Crypto.com joins list of exchanges hit by scattered spider
TL;DR Breakdown
- A Scattered Spider teen hacker breached Crypto(.)com, exposing limited personal data.
- Crypto.com never disclosed the 2023 incident, sparking backlash from ZachXBT over transparency failures.
- Hacker Noah Urban was later arrested, with the FBI seizing $4M in assets.
A teenage cybercriminal tied to the notorious Scattered Spider hacking crew reportedly slipped into Crypto.com’s systems by compromising an employee account. The incident turned out to be never previously disclosed by the exchange. However, it is now drawing scrutiny over the platform’s transparency and industry-wide security practices.
The report mentions that Noah Urban, specialist in phishing campaigns against employees, gained credentials that opened the door to sensitive systems. In Crypto.com’s case, the attackers accessed an internal staff account. It added that the exchanges are frequent targets of such tactics. Earlier, reports have emerged about Coinbase when it suffered hundreds of millions in losses after criminals bribed offshore support staff to obtain customer data.
ZachXBT Slams Crypto.com
Crypto.com confirmed the incident but downplayed its impact. It told Bloomberg that only a “very small number” of individuals’ personal information was compromised and no customer funds were lost. Meanwhile, the company has not issued a public disclosure. This move drew sharp criticism from blockchain investigator ZachXBT. He had already accused the exchange of repeatedly concealing breaches.
As reported, the attack took place before March 2023. The FBI raided the hacker’s residence and seized $4 million in crypto, cash, and jewelry. Urban was arrested in January 2024 and sentenced to 10 years in prison for involvement in hacks targeting 13 companies.
The major revelation has reignited debate over the crypto industry’s handling of security breaches. It also highlighted risks posed by Know Your Customer (KYC) regulations. Critics are now arguing that mandatory collection of personal data creates lucrative honeypots for hackers. Security researcher Pcaversaccio put it bluntly: “You can change a password easily, but not your passport. We’re basically the collateral in their surveillance racket.”
KYC in Spotlight After Breach
This concern dovetails with broader industry frustration. Coinbase CEO Brian Armstrong has previously called the Bank Secrecy Act and related AML rules outdated. He mentioned that they force companies to collect sensitive data “against our will” without effectively deterring crime.
The controversy lands at a time when Crypto.com has been enjoying stronger trading activity. The exchange processed more volume than Coinbase in August and recently announced a partnership with Trump Media to launch a digital asset treasury focused on acquiring its native Cronos (CRO) token.
The hack update comes in when the global digital assets market is entering the second phase of the bull run. The cumulative crypto market cap is hovering above $4 trillion while Bitcoin bulls are trying to regain the $120K. However, a massive resistance aroud $116k-$117k is dragging BTC behind.
