Crypto.com Fights Back Against Secret Data Breach Claims

TLDR

• Crypto.com denied claims it failed to disclose a 2023 data breach where hackers accessed an employee account through phishing
• The attack was carried out by Noah Urban from hacking group Scattered Spider, who gained access to personal information of a small number of users
• No customer funds were compromised in the breach, which was contained within hours according to the company
• CEO Kris Marszalek called accusations of non-disclosure “misinformation” and said the incident was reported to US regulators
• The breach occurred before March 2023, with Urban later arrested and sentenced to 10 years in prison for hacking 13 companies

Crypto exchange Crypto.com has pushed back against allegations that it concealed a 2023 security incident from regulators. The controversy emerged after Bloomberg reported details about a previously unreported cyberattack on the platform.

The attack was carried out by Noah Urban, a teenage member of the cybercriminal group Scattered Spider. Urban specialized in phishing attacks targeting employees at telecommunications, technology, and cryptocurrency companies to gain access to sensitive data.

Working with another hacker known as “Jack,” Urban successfully compromised a Crypto.com employee’s account. This type of social engineering attack has become common in the crypto industry, where criminals target exchange staff to access customer information.

The breach occurred sometime before March 2023, when Urban was targeted in an FBI raid. Authorities seized $4 million worth of cryptocurrency, along with hundreds of thousands of dollars in cash and jewelry from the hacker.

Urban was arrested nine months later in January 2024. He was charged with involvement in attacks on 13 different companies and later pleaded guilty to the charges.

Company Response to Breach Claims

The exchange said it detected the phishing campaign targeting its employee in 2023. According to the company, the incident was contained within hours of detection.

Crypto.com maintained that it properly disclosed the breach to authorities. The spokesperson said the company filed a “Notice of Data Security incident” in the US-based Nationwide Multistate Licensing System.

CEO Addresses Misinformation Claims

CEO Kris Marszalek responded to the controversy on social media platform X. He called suggestions that the company failed to report the security incident “completely unfounded.”

Marszalek said “misinformation was spreading from uninformed sources” regarding the breach disclosure. He reiterated that the company reported the incident to US regulators and other relevant authorities.

Exchange Volume and Partnerships

Crypto.com has experienced growth in trading volume alongside other USD-backed cryptocurrency exchanges. In August, the platform processed more volume than rival exchange Coinbase, according to data from The Block.

The company recently finalized a partnership with Trump Media & Technology Group. The agreement establishes a digital asset treasury company focused on acquiring CRO, the native token of the Cronos blockchain.

This deal represents closer ties between the cryptocurrency industry and the current US administration. Urban was ultimately sentenced to 10 years in prison for his role in the cybercriminal activities.

The post Crypto.com Fights Back Against Secret Data Breach Claims appeared first on CoinCentral.