Crypto.com Denies Data Leak Cover-Up, Calls Claims “Unfounded”

Crpto.com exchange says 2023 phishing breach was disclosed to regulators as critics raise transparency concerns

Crypto.com has rejected claims that it concealed a 2023 data breach, after a report alleged hackers from the group Scattered Spider gained access to employee credentials and exposed limited user information.

Noah Urban, a member of Scattered Spider currently serving a prison sentence, who claimed the group had infiltrated a Crypto.com account through phishing in early 2023.

Blockchain investigator ZachXBT amplified the report, accusing the exchange on X (formerly Twitter) of covering up “a breach that impacted the personal information of your users” and alleging multiple incidents.

An incident was reported?

Crypto.com disputes the cover-up allegations. According to the company, the breach stemmed from a phishing campaign that targeted a single employee. The spokesperson said the incident “included exposure of limited personally identifiable information (PII) affecting a very small number of individuals” but emphasized that “no customer funds were accessed or ever at risk.” The attack, they added, was contained within hours of detection.

CEO Kris Marszalek responded directly on X over the weekend, calling the claims “misinformation spreading from uninformed sources.”

He argued that “any suggestion that we did not report or disclose a security incident is completely unfounded,” reiterating that the firm submitted disclosures both in the U.S. and in other jurisdictions.

The rebuttal comes at a sensitive time for the industry.

Coinbase, another major exchange, admitted earlier this year that attackers accessed customer data in a separate incident, fueling public anxiety around how exchanges handle personal information.

Transparency still under pressure 

The revelations from Scattered Spider have put centralized exchanges under the microscope once again, as this group is infamous for large-scale phishing campaigns against telecoms, casinos, and crypto platforms, often exploiting stolen employee credentials to move deep inside corporate systems.

With trust in centralized exchanges already strained, the optics of whether a breach was “quietly reported” or “publicly acknowledged” can make all the difference.

It is also moving forward with a major strategic partnership with Trump Media & Technology Group: Crypto.com recently closed a deal to sell 684.4 million Cronos (CRO) tokens in a mix of cash and stock, part of a joint venture to create a CRO treasury entity.

Even if no funds were stolen in the Crypto.com incident, timely public disclosure is essential to maintaining trust. As regulators worldwide tighten expectations for digital asset platforms, the pressure is growing for exchanges to establish clearer user-notification standards in the wake of data breaches.

For Crypto.com, the dispute is now less about what happened in 2023 and more about whether its communication was enough to reassure both regulators and customers.

Security lessons 

ZachXBT already highlighted two critical checks previously to help investors avoid falling prey to crypto scams.

The first emphasizes caution when engaging with newly launched DeFi protocols on forked Ethereum Virtual Machine (EVM) chains. These protocols often clone established models, which, while requiring minimal technical know-how, can introduce significant security risks. For instance, the DeFi protocol SIR.trading suffered a hack resulting in approximately $350,000 in losses, despite being marketed as a “new protocol for safer leveraged trading”.

The second check advises investors to scrutinize project credibility using platforms like Kaito, an AI-powered tool that analyzes genuine community engagement. ZachXBT warns that projects with a large number of followers but limited real engagement may not be legitimate.

Protecting investments starts with thorough research and verifying real community support.

Upbit Lists SUN Token on KRW and USDT Markets | HODL FM

Leading South Korean crypto exchange Upbit has officially listed…

HODL FM: The Wildest Ride in the Crypto MarketRoman Zaika

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.