Crypto.com
Summary
Crypto.com is a Singapore-headquartered centralized cryptocurrency exchange founded in 2016 (originally as Monaco) by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo. The platform has been subject to multiple serious security incidents, including a confirmed January 2022 hack in which $34 million was stolen via a 2FA bypass and laundered through Tornado Cash, and an alleged 2023 data breach linked to the Scattered Spider hacking group that the company did not publicly disclose to affected users. Blockchain investigator ZachXBT has publicly accused Crypto.com of governance manipulation and tokenomics fraud, citing the March 2025 reissuance of 70 billion CRO tokens that had been permanently burned in 2021, and the company's controversial 2020 forced swap from its original MCO token to CRO at unfavorable rates.
Connected Entities
1 entities- + 10 more
Timeline(21 events)
2016-01-01
Crypto.com (then called Monaco) founded in Hong Kong by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo.
2016-01-01
CEO Kris Marszalek's prior company Ensogo abruptly ceases operations, leaving merchants and staff with unpaid debts.
2020-08-03
Crypto.com announces discontinuation of MCO token and forced MCO-to-CRO swap at 1:27.64 ratio, triggering widespread community backlash.
2021-02-01
Crypto.com burns 70 billion CRO tokens in what it calls 'the largest token burn in history,' reducing total supply from 100 billion to 30 billion. Blog post later deleted.
2022-01-17
Crypto.com exchange hacked via 2FA bypass. 483 accounts compromised; 4,836.26 ETH, 443.93 BTC, and $66,200 in other assets stolen — approximately $34 million total.
2022-01-18
PeckShield reports at least 4,600 ETH from the hack being laundered through Tornado Cash in 100 ETH batches.
2022-01-20
Crypto.com publicly confirms hack details, launches WAPP (Worldwide Account Protection Program) with up to $250,000 reimbursement for qualifying users.
2022-08-08
U.S. Treasury OFAC sanctions Tornado Cash, citing its use to launder stolen crypto — including proceeds from the Crypto.com hack.
2022-10-06
Crypto.com lays off approximately 2,000 employees (30% of workforce) amid crypto market downturn.
2022-12-01
Crypto.com publishes Mazars proof-of-reserves report. Mazars later distances itself from the report citing incomplete accounting of liabilities.
2023-01-13
Crypto.com lays off approximately 20% of remaining workforce (around 490 employees) following the FTX collapse.
2023-01-01
Alleged Scattered Spider social engineering breach of Crypto.com employee credentials. Personal data of a small number of users reportedly exposed. Not publicly disclosed to affected users.
2024-01-01
Scattered Spider member Noah Urban arrested, charged in connection with breaches at 13 companies including alleged Crypto.com breach.
2024-10-01
Crypto.com files lawsuit against the SEC after receiving Wells notice indicating pending enforcement action.
2025-03-02
Crypto.com submits governance proposal on Cronos blockchain to reissue 70 billion previously burned CRO tokens. Community vote shows 77.97% against, but proposal passes due to Crypto.com-affiliated validators controlling ~70-80% of voting power.
2025-03-25
ZachXBT publicly accuses Crypto.com of CRO supply manipulation, calling the token reissuance 'no different from a scam' and conduct 'borderline fraud.'
Decision Log
- hash: 3f6MbCav7FW3C2tudJrTSSz9hzDXXaiYaj7pVSjZNpv3
- hash: BxvVqiVsEd1tFzYWdYjvohHrWbfxR98zxBvaUBFdizQ3
- hash: 5G79ar91f8qSS4Yd9ey4hGRX7j7q94Sdz6y8mX8QAHqj
- hash: 3jibW3KTyVPBzcxzCVXSCadtScWuQNeCTL5HNwM12GVm
- hash: J7fviDPmUR7L3R3ENdg9yXLjQd8Ws8XbXvF2NDH4pb8M
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet
generated: 5/4/2026, 2:54:11 AM
last updated: 6/14/2026, 11:15:44 PM
avoid.net — verified advice for a post-truth world