{"id":89136,"date":"2025-09-22T13:17:12","date_gmt":"2025-09-22T10:17:12","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=89136"},"modified":"2025-09-22T13:20:34","modified_gmt":"2025-09-22T10:20:34","slug":"bloomberg-uncovers-previously-unreported-crypto-com-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/bloomberg-uncovers-previously-unreported-crypto-com-hack\/","title":{"rendered":"Bloomberg Uncovers Previously Unreported Crypto.com Hack"},"content":{"rendered":"<p>The cryptocurrency exchange Crypto.com failed to disclose a breach in which hackers accessed an employee&#8217;s account, according to <a href=\"https:\/\/www.bloomberg.com\/news\/features\/2025-09-19\/multimillion-dollar-hacking-spree-scattered-spider-teen-s-jailhouse-confessions\">Bloomberg<\/a>.<\/p>\n<p>The attack was orchestrated by teenager Noah Urban from the Scattered Spider group and his accomplice. They employed phishing techniques to obtain login credentials for the exchange employee&#8217;s account.<\/p>\n<p>A representative from Crypto.com stated that the breach affected the personal data of &#8220;a very small number of individuals.&#8221; He assured that customer funds were not compromised.<\/p>\n<p>The attack occurred in 2023. During a search, the <span data-descr=\"Federal Bureau of Investigation\" class=\"old_tooltip\">FBI<\/span> seized $4 million in cryptocurrency, cash, and jewellery from Urban. In January 2024, he was arrested on charges of hacking 13 companies. The hacker was later sentenced to 10 years in prison.<\/p>\n<p>On-chain investigator ZachXBT criticized Crypto.com for concealing the data theft. He also noted that the exchange &#8220;has been breached several times.&#8221;<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">They\u2019ve been breached several times <a href=\"https:\/\/t.co\/ptAHq1ZTOG\">https:\/\/t.co\/ptAHq1ZTOG<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1969718961567940951?ref_src=twsrc%5Etfw\">September 21, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A platform representative told <a href=\"https:\/\/cointelegraph.com\/news\/crypto-com-report-undisclosed-user-data-leak-unfounded\">Cointelegraph<\/a> that the company filed a notice of the incident with the U.S. licensing system NMLS and informed other regulators. <\/p>\n<p>Crypto.com CEO Kris Marszalek described reports of concealing the breach as &#8220;misinformation from uninformed sources.&#8221;<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I want to directly and clearly address some misinformation spreading from uninformed sources\u2026<br \/>Any suggestion that we did not report or disclose a security incident is completely unfounded \u2014 as we reported in a NMLS Notice of Data Security incident filing and in additional\u2026<\/p>\n<p>\u2014 Kris | Crypto.com (@kris) <a href=\"https:\/\/twitter.com\/kris\/status\/1969917615276793990?ref_src=twsrc%5Etfw\">September 22, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>He confirmed that the company reported to U.S. and other relevant regulators.<\/p>\n<p>In May, ZachXBT <a href=\"https:\/\/forklog.com\/en\/news\/fraudsters-steal-45-million-from-coinbase-clients-in-a-week\">reported<\/a> that within a week, attackers stole $45 million from Coinbase users using social engineering methods.<\/p>\n<p>Later, the exchange <a href=\"https:\/\/forklog.com\/en\/news\/coinbase-reveals-number-of-users-affected-by-data-breach\">announced<\/a> that as a result of a data leak in December 2024, attackers obtained data from 69,461 customers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The cryptocurrency exchange Crypto.com failed to disclose a breach in which hackers accessed an employee&#8217;s account.<\/p>\n","protected":false},"author":1,"featured_media":89137,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Crypto.com failed to disclose a breach where hackers accessed an employee's account.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1452,44],"class_list":["post-89136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crypto-com","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"383","promo_type":"1","layout_type":"1","short_excerpt":"Crypto.com failed to disclose a breach where hackers accessed an employee's account.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/89136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=89136"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/89136\/revisions"}],"predecessor-version":[{"id":89138,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/89136\/revisions\/89138"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/89137"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=89136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=89136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=89136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}