Cover-Up Claims or Compliance? Crypto.com Scrutinized Over 2023 Breach

Crypto.com has denied allegations of concealing a 2023 user data breach, asserting that it disclosed the incident to regulators and refuting claims of a cover-up. The controversy emerged after blockchain investigator ZachXBT accused the exchange of failing to transparently address the breach, which involved unauthorized access to an employee account via a compromised UPS systemtitle1^[1]. According to reports, the breach exposed the personally identifiable information (PII) of a "very small number of individuals," though the company emphasized no customer funds were compromisedtitle5^[5]. Noah Urban, a member of the Scattered Spider hacking group, confirmed the breach occurred but noted the vulnerability had been patched by UPS in 2023title1^[1].

The exchange faced scrutiny for its delayed public disclosure and lack of detailed communication. Critics, including ZachXBT, highlighted the incident as part of a broader pattern of governance concerns, referencing prior controversies such as the reissuance of 70 billion CRO tokens burned in 2021title3^[3]. The allegations intensified after Crypto.com announced a partnership with Trump MediaDJT-- & Technology Group, raising questions about whether strategic business moves overshadowed transparency effortstitle3^[3]. Community reactions ranged from skepticism to demands for accountability, with some users labeling the situation "super shady" and calling for legal action against those responsibletitle1^[1].

In response, Crypto.com’s CEO, Kris Marszalek, defended the platform’s actions, stating that the breach was reported to U.S. regulators via the Nationwide Multistate Licensing System and other jurisdictional authoritiestitle5^[5]. A spokesperson reiterated that the incident was contained within hours and that the company had since updated its security protocols, including addressing the UPS vulnerabilitytitle5^[5]. Despite these assurances, critics argue that the lack of public disclosure and failure to notify affected users eroded trust, particularly in a sector where transparency is paramounttitle4^[4].

The regulatory landscape further complicated the situation. The U.S. Securities and Exchange Commission (SEC) concluded its months-long investigation into Crypto.com on March 27, 2025, without pursuing enforcement action. This decision followed the exchange’s lawsuit against the SEC in October 2024, which accused the agency of overreach under former Chair Gary Gensler. Acting SEC Chair Mark Uyeda’s administration has since adopted a more accommodating stance toward crypto firms, dismissing several high-profile cases against industry players. Marszalek described the prior administration’s approach as a "war on crypto," alleging systemic efforts to restrict the sector’s access to banking and investment services.

The resolution of the SEC probe, coupled with Crypto.com’s ongoing regulatory compliance—over 100 global approvals including CFTC and FinCEN registrations—positions the exchange to focus on expansion. Recent partnerships, such as the collaboration with Trump Media to launch U.S.-centric ETFs, underscore its strategic ambitions. However, the breach allegations and regulatory scrutiny highlight the challenges facing crypto platforms in balancing innovation with accountability. Analysts note that user trust remains fragile, with calls for stricter governance and proactive disclosure practices to align with the industry’s decentralized ethostitle2^[2].