Key Takeaways
- A new report reveals a previously undisclosed crypto.com data breach from 2022, executed by a teen hacker.
- The exchange denies a cover-up, stating it reported the incident to regulators via a Nationwide Multistate Licensing System (NMLS) filing.
- The breach involved a phishing attack on an employee and exposed limited personal user information.
Table of Contents
The Crypto.com Data Breach Revealed
A Bloomberg report has disclosed a crypto.com data breach that had not been previously disclosed and occurred prior to March 2023. The attack was carried out by Noah Urban, a teenage member of the Scattered Spider hacking collective, who used phishing techniques to compromise an employee’s account. This provided access to the personal information of a limited number of users. The incident came to light through Urban’s recent jailhouse confessions following his arrest and subsequent 10-year prison sentence.
Crypto.com’s Forceful Rebuttal
In response, the CEO of Crypto.com, Kris Marszalek, denied the assertion that the event was not disclosed, calling the claims “wholly unfounded.” The company states it filed a “Notice of Data Security Incident” with the US Nationwide Multistate Licensing System (NMLS) and other relevant jurisdictional regulators. A spokesperson emphasized that the breach was contained within hours, no customer funds were ever at risk, and only a very small number of individuals were affected.
Read also: Sweden’s Massive Data Leak: 100M Records Exposed in Shocking Security Failure
Community Reaction and Remaining Questions
The revelation sparked immediate criticism from prominent blockchain investigator ZachXBT and others, who claimed the exchange is covering something up. It shows the conflict between corporate transparency and the procedural norms to communicate reports of incidents to regulators directly instead of announcing them publicly. It poses the question of how much of a breach it would require to go public for users.
A Transparency Issue
While it seems that Crypto.com data breach has engaged in the appropriate regulatory disclosures, this incident reveals a larger industry discussion happening over transparency. A significant breach was unknown to the public for several years and was only publicly communicated through a hacker’s admission in an interview. These types of actions raise questions about whether crypto projects truly provide immediate, transparent communications to the crypto community, or there might be more incidents happening behind the scenes.
Final Thought: If a hack (like the Crypto.com data breach) occurred and was reported to regulators but not the public, has the project been transparent with its users?
FAQs
Who is Scattered Spider?
Scattered Spider is a well-known cybercriminal group that carries out sophisticated phishing attacks against major companies, particularly in the tech and telecom sectors.
What is an NMLS filing?
The Nationwide Multistate Licensing System is a US-based public registry where financial services companies report certain compliance and regulatory events, including data breaches.
Was my data or funds compromised?
Crypto.com reports that the breach was limited, impacted very few users, and that customer funds were not affected. If your data or funds were involved, you would most likely have received a direct notice regarding it.
For more crypto.com stories, read: Massive Vietnam Data Breach: National Credit Center Hacked – Protect Your Crypto!
