Crypto.com‘s top executive,
Kris Marszalek, is disputing claims that the platform failed to properly communicate details about a security breach in 2023. He characterizes the controversy as stemming from inaccurate information circulated by individuals lacking complete understanding.
His response follows a detailed
report
by Bloomberg, suggesting the exchange experienced a cyberattack, allegedly linked to a hacking group called Scattered Spider, known for using social engineering to gain unauthorized access.
The Bloomberg account indicates that members of Scattered Spider reportedly posed as Crypto.com’s own IT personnel, successfully persuading several employees to reveal their login credentials.
These attackers then allegedly attempted to gain broader control by using these compromised credentials to target accounts with higher privileges.
The report asserts that Crypto.com did not adequately inform the public about the incident, leading security professionals to express concerns about the level of transparency at one of the digital asset industry’s prominent platforms.
Crypto.com’s Defense
On September 22, Marszalek addressed the situation in a
statement
on X, emphasizing that “any insinuation that we withheld reporting or disclosing a security incident is completely false.”
He further
explained:
“As a regulated entity, we are obligated to report all incidents to the relevant regulatory bodies, which we did. Bloomberg was aware of this, but it was conveniently left out of their story, as it didn’t fit their agenda.”
According to Marszalek, the company submitted a Notice of Data Security under the Nationwide Multistate Licensing System, alongside additional reports to regulators in applicable jurisdictions.
Marszalek clarified that the event originated from a phishing attempt directed at a single employee, which was quickly contained. He stated that no customer funds were compromised and that the breach involved only limited personal data from a small subset of users.
He concluded:
“Our systems are rigorously tested and constantly being improved. We take pride in our security-focused culture and in holding the most security certifications of any company within our sector.”
CRO Token Dips
This
controversy
occurred during a period of significant volatility in the broader cryptocurrency market, with Crypto.com’s native
Cronos
token experiencing a 10% decrease in value over the preceding 24 hours, reaching $0.20 at the time of reporting.
Data from
CryptoSlate
indicates that this downward trend mirrored a broader market downturn, with
Bitcoin and Ethereum also experiencing sharp drops, leading to approximately $1.7 billion in liquidations across various exchanges.