Crypto.com CEO Kris Marszalek is pushing back against allegations that the exchange concealed a security breach detailed in a Bloomberg report.
Bloomberg reported on 19 September that Noah Urban, a teenage hacker linked to the Scattered Spider group, and an accomplice gained access to a Crypto.com employee account in early 2023.
The attack exposed some personal data from a small number of users but did not compromise customer funds.
Urban was arrested in January 2024 and later pleaded guilty in connection with hacks at multiple companies.
In August 2025, a U.S. judge sentenced him to 10 years in prison and ordered forfeiture and restitution.
In his post on X, Marszalek said the company filed the required notifications, including a Notice of Data Security Incident under the Nationwide Multistate Licensing System, along with reports to relevant regulators.
He said the breach stemmed from a phishing campaign targeting an employee, was contained within hours and involved only limited user information.
I want to directly and clearly address some misinformation spreading from uninformed sources…
Any suggestion that we did not report or disclose a security incident is completely unfounded – as we reported in a NMLS Notice of Data Security incident filing and in additional…— Kris | Crypto.com (@kris) September 22, 2025
