Based on reports, the firm says it notified US regulators and relevant jurisdictional authorities about the matter in 2023. The company called any suggestion of a cover-up misinformation.
I want to directly and clearly address some misinformation spreading from uninformed sources… Any suggestion that we did not report or disclose a security incident is completely unfounded – as we reported in a NMLS Notice of Data Security incident filing and in additional…
Multiple outlets repeated Bloomberg’s account, while some pieces added details about the group’s past campaigns against major companies. Crypto.com confirmed a limited breach but disputed claims that the company intentionally withheld the event from regulators.
On-chain investigator ZachXBT publicly criticized Crypto.com after the reporting, arguing the exchange should have made the incident public and notified affected users directly.
Other security watchers said the crypto industry needs clearer standards about when exchanges must disclose breaches to the public versus regulators. Reports have disclosed conflicting timelines about when regulators were told and when any affected customers were informed, leaving several questions unsettled.
The number of users affected remains unknown, and the exact data fields involved — passport scans, phone numbers, or email addresses — have not been detailed in public documents.
Crypto.com maintains that no funds were taken. No independent forensic reports or full third-party audits confirming the scope have been made public.
That lack of clarity has prompted calls from the community for greater transparency and formal confirmation from outside experts.
Featured image from Woden Valley Plumbing, chart from TradingView
