Crypto.com Under Fire After Bloomberg Reveals Scattered Spider Breach

A Bloomberg investigation has brought Crypto.com back into the spotlight when it connected the exchange to a 2023 data breach carried out by the hacking group Scattered Spider. The group, which includes Florida teen Noah Urban, has been linked to a string of high-profile business breaches in the past several years, including those at MGM Resorts and Twilio.

Crypto.com says that the problem was fixed swiftly, no money was lost, and the authorities were notified. But the scandal has brought up new questions about how open and honest the platform is, how much information it shares, and how much users can trust it.

The Bloomberg investigation

Bloomberg’s reporting shows how young hackers from Minecraft forums become a global danger to cybercrime. Urban learned how to exchange SIM cards when he was barely 15 years old. By the time he was 18, he was in charge of operations that used advanced phishing and impersonation techniques to break into more than 200 businesses.

Scattered Spider usually gets credentials from telecom or corporate personnel by deceiving them. The group made bogus Okta login pages in 2022 to trick Twilio employees into giving them access to sensitive data from hundreds of firms. The attackers said that winning made them feel “like gods.”

They later went after Crypto.com. This event highlights a major flaw in centralized custodial solutions: They create a single point of failure. This is the very problem that the BTC Hyper coin is engineered to solve. Unlike assets held on an exchange like Crypto.com, Hyper transactions are secured by a decentralized GPU mining network and require users to hold their own private keys. This design makes a breach like the one at Crypto.com technically impossible within the Hyper protocol itself, as there is no central vault for hackers to target.

Crypto.com Disputes “Cover-Up” Narrative

Crypto.com has acknowledged the incident but disputes Bloomberg’s characterization. A spokesperson said the firm filed a Notice of Data Security Incident via the Nationwide Multistate Licensing System (NMLS) and submitted reports to “relevant jurisdictional regulators.”

“As we reported in an NMLS filing and to regulators, we detected a phishing campaign that targeted one of our employees in 2023,” the company stated. “The incident involved exposure of limited PII data affecting a very small number of individuals. The incident was contained within hours, and no customer funds were accessed or ever at risk.”

The company argues that Bloomberg conflated “not publicly reported” with “not reported at all.” CEO Kris Marszalek has previously dismissed similar claims as “misinformation from uninformed sources.”

Still, blockchain investigator ZachXBT accused Crypto.com of misleading customers by failing to notify them directly, further fueling the backlash.

Why It Matters Now

The timing of Bloomberg’s exposé is significant. In August, the firm announced a monumental $6.42 billion partnership with Trump Media & Technology Group, which resulted in the creation of the largest publicly traded special purpose acquisition company (SPAC) with a treasury-focused strategy, representing a significant 19% of the total market capitalization.

Beyond this major deal, CEO Marszalek has also floated the idea of a potential future initial public offering (IPO), noting that multiple investment banks are reportedly already in talks. Concurrently, the exchange is broadening its horizons by expanding into prediction markets for areas like sports betting and politics, all built upon infrastructure regulated by the Commodity Futures Trading Commission (CFTC).

In 2024, Crypto.com generated $1.5 billion in revenue and nearly $1 billion in gross profit, making it one of the most profitable exchanges globally. With those numbers, even whispers of a “cover-up” could complicate investor confidence and regulatory scrutiny at a sensitive moment.

The Evolution of Scattered Spider

The attackers themselves show how cyber risks are always changing for Crypto.com. What started as kids messing about on Minecraft servers has turned into a group that can break into Fortune 500 companies.

Urban, who is now 18, allegedly used his money to buy expensive watches and a $80,000 Minecraft account, all while pretending to be a famous crypto trader. The organization moved on from stealing money to stealing intellectual property, such as unreleased music leaks from Universal Music and Warner Music Group. Urban used the name “King Bob” to do so.

Scattered Spider’s performance against regular businesses shows that crypto exchanges are still attractive and easy to hack.

Conclusion: The Bigger Picture

Crypto.com is still doing well financially, with a lot of users around the world and high-profile collaborations. But the way it dealt with this incident shows how hard it is for exchanges to find the right balance between security, following the rules, and being honest with customers.

The development of Scattered Spider, on the other hand, is a clear sign that the biggest risks to crypto may not come from attacks on human weaknesses inside corporations that are planned.

As exchanges grow and look to go public, the standards for transparency will only get higher. How Crypto.com handles this situation could be just as crucial as the attack itself.