Exchange insists 2023 breach was reported to regulators and had limited impact
Crypto.com has rejected claims that it secretly concealed a 2023 data breach involving user information, calling recent reports “unfounded” and “misinformation.”
The controversy arose after a Bloomberg report cited Noah Urban, a member of the hacking group Scattered Spider, who alleged that the group gained access to a Crypto.com employee account before early 2023, exposing customer details.
Blockchain investigator ZachXBT amplified the concerns, stating on X that Crypto.com had “covered up a breach that impacted the personal information of your users” and suggesting the exchange had been breached multiple times.
The report triggered criticism from market observers, especially in light of Coinbase’s customer data leak earlier this year, which heightened fears about the safety of user information on centralized platforms.
Crypto.com’s Response
In response, a Crypto.com spokesperson confirmed that the firm had indeed faced a phishing campaign in 2023 targeting one employee. However, they stressed the impact was limited:
“The incident included exposure of limited PII [Personally Identifiable Information] data affecting a very small number of individuals. The incident was contained within hours of detection, and no customer funds were accessed or ever at risk.”
The exchange also said it filed a “Notice of Data Security Incident” with the U.S. Nationwide Multistate Licensing System and submitted reports to “relevant jurisdictional regulators.”
It remains unclear whether the affected users were notified directly or whether the filings were made public.
CEO Rejects “Misinformation”
Kris Marszalek, CEO of Crypto.com, echoed the company’s defense in a statement on X:
“Any suggestion that we did not report or disclose a security incident is completely unfounded. Misinformation was spreading from uninformed sources.”
Marszalek emphasized that the exchange had met its reporting obligations in the U.S. and other jurisdictions.
The dispute surfaces at a time when regulatory scrutiny of crypto exchange security practices is intensifying. With recent breaches across the industry, transparency and timely disclosure have become central to maintaining user trust.
Earlier this month, Trump Media & Technology Group, parent company of Truth Social, finalized an agreement with Crypto.com to establish a Cronos (CRO) treasury, signaling the exchange’s ongoing expansion into high-profile partnerships despite heightened security concerns.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.
