Crypto.com, one of the largest cryptocurrency exchanges in the world, denied the claims that it leaked the 2023 data breach of some user information.
The trouble started when a Bloomberg article reported on claims made by Noah Urban, a member of the Scattered Spider-hacking group, alleging the group accessed the account of a Crypto.com employee through phishing and disclosed personal information for some users.
On top of that, blockchain investigator ZachXBT on X said that the platform had “covered up a breach” but had also been breached “several times” before that incident.
It was not long until the claims began to move throughout the Crypto.com user base, and commentators began to question the transparency of the platform.
Crypto.com Maintains It Properly Reported the Incident
In response, Crypto.com released a statement via a company representative, stating that the accusations of a cover-up had no basis.
The exchange stated that it submitted a “Notice of Data Security incident” to the Nationwide Multistate Licensing System (NMLS) based in the United States and provided related reports to regulators in its markets.
The company said that the incident was a phishing attack against an employee in 2023.
According to Crypto.com, the breach was quickly contained by IT specialists within hours, involved only a handful of people, and, most importantly, no customer funds were ever at risk.
Also Read: Bitcion ATM Bitcoin Depot Alerts 27,000 Users To Last Year’s Data Breach
Questions Remain Over Public Disclosure and Notifications
Even after the company clarified, there is still uncertainty surrounding the announcement. Crypto.com has not confirmed whether users were notified directly, nor whether its regulatory discretion was public.
This uncertainty led some to question the company’s announcement plan, particularly in a time when consumer trust in exchanges is not particularly high.
Earlier this year, the exchange Coinbase received criticism when hackers took advantage of a security vulnerability to obtain customer data, which raised awareness around how exchanges treat or respond to breaches.
In that context, analysts believe the company should have taken a more transparent approach to reassure its customers globally.
Also Read: Hackers Claim to Have Stolen User Data from Gemini and Binance
CEO Labels Allegations as “Misinformation”
Kris Marszalek, the CEO of Crypto.com, also directly addressed the matter on X, calling the allegations “misinformation from uninformed sources.”
Marszalek has stated that the exchange informed the applicable authorities in the United States and other jurisdictions about the security incident.
He underscored that the allegations of non-disclosure were “totally baseless” and false.
His public defense occurs as Crypto.com expands its operations and partnerships.
Earlier this month, for example, Trump Media & Technology Group, the parent company of former President Donald Trump’s Truth Social service, announced it had done a “deal” with Crypto.com to set up a Cronos treasury, showing the exchange’s emerging political and financial influence.
Also Read: FTX Creditors Take Legal Action Against Kroll Over Daily Scam Emails Following 2023 Data Leak
Rising Data Leaks in the Crypto Sector
The Crypto.com claims arise from a number of different cryptocurrency-related cybersecurity breaches.
On May 8th, ransomware group LockBit was also hacked, exposing close to 60,000 Bitcoin addresses and a number of messages attributable to victims, although they were quick to reassure the public that no private keys were involved, according to UnoCrypto.
Additionally, on August 13th, we reported that a data breach involving FTX creditors had also occurred, exposing victims to the risk of being scammed.
These types of incidents show the ongoing risk that crypto exchanges and their users continue to be challenged by.
This further highlights the importance of transparency, best security practices, and timely communication to establish credibility in a sector that is prone to cybercriminal activity.
Also Read: Solana Co-founder’s Personal Data Exposed In Instagram Hack, Details Inside