’s account, whereas some items added particulars concerning the group’s previous campaigns in opposition to main firms. Crypto.com confirmed a restricted breach however disputed claims that the corporate deliberately withheld the occasion from regulators.
Critics And Investigators React
On-chain investigator ZachXBT publicly criticized Crypto.com after the reporting, arguing the change ought to have made the incident public and notified affected customers instantly.
Bad information: Your staff lined up a breach that impacted the non-public info of your customers pic.twitter.com/1xqmJyqm5i
— ZachXBT (@zachxbt) September 21, 2025
Other safety watchers mentioned the crypto business wants clearer requirements about when exchanges should disclose breaches to the general public versus regulators. Reports have disclosed conflicting timelines about when regulators had been instructed and when any affected clients had been knowledgeable, leaving a number of questions unsettled.
They’ve been breached a number of instances https://t.co/ptAHq1ZTOG
— ZachXBT (@zachxbt) September 21, 2025
Unanswered Questions And Immediate Impact
The variety of customers affected stays unknown, and the precise information fields concerned — passport scans, cellphone numbers, or e-mail addresses — haven’t been detailed in public paperwork.
Crypto.com maintains that no funds had been taken. No impartial forensic reviews or full third-party audits confirming the scope have been made public.
That lack of readability has prompted calls from the group for higher transparency and formal affirmation from exterior consultants.
Featured picture from Woden Valley Plumbing, chart from TradingView
