Crypto.com says report of undisclosed user data leak ‘unfounded’

Crypto.com CEO Kris Marszalek says the exchange had disclosed a 2023 security breach to regulators, and accusations suggesting otherwise were misinformation.

Crypto exchange Crypto.com has denied that it kept a 2023 data leak of user details a secret from authorities.

Bloomberg reported on Friday that Noah Urban, a member of the hacking group Scattered Spider, said the group had phished their way into gaining access to a Crypto.com employees account sometime before early 2023, which exposed the personal information of some users.

Blockchain investigator ZachXBT then claimed on X that Crypto.com had “covered up a breach that impacted the personal information of your users,” adding that Crypto.com had been “breached several times.”

Bloombergs report saw some crypto pundits criticize Crypto.com, arguing it should have been more publicly transparent amid heightened anxiety over user data leaks after major exchange Coinbase was exploited for customer information earlier this year.

However, a Crypto.com spokesperson told Cointelegraph that the company made a “Notice of Data Security incident filing” in the US-based Nationwide Multistate Licensing System and in “additional reports with the relevant jurisdictional regulators.”

Crypto.com says hack impact was “limited”

The spokesperson said the company “detected a phishing campaign that targeted one of our employees in 2023.”

The incident “included exposure of limited PII [Personally Identifiable Information] data affecting a very small number of individuals,” they added. “The incident was contained within hours of detection, and no customer funds were accessed or ever at risk.”

Its unclear if Crypto.com had notified those affected by the breach or if its filings of the incident with regulators were made publicly available. Crypto.com did not immediately respond to further questions.

Related: CZ sounds alarm as ‘SEAL’ team uncovers 60 fake IT workers linked to North Korea

Exchange boss claims “misinformation”

Crypto.com CEO Kris Marszalek made a similar post on X on Sunday, adding that “misinformation was spreading from uninformed sources.”

“Any suggestion that we did not report or disclose a security incident is completely unfounded,” he said, adding that the company reported the breach in the US and with “relevant jurisdictional regulators.”

Earlier this month, Trump Media & Technology Group, the parent of US President Donald Trumps Truth Social platform, finalized an agreement with Crypto.com to establish a Cronos (CRO) treasury.

The deal represented a deepening of ties between the crypto industry and the Trump administration.