Crypto.com data breach was a limited data-exposure incident that affected a very small number of users’ partial personal information; no customer funds were accessed. The breach, linked to the Scattered Spider group and confirmed by Crypto.com, was contained within hours and reported to relevant regulators.
Limited data exposure: few users affected, no funds accessed
Incident tied to Scattered Spider phishing campaign and teenage operators
Company reported to regulators; public disclosure practices drew criticism from blockchain investigator ZachXBT
Crypto.com data breach: limited user data exposed, no funds at risk — learn what happened and how to protect your account. Read the full report and recommended actions.
‘,
‘
🚀 Advanced Trading Tools Await You!
Maximize your potential. Join now and start trading!
‘,
‘
📈 Professional Trading Platform
Leverage advanced tools and a wide range of coins to boost your investments. Sign up now!
‘
];
var adplace = document.getElementById(“ads-bitget”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexBitget”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesBitget.length) : sessperindex;
adplace.innerHTML = adscodesBitget[adsindex];
sessperindex = adsindex === adscodesBitget.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexBitget”, sessperindex);
}
})();
What is the Crypto.com data breach?
Crypto.com data breach refers to a limited 2023 incident where attackers accessed partial personal information of a very small number of users. Crypto.com confirmed the event to regulators, stressing that no customer funds were accessed and that the phishing campaign was contained within hours.
How were users affected and what data was exposed?
According to reporting by Bloomberg and commentary from blockchain investigator ZachXBT, attackers obtained partial personal information for a subset of accounts. The exposed data did not include user funds, private keys, or full account credentials.
Crypto.com stated impacted records were limited and emphasized rapid containment and notification to relevant regulators. Exact figures were not publicly disclosed by the company.
How did the attackers gain access?
The incident has been attributed to the Scattered Spider group, which evolved from SIM-swapping to targeted phishing and social-engineering campaigns. Teenage operators, including an individual identified as Noah Urban, used persuasive calling and credential harvesting to infiltrate corporate systems.
‘,
‘
🔒 Secure and Fast Transactions
Diversify your investments with a wide range of coins. Join now!
‘,
‘
💎 The Easiest Way to Invest in Crypto
Dont wait to get started. Click now and discover the advantages!
‘
];
var adplace = document.getElementById(“ads-binance”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexBinance”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesBinance.length) : sessperindex;
adplace.innerHTML = adscodesBinance[adsindex];
sessperindex = adsindex === adscodesBinance.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexBinance”, sessperindex);
}
})();
Law enforcement actions later charged participants with wire fraud and aggravated identity theft, underscoring the coordinated nature of the campaign.
Crypto.com publicly stated the incident was detected and contained within hours and reported in a NMLS Notice of Data Security incident filing and to jurisdictional regulators. CEO Kris Marszalek emphasized a “security-first” culture and reiterated that no customer funds were ever at risk.
Despite these filings, some investigators criticized the company for not proactively notifying impacted users via public channels, prompting debate on disclosure standards in the crypto industry.
Authorities arrested and charged several individuals linked to the campaign. Court filings and subsequent pleas resulted in criminal penalties, seizure of criminal proceeds, and restitution orders. Reported enforcement outcomes include seizure of crypto assets and prison sentences for central operatives.
‘
];
var adplace = document.getElementById(“ads-htx”);
if (adplace) {
var sessperindex = parseInt(sessionStorage.getItem(“adsindexHtx”));
var adsindex = isNaN(sessperindex) ? Math.floor(Math.random() * adscodesHtx.length) : sessperindex;
adplace.innerHTML = adscodesHtx[adsindex];
sessperindex = adsindex === adscodesHtx.length – 1 ? 0 : adsindex + 1;
sessionStorage.setItem(“adsindexHtx”, sessperindex);
}
})();