Overview

• Crypto.com says a 2023 phishing intrusion exposed limited PII for a very small number of individuals, was contained within hours, and did not put customer funds at risk.
• CEO Kris Marszalek stated the exchange filed a Notice of Data Security Incident in the NMLS and made additional filings with relevant U.S. regulators.
• Decrypt reports investigators traced the incident to Scattered Spider operative Noah Urban, who used social-engineering tactics to obtain employee credentials.
• Urban pleaded guilty in April to wire fraud and aggravated identity theft and was sentenced last month to 10 years in prison, with authorities seizing millions in crypto.
• Critics including on-chain investigator ZachXBT accuse the exchange of inadequate transparency, renewing debate over disclosure norms and KYC data risks at centralized platforms.