Crypto.com breach by Scattered Spider hackers exposed user data, Bloomberg reports

Crypto.com, one of the world’s largest cryptocurrency exchanges, suffered a previously undisclosed data breach at the hands of the Scattered Spider hacking group, according to a Bloomberg investigation that surfaced this week. The attack compromised personal information belonging to some customers, though the company insists no funds were accessed.

The breach, carried out by teenage members of Scattered Spider, was linked to Noah Urban, an 18-year-old from Florida who emerged as a central figure in the cybercrime network. The group has been tied to high-profile intrusions against MGM Resorts and dozens of other major corporations. Investigators say the hackers infiltrated Crypto.com by exploiting employee credentials through social engineering tactics, a hallmark of their operations.

ZachXBT, a well-known blockchain investigator, publicly criticized the exchange for keeping the incident from users. Crypto.com confirmed that “a very small number of individuals” were affected but acknowledged the compromise only after being contacted by Bloomberg. The company did not disclose the breach to customers at the time.

The revelation comes as Crypto.com CEO Kris Marszalek has been projecting confidence about the firm’s financial outlook. The Singapore-based exchange reported $1.5 billion in revenue and $1 billion in gross profit last year, and Marszalek has pointed to a strong fourth-quarter forecast while pursuing potential IPO plans and new partnerships, including with Trump Media & Technology Group.

Scattered Spider’s attack on Crypto.com followed its wider campaign of corporate intrusions. The group, which began with SIM-swapping schemes in online gaming communities, expanded into more advanced operations during the COVID-19 pandemic. By 2022, its members had created fake Okta login pages to compromise Twilio, gaining access to verification codes and employee credentials for more than 200 companies. That campaign, dubbed “0ktapus,” gave the hackers a blueprint to pursue larger targets, including financial institutions and technology providers.

Urban, who honed his skills by deceiving telecom employees with convincing impersonations of IT staff, turned his social engineering abilities into lucrative criminal ventures. Court documents and interviews describe how he purchased luxury goods, including a $35,000 diamond Rolex and an $80,000 Minecraft username, while presenting himself to family as a successful crypto trader.

Beyond Crypto.com, Scattered Spider targeted companies ranging from Universal Music Group to United Parcel Service, shifting from financial fraud into intellectual property theft and large-scale data harvesting. The group’s evolving methods and high-profile victims have made it one of the most closely watched cybercrime organizations operating today.