Crypto.com CEO denies concealment allegations linked to 2023 phishing attack

A teenager and his accomplices took control of crypto exchange Crypto․com’s employee account in 2023, which blockchain investigator ZachXBT has accused the company of concealing. 

Replying to the exchange’s post on Saturday, ZachXBT claimed the platform had been compromised several times, but it allegedly “covered up a breach that impacted the personal information of users.”

Crypto.com CEO: We did not cover up a public breach

Chief executive Kris Marszalek responded to ZachXBT’s allegations on Monday, calling them “completely unfounded.” In a post on X, he wrote that the company did not fail to disclose a security breach and had filed a “Notice of Data Security incident” with regulators.

I want to directly and clearly address some misinformation spreading from uninformed sources…
Any suggestion that we did not report or disclose a security incident is completely unfounded – as we reported in a NMLS Notice of Data Security incident filing and in additional…

— Kris | Crypto.com (@kris) September 22, 2025

According to Marszalek, the 2023 incident involved a phishing campaign that targeted an employee but was contained within hours. 

“No customer funds were accessed or ever at risk, and impacted an extremely limited number of our users’ partial PII. Our systems are battle-tested and continuously improving – we’re proud of our security-first culture and having the most security certifications of any company in our industry,” Marszalek asserted.

But after his response, ZachXBT asked the CEO to share a URL of where the incidents were publicly disclosed, much like Coinbase and Gemini did earlier this year for their breaches.

“Since the Crypto.com CEO Kris blocked me, I cannot reply to his post and will just reply here…User balances, names, emails, & phone numbers leaked from other incidents is a bit more than just ‘partial PII,” the investigator replied. 

In July, ZachXBT accused the company of insider trading, for burning 70 billion CRO tokens in 2021, only to reissue the same amount in 2023 through a governance vote in which validators linked to the exchange controlled most of the outcome.

“Remember, they printed more tokens, too, out of nowhere. All shades of red flags,” one user commented on the allegations. Crypto․com has not responded to those claims, and is still building partnerships, including an alliance with Trump Media to create a digital asset treasury for CRO.

Teenage hacker behind the Crypto.com breach

According to Bloomberg’s investigations, the perpetrators were part of the Scattered Spider collective, including an 18-year-old from Florida named Noah Urban. 

Urban admitted he took part in one of the world’s most destructive cybercrime networks, which in 2023 orchestrated an attack on MGM Resorts International that caused $100 million in damages, and another on British retailer Marks & Spencer for around $400 million.

With the assistance of another hacker known only as Jack, the teenager reportedly used social engineering techniques to impersonate staff and “talked their way” into accessing a Crypto.com employee’s account, alongside United Parcel Service systems, to gather personal data. 

UPS later confirmed it had patched the vulnerability but declined to provide details on the matter. For Crypto․com, a company spokesperson said the episode only affected “a very small number of individuals” and no customer funds were compromised.

Noah Urban was sentenced to prison

Noah Urban’s path into cybercrime began at age 15 in Minecraft gaming communities, where he learned SIM-swapping techniques that required little technical expertise. 

According to Bloomberg, Urban had a deep voice that was unusual for his age; he used to impersonate telecommunications staff and trick employees into sharing phone numbers.

“Hey, my name is Kevin, and I’m calling from the T-Mobile internal security management,” read one of the scripts the then-teenager was using for his social engineering tactics. 

As disclosed in the investigative piece, he earned $50 for every successful call, even racking up as high as $3,000 in a single week while his gaming friends listened to his Discord channel.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.