Crypto.com has been revealed as the victim of a previously undisclosed cyberattack carried out by the notorious Scattered Spider hacking group, according to findings from a Bloomberg investigation. The breach, which was never publicly communicated to affected customers, exposed personal information of users though it reportedly did not involve the theft of funds.
How the Attack Unfolded
The breach was attributed to Scattered Spider, a cybercriminal group notorious for high-profile intrusions into major corporations, including MGM Resorts. Among its members was 18-year-old Florida resident Noah Urban, who rose to prominence within the organization. Bloomberg reported that Urban first developed his cyber skills in online gaming communities, where he learned SIM-swapping methods that required minimal technical knowledge. His ability to impersonate IT staff over the phone allowed him to manipulate telecommunications employees into transferring phone numbers.
Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems https://t.co/hwCbLpsZHL
— Bloomberg (@business) September 19, 2025
During the pandemic, Urban expanded his network, employing multiple callers paid according to the difficulty of their exploits. He reportedly spent his earnings on luxury items such as a diamond Rolex and rare digital assets, while convincing family members that his wealth came from cryptocurrency trading.
The group’s operations grew from SIM-swapping into sophisticated corporate infiltration. By August 2022, members created fraudulent Okta login portals to deceive Twilio staff, granting them access to data from over 200 companies. This earned them the nickname “0ktapus” and reinforced their reputation for large-scale corporate hacking. They later targeted entertainment giants Universal Music Group and Warner Music Group, stealing unreleased tracks and leaking them online through accounts that quickly amassed thousands of followers.
Good news: Crypto never sleeps
Bad news: Crypto never sleeps— Crypto.com (@cryptocom) September 20, 2025
Targeting Crypto.com
The same social engineering techniques were used against Crypto.com. Hackers obtained employee credentials and used them to compromise the exchange’s systems, gaining access to personal information from what the company later described as a very limited number of users. While the firm insisted that no customer funds were stolen, the breach went unreported until Bloomberg contacted the exchange for its investigation.
Blockchain investigator ZachXBT criticized the company for failing to disclose the incident, highlighting concerns over transparency in the crypto sector.
Broader Criminal Operations
The attack on Crypto.com formed part of Scattered Spider’s broader shift from individual fraud schemes to infiltrating major companies. Beyond the exchange, the hackers exploited logistics giant United Parcel Service to gather personal information for new targets, while simultaneously profiting from stolen music assets. Proceeds from these ventures were reportedly converted into cryptocurrency and spent on high-end goods and gambling.
Business Expansion Amid Security Concerns
The revelation of the breach comes at a critical moment for Crypto.com. The exchange generated 1.5 billion dollars in revenue last year, recording one billion dollars in gross profit, making it one of the most profitable players in the digital asset industry. Despite the undisclosed incident, CEO Kris Marszalek recently projected a strong performance for the fourth quarter and indicated that the firm is considering an initial public offering.
Crypto.com has also been expanding aggressively through strategic partnerships. In August, the company announced a 6.42 billion dollar digital asset treasury deal with Trump Media, creating a publicly traded vehicle holding 6.3 billion Cronos tokens. The firm is also working on new products including prediction markets for sports and political events under CFTC oversight.
A Hidden Breach with Lasting Implications
The unreported data compromise raises questions about how exchanges handle disclosures of sensitive security incidents. While Crypto.com maintained that financial assets were never at risk, the concealment of compromised personal data could affect trust among customers and investors as the company pursues its expansion and potential IPO.