Crypto.com Denies Being Hacked by Scattered Spider Group - Setting the Record Straight

Crypto.com Refutes Bloomberg's Report About Scattered Spider Attack

Cryptocurrency exchange Crypto.com is strongly denying recent claims that it fell victim to a significant cyber attack by the notorious hacking group Scattered Spider. The denial comes in response to a Bloomberg report published on September 21, which alleged that the exchange had suffered an unreported security breach.

According to Bloomberg, hackers from Scattered Spider allegedly managed to access users' personal data by impersonating Crypto.com employees. The report claimed the attackers utilized stolen information, including records from a United Parcel Service database, to deceive staff and obtain sensitive information.

Who Are the Scattered Spider Hackers?

Scattered Spider, also known by aliases like UNC3944, Octo Tempest, and Muddled Libra, is a cybercriminal group primarily composed of young English-speaking hackers based in the United States and United Kingdom. The group has gained notoriety for its social engineering tactics, including phishing, SMS phishing (smishing), identity theft, and bypassing multi-factor authentication methods.

Since 2022, they have targeted large companies across various sectors including technology, finance, retail, and hospitality. Their operations typically involve data theft, ransom demands, and extortion through threats of public disclosure. U.S. and UK security authorities regularly issue detailed alerts about their evolving tactics to help organizations protect themselves.

The Exchange's Strong Denial

Crypto.com CEO Kris Marszalek quickly responded to the allegations on X (formerly Twitter), describing Bloomberg's claims as "completely unfounded." Marszalek clarified that while the company did detect a phishing campaign targeting an employee in 2023, they immediately took action to contain the breach.

"I want to respond directly and clearly to some misinformation from uninformed sources... Any claim that we did not report or disclose a security incident is completely unfounded. As reported in a data security incident notice filed with the NMLS and in other reports to relevant regulatory authorities, we detected a phishing campaign targeting one of our employees in 2023. The incident was contained within hours, no customer funds were accessed or put at risk, and had an extremely limited impact on partial personal information of our users. Our systems are tested and constantly improved. We are proud of our security culture and our industry-leading number of security certifications."

A spokesperson for Crypto.com further emphasized that the incident was "contained within hours" and that no customer funds were accessed or endangered. The company also highlighted that it had strengthened its security measures to prevent similar attacks in the future.

Scattered Spider's Track Record

Scattered Spider has been linked to attacks on over 200 companies worldwide, including telecommunications providers, gaming studios, and retailers. Among the group's known members is Noah Michael Urban, approximately 20 years old, who was sentenced to ten years in prison in the United States for techniques like SIM-swapping and phishing aimed at hijacking accounts and stealing cryptocurrencies.

More recently, two British teenagers—Thalha Jubair, 19, and Owen Flowers, 18—were arrested for their alleged role in an attack against Transport for London in August 2024 and intrusions into U.S. health networks. Jubair is accused of participating in at least 120 international attacks, including 47 in the United States, generating over $115 million in ransoms.

Authorities have reportedly seized approximately $4.8 million in cryptocurrencies from Urban's devices, with estimated losses reaching up to $25 million from his activities.

Transparency in Security Incidents

This incident highlights the ongoing challenges cryptocurrency exchanges face in maintaining security while also managing public communications about potential breaches. Crypto.com maintains that it properly reported the 2023 phishing incident to the appropriate regulatory authorities and took swift action to mitigate any potential damage.

For users of cryptocurrency exchanges, this situation serves as a reminder of the importance of maintaining strong security practices, including using unique passwords, enabling two-factor authentication, and remaining vigilant against phishing attempts that might target their digital assets.