Crypto.com Accused of Covering Up Teen Hacker Attack That Breached Employee Account and Exposed Personal Data

Teen Hacker Breach Exposes Crypto.com Employee Data Raising Security Questions

Crypto.com has faced scrutiny following revelations that a teenage hacker and his accomplice accessed an employee account, exposing personal information of a small number of users.

The breach, detailed in a Bloomberg Businessweek report, involved Noah Urban, a member of the cybercriminal group Scattered Spider, who specialised in phishing attacks targeting staff at telecommunications, technology, and cryptocurrency companies.

How Social Engineering Gave Hackers Access To Sensitive Data

Urban, working alongside an accomplice known only as “Jack,” successfully compromised a Crypto.com employee account.

Unlike direct attacks on trading systems, this method relied on manipulating employees to gain entry to sensitive company data.

A Crypto.com spokesperson told Bloomberg that no customer funds were accessed and that only a “very small number of individuals” were affected.

However, blockchain investigator ZachXBT criticised the exchange on X, noting that “they’ve been breached several times,” and called for greater transparency.

FBI Raid And Arrest Highlight The Severity Of The Hacker’s Activity

The attack occurred before March 2023, when Urban’s activities drew FBI attention.

During a raid on his home, authorities seized $4 million in cryptocurrency, along with substantial cash and jewellery.

Urban was arrested nine months later in January 2024, charged with hacking 13 different companies, and ultimately sentenced to 10 years in prison after pleading guilty.

Crypto.com Faces Comparisons To Rival Exchanges In Security Handling

The incident puts Crypto.com under the spotlight as it competes with other USD-backed exchanges.

In August, the platform processed more trading volume than Coinbase, highlighting its growing influence.

By contrast, Coinbase previously suffered losses of hundreds of millions after criminals bribed offshore staff to access customer accounts.

Both cases reflect a pattern where attackers exploit employees rather than the exchanges’ technical systems.

Is Crypto.com’s Silence On Breaches Risking User Trust?

Despite the breach being contained, Crypto.com has come under criticism for limited public communication.

CEO Kris Marszalek addressed the situation on X, describing claims of concealment as “completely unfounded” and stressing that the company had reported the incident to regulators.

He described the spread of information around the breach as “misinformation from uninformed sources.”

Rising Profile Makes Exchanges A Target For Cybercrime

The timing of the breach is notable.

Crypto.com has partnered with Trump Media & Technology Group to create a digital asset treasury focused on acquiring CRO, the native token of the Cronos blockchain.

As trading volume grows, so does the potential appeal to cybercriminals who see large exchanges as lucrative targets.

Experts note that centralised platforms inherently concentrate both funds and sensitive data, leaving them exposed to attacks that exploit staff as entry points.

Hacker Sentenced But Lessons For Exchange Security Remain

Urban’s 10-year sentence closes one chapter in this saga, but the breach raises wider concerns about exchange security.

Even with minimal data exposure and no stolen funds, the lack of clear disclosure could erode user confidence, illustrating the high stakes of transparency in the cryptocurrency industry.