Kris Marszalek, the CEO of the Singapore-based cryptocurrency exchange Crypto.com, has stepped forward to tackle misleading rumors circulating about a past security breach. He stated that the claims suggesting that the company failed to report or disclose a security incident are entirely baseless.
Recently, crypto investigator ZachXBT stated that Bloomberg reported a breach that impacted Crypto.com in 2023. He said that the breach had compromised users’ personal information. However, the exchange did not inform its users about it.
However, Marszalek refused the claims. He revealed in his X post that in the year 2023, the exchange had detected a phishing campaign targeting one of its employees. He further added that the incident was reported through the NMLS Notice of Data Security incident filing, and additional reports were filed with the relevant jurisdictional regulators.Â
He emphasized that the incident was contained within hours, and the exchange ensured that no customer funds were placed at risk and that only a minimal number of users’ partial personal information (PII) was impacted.
The recent incident follows a previous event where the exchange posted on X with the message: “Good news: Crypto never sleeps. Bad news: Crypto never sleeps.”
ZachXBT responded, stating that the bad news is that the exchange has covered up a breach that affected users’ personal information. He further claimed that the exchange has experienced several breaches in the past.Â
Scattered Spider Breach at Crypto.com Sparks Criticism
On September 19, 2025, Bloomberg reported that Noah Urban, a member of the hacking group Scattered Spider, admitted that his group used phishing to get into a Crypto.com employee’s account sometime before early 2023, which let them see the personal information of some users.Â
The report also mentioned that some crypto experts criticized Crypto.com, saying the company should have been more open with the public about it. This criticism came as people were already worried about user data leaks, especially after the major exchange Coinbase had its customer information stolen earlier this year. Roelof Botha, a top executive at Sequoia Capital, was also among the victims.Â
However, Marszalek highlighted that the exchange has strong systems that keep getting better, and they take great pride in putting security first. This is supported by having more industry certifications than anyone else.
Also Read: Crypto.com Adds Sei Network Custody for SEI Token Security
