Crypto.com Breach Tied to Scattered Spider

Crypto.com, one of the world’s most recognizable cryptocurrency platforms, has confirmed that it was affected by a security incident linked to the notorious hacker collective known as Scattered Spider. While the company has emphasized that no customer funds were lost and that the breach was swiftly contained, new details about the case reveal how deep the problem of social engineering and cybercrime has become in the digital financial world.

The story came to light through a Bloomberg report that described the incident as “previously unreported.” The disclosure sent ripples through the crypto community, many of whom are already cautious about security risks surrounding digital assets.

According to Crypto.com, what happened was limited in scale and quickly brought under control. A spokesperson explained that only a very small number of users were affected, and even then, the impact was restricted to certain personal data being exposed. The company insisted there was no risk to customer funds at any point. Chief Executive Officer Kris Marszalek doubled down on this assurance, posting on X that any claim suggesting the company tried to hide the incident was “completely unfounded.” He noted that the company had filed the necessary reports with regulators, including a Notice of Data Security Incident.

Marszalek explained that the issue stemmed from a phishing campaign that targeted one of Crypto.com’s employees back in 2023. Attackers used stolen personal data to trick staff and gain access to internal systems, but he stressed that the incident was fully contained within hours. The company’s position is clear: they followed procedure, disclosed the breach, and resolved it before it could spiral into a larger crisis.

Behind the scenes, investigators traced the attack to a young man named Noah Urban, who operated as part of Scattered Spider. Urban, originally from Florida, was only a teenager when he joined the group and took on the role of a “caller.” His job was to impersonate trusted employees over the phone, convincing actual staff members to hand over credentials and access codes. By leveraging these tactics, Urban and his accomplices managed to infiltrate Crypto.com’s systems and obtain sensitive data.

The method used was not sophisticated hacking in the traditional sense. Instead, it was pure social engineering—an approach where human error becomes the weak point. Urban and his team relied on psychological manipulation, convincing people to give up critical information. To make matters worse, they also had access to stolen personal records, including data pulled from a United Parcel Service database, which made their impersonations even more convincing.

Once inside, the hackers could gather valuable user information, though Crypto.com insists no customer wallets were compromised. The breach was part of a much larger pattern. Scattered Spider has been linked to more than 200 cyber intrusions in recent years, targeting not just crypto exchanges but also telecom providers, gaming studios, and large retail companies. Their techniques often include SIM-swapping, phishing emails, and phone-based scams. For companies that rely heavily on digital operations, they represent one of the most persistent threats.

The legal consequences for Urban have been severe. Indicted in November 2024 alongside four others, he pled guilty in April 2025 to charges of wire fraud and aggravated identity theft. Just last month, he was sentenced to 10 years in prison. Authorities also seized around $4.8 million in cryptocurrency from his devices and ordered him to pay $13 million in restitution to more than 30 victims. Reports estimate the total losses connected to his activities at up to $25 million.

The case highlights the complexity of cybersecurity in the cryptocurrency sector. While blockchain technology itself is often described as secure, the human element remains a critical vulnerability. Phishing campaigns, fake calls, and identity theft continue to be effective because they bypass technical defenses by directly targeting people. Even the most sophisticated platforms can find themselves compromised if employees or users are manipulated into revealing sensitive information.

For Crypto.com, the incident is a reminder of the constant vigilance required to protect millions of customers worldwide. As one of the largest exchanges, with services for both retail and institutional clients, the platform cannot afford reputational damage. Marszalek’s strong denial of a cover-up reflects how sensitive the issue of trust is in the crypto industry. Any suggestion that a platform hid information about a breach can lead to panic among users and harm the credibility of the exchange.

Cybersecurity experts have also weighed in, noting that while the scale of the incident was relatively small, it points to a bigger issue facing financial technology companies. Shān Zhang, chief information security officer at blockchain security firm Slowmist, which previously audited Crypto.com’s systems, called it a “small, internally controllable issue.” He explained that it had been resolved long ago, but he also pointed out that such cases underline the need for ongoing awareness training and strong internal security policies.

The rise of groups like Scattered Spider shows how cybercrime is evolving. These are not lone hackers working in isolation but organized collectives that coordinate their activities, share stolen data, and specialize in different roles. With younger members like Urban, some barely out of their teens, they are increasingly bold in targeting major institutions. The financial rewards are high, but so are the risks, as demonstrated by the lengthy prison sentences handed out.

For users of platforms like Crypto.com, the takeaway is clear. While the company has reassured customers that funds were never at risk, individuals must remain cautious about phishing attempts and suspicious communication. Personal data is often the first door hackers try to unlock, and once it is compromised, even the strongest technical systems can be bypassed.

The Crypto.com breach may not have caused financial losses this time, but it serves as another warning sign for the industry. Digital assets attract not only investors but also criminals who are constantly looking for vulnerabilities. For exchanges, the battle for security is never-ending, and for users, the responsibility to stay alert has never been greater.