Crypto.com Suffered an Unreported Data Breach from Scattered Spider Hackers, Bloomberg Reports

Crypto.com suffered a previously unreported data breach by the notorious Scattered Spider hacking group that exposed personal information of users, according to a Bloomberg investigation. The attack was carried out by teenage hackers, including Noah Urban, an 18-year-old from Florida who became a key figure in one of the world’s most dangerous cybercriminal organizations responsible for high-profile attacks on MGM Resorts and other major corporations. ZachXBT, a prominent blockchain investigator, publicly called out Crypto.com for covering up the breach after Bloomberg’s report revealed the incident. Source: TG/Investigations by ZachXBT The exchange confirmed the attack affected “ a very small number of individuals ” but maintained that no customer funds were accessed. However, the company never publicly disclosed the breach to users whose personal information was compromised. The revelation comes as Crypto.com CEO Kris Marszalek predicts a strong fourth-quarter performance and explores potential IPO options while expanding partnerships with Trump Media & Technology Group. The exchange generated $1.5 billion in revenue last year with $1 billion in gross profit, positioning itself as one of the most profitable crypto platforms despite the undisclosed security incident. When Minecraft Players Became Million-Dollar Cybercriminals According to the Bloomberg report , Noah Urban’s criminal journey began innocuously through Minecraft gaming communities at age 15, where he learned about SIM-swapping techniques that didn’t require coding skills. His natural talent for social engineering, combined with a deep voice that belied his teenage years, made him exceptionally effective at deceiving telecommunications employees into transferring phone numbers. The scheme involved calling company representatives while pretending to be IT security personnel, using scripts like “Hey, my name is Kevin, and I’m calling from the T-Mobile internal security management.” Urban earned $50 per successful call initially, clearing $3,000 in his first week while other group members listened on Discord during gaming sessions. Urban’s operation expanded rapidly during the COVID-19 school closures, employing his own network of callers whom he paid between $60 and $4,000, depending on the security levels breached. He purchased luxury items, including a $35,000 diamond-encrusted Rolex and $80,000 Minecraft username, while maintaining the facade of cryptocurrency trading success to his family. Source: Bloomberg The Scattered Spider group evolved from simple SIM-swapping to sophisticated corporate infiltration. In August 2022, Urban and accomplices created fake Okta login pages to target Twilio employees, ultimately accessing customer data from 209 companies. The breach earned them the nickname “0ktapus” and made them feel “like gods,” according to Urban’s jail interviews. Following the Twilio success, the group targeted Universal Music Group and Warner Music Group to steal unreleased tracks, with Urban operating a Twitter account called “King Bob” that gained 11,000 followers overnight after posting leaked Playboi Carti music. The music theft operation expanded its criminal portfolio beyond financial fraud into intellectual property theft. How Teenage Hackers Cracked Crypto.com’s Defenses Noah Urban and his Scattered Spider accomplices targeted Crypto.com by exploiting employee credentials through their signature social engineering tactics. The group gained unauthorized access to the exchange’s systems, compromising personal information belonging to what the company described as “ a very small number of individuals .” The attack followed the hackers’ successful infiltration of Twilio, which provided them with customer verification codes and access credentials for 209 companies using the communications platform. Urban’s crew leveraged this data trove to identify and target Crypto.com employees, using their established methods of impersonating IT security personnel. Crypto.com confirmed the breach affected user personal information but maintained that no customer funds were accessed during the incident. The exchange never issued a public disclosure about the security compromise, only acknowledging the attack when contacted by Bloomberg for their investigative report on Scattered Spider’s activities. Bad news: Your team covered up a breach that impacted the personal information of your users pic.twitter.com/1xqmJyqm5i — ZachXBT (@zachxbt) September 21, 2025 The timing of the attack coincided with Scattered Spider’s expansion beyond simple SIM-swapping into sophisticated corporate infiltration. The group had evolved from stealing individual crypto wallets to targeting major exchanges and technology companies for larger-scale data theft and potential ransomware deployment. Beyond Crypto.com, the hackers exploited United Parcel Service systems to gather personal data for future victims while Urban continued his music theft operations targeting Universal Music Group and Warner Music Group. These parallel criminal enterprises generated millions in cryptocurrency proceeds that Urban spent on luxury items and high-stakes gambling. The Secret Crypto Exchange Hack That Never Made Headlines The undisclosed Crypto.com breach occurred as the exchange pursued aggressive expansion and high-profile partnerships. Last month, the company announced a $6.42 billion digital asset treasury partnership with Trump Media , creating the largest publicly traded CRO-focused vehicle with 6.3 billion Cronos tokens representing 19% of total market capitalization. CEO Marszalek confirmed that multiple investment banks have approached the company regarding potential IPO opportunities, although the company maintains a private status for operational flexibility. The exchange plans to expand into prediction markets, targeting sports betting and political events, through CFTC-regulated infrastructure, while building partnerships that support the Trump administration’s crypto initiatives. At the time of publication, Crypto.com had not responded to Cryptonews’ request for comment. The post Crypto.com Suffered an Unreported Data Breach from Scattered Spider Hackers, Bloomberg Reports appeared first on Cryptonews .