According to a Bloomberg investigation, Crypto.com, one of the world’s largest cryptocurrency exchanges, reportedly suffered a security breach it never disclosed.
The report linked the incident to Scattered Spider, a hacking group that often targets companies with social engineering tactics. The group comprises mainly teenagers who specialize in tricking employees into handing over their credentials.
SponsoredCrypto.com Faces Backlash Over Alleged Cover-Up of Security Lapse
According to Bloomberg, the attackers posed as IT staff and persuaded unnamed Crypto.com employees to surrender login credentials. Once inside, they attempted to escalate their access by targeting senior staff accounts.
Crypto.com told Bloomberg that the attack affected only “a very small number of individuals” and emphasized that customer funds remained untouched.
The firm has yet to provide additional information about the incident as of press time.
Meanwhile, security experts argue that the exchange’s decision not to disclose the breach undermines confidence in its security practices.
They argue that its failure to share details about the incident leaves its users uncertain about the extent of the exposure and vulnerable to possible follow-up attacks.
This concern is significant because Coinbase previously suffered a similar breach that exposed its customers to more than $300 million yearly losses.
On-chain investigator ZachXBT accused Crypto.com of deliberately covering up the breach. He also stressed that this was not the first time the platform had been linked to undisclosed security lapses
SponsoredHis comments echo wider industry frustration about exchanges that quietly downplay breaches to protect their reputations.
Meanwhile, the incident has also reignited criticism of the industry’s reliance on Know Your Customer (KYC) systems.
Pseudonymous security researcher Pcaversaccio reacted sharply to the issues, arguing that KYC requirements create massive data honeypots for hackers.
“You can change a password easily, but _not_ your passport and they f#cking know it well. We’re basically the collateral in their surveillance racket,” the researcher stated.
This concern aligns with broader industry skepticism about regulatory frameworks.
Earlier this year, Coinbase CEO Brian Armstrong criticized the Bank Secrecy Act and existing anti-money laundering rules as outdated and ineffective.
He explained that companies are being forced to collect sensitive data against their will. According to him, the requirements do little to prevent crime despite the burden they place on firms and customers.
“We don’t want to collect it, and our customers hate it. We are being forced to collect it against our will. And it’s not even effective at stopping crime, if you look at the data behind it,” Armstrong said.
