We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of cybersecurity researchers, writers, and editors continues to help readers maintain their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and detailed examination by the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of cybersecurity researchers, writers, and editors continues to help readers maintain their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and detailed examination by the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Report Claims Cyberattack Leaked Crypto.com User Data

Report Claims Cyberattack Leaked Crypto.com User Data
Author Image Andrea Miliani
Andrea Miliani Published on September 25, 2025 Cybersecurity Researcher

A recent Bloomberg report suggests that the cryptocurrency exchange Crypto.com was attacked by the hacker group Scattered Spider in 2023, breaching users’ data, but the incident was not reported. The crypto platform’s CEO denied the accusations, calling the report "completely unfounded."

Last Friday, Bloomberg published a piece featuring the story of Noah Urban, a member of the hacker group Scattered Spider, who was recently sentenced to 10 years in prison. Urban said that the group carried out a phishing campaign against Crypto.com and that he gained access to its internal system through an employee in 2023.

The report also mentioned that Scattered Spider exploited a United Parcel Service Inc. system to gather users’ data. According to Bloomberg, the incident was not reported. A spokesperson from Crypto.com told Bloomberg that the attack affected a “very small number of individuals” and that the hackers were not able to access any funds.

The article sparked debate among social media users, especially after blockchain sleuth ZachXBT shared the report on X as a reply to a promotional post by Crypto.com. “Your team covered up a breach that impacted the personal information of your users,” wrote ZachXBT on Sunday.

On Monday, Crypto.com’s CEO Kris Marszalek posted a response calling the accusations "completely unfounded” and raising concerns about misinformation.

“Any suggestion that we did not report or disclose a security incident is completely unfounded - as we reported in a NMLS Notice of Data Security incident filing and in additional reports with the relevant jurisdictional regulators, we detected a phishing campaign that targeted one of our employees in 2023,” wrote Marszalek. “The incident was contained within hours, no customer funds were accessed or ever at risk, and impacted an extremely limited number of our users' partial PII.”

After Marszalek’s message, the blockchain investigator ZachXBT argued that the information should be publicly available and easy to find, and that the leaked data was critical.

The case has fueled ongoing discussions and disagreements among users, putting the platform’s reputation and reliability at risk.

About the Author

Andrea is a seasoned tech journalist with a growing passion for cybersecurity, covering cyberattacks, AI breakthroughs, and the latest trends shaping the future of technology.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Special characters are not allowed in the Name field

Please enter a valid email address