Audit log

Every state-changing event for Crypto.com: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-18 23:07:55Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,649,395

   sig

   4gK33jTJoJfN…GpCrA5bfcopyexplorer ↗

   hash

   J7fviDPmUR7L…NDH4pb8Mcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (7336 B) ▸

   {"actor":"system:backfill","investigation_id":"4353b260-3c61-49c0-b2b6-baf8e07bd172","kind":"publish","page_slug":"cryptocom","published_at":"2026-05-18T23:07:54.905Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Crypto.com","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Crypto.com is a Singapore-headquartered centralized cryptocurrency exchange founded in 2016 (originally as Monaco) by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo. The platform has been subject to multiple serious security incidents, including a confirmed January 2022 hack in which $34 million was stolen via a 2FA bypass and laundered through Tornado Cash, and an alleged 2023 data breach linked to the Scattered Spider hacking group that the company did not publicly disclose to affected users. Blockchain investigator ZachXBT has publicly accused Crypto.com of governance manipulation and tokenomics fraud, citing the March 2025 reissuance of 70 billion CRO tokens that had been permanently burned in 2021, and the company's controversial 2020 forced swap from its original MCO token to CRO at unfavorable rates.","timeline":[{"date":"2016-01-01","event":"Crypto.com (then called Monaco) founded in Hong Kong by Kris Marszalek, Bobby Bao, Gary Or, and Rafael Melo.","source":"","source_url":"https://en.wikipedia.org/wiki/Crypto.com"},{"date":"2016-01-01","event":"CEO Kris Marszalek's prior company Ensogo abruptly ceases operations, leaving merchants and staff with unpaid debts.","source":"","source_url":"https://99bitcoins.com/news/who-is-kris-marszalek-cro-holders-hit-in-major-scam-is-crypto-com-insolvent/"},{"date":"2018-07-01","event":"Monaco rebrands to Crypto.com after acquiring the domain from Matt Blaze.","source":"","source_url":"https://en.wikipedia.org/wiki/Crypto.com"},{"date":"2020-08-03","event":"Crypto.com announces discontinuation of MCO token and forced MCO-to-CRO swap at 1:27.64 ratio, triggering widespread community backlash.","source":"","source_url":"https://www.cryptovantage.com/news/opinion-the-crypto-com-mco-swap-has-outraged-investors/"},{"date":"2021-02-01","event":"Crypto.com burns 70 billion CRO tokens in what it calls 'the largest token burn in history,' reducing total supply from 100 billion to 30 billion. Blog post later deleted.","source":"","source_url":"https://beincrypto.com/crypto-com-cro-token-reissuance-trump-partnership/"},{"date":"2022-01-17","event":"Crypto.com exchange hacked via 2FA bypass. 483 accounts compromised; 4,836.26 ETH, 443.93 BTC, and $66,200 in other assets stolen — approximately $34 million total.","source":"","source_url":"https://www.bleepingcomputer.com/news/security/cryptocom-confirms-483-accounts-hacked-34-million-withdrawn/"},{"date":"2022-01-18","event":"PeckShield reports at least 4,600 ETH from the hack being laundered through Tornado Cash in 100 ETH batches.","source":"","source_url":"https://fortune.com/2022/01/18/crypto-com-alleged-hacking-15-million-ether-may-be-gone/"},{"date":"2022-01-20","event":"Crypto.com publicly confirms hack details, launches WAPP (Worldwide Account Protection Program) with up to $250,000 reimbursement for qualifying users.","source":"","source_url":"https://www.itpro.com/technology/cryptocurrencies/362037/cryptocom-confirms-34-million-hack-caused-by-2fa-bypass-exploit"},{"date":"2022-08-08","event":"U.S. Treasury OFAC sanctions Tornado Cash, citing its use to launder stolen crypto — including proceeds from the Crypto.com hack.","source":"","source_url":"https://techcrunch.com/2022/08/08/treasury-tornado-cash-laundering-stolen-crypto/"},{"date":"2022-10-06","event":"Crypto.com lays off approximately 2,000 employees (30% of workforce) amid crypto market downturn.","source":"","source_url":"https://www.sunsethq.com/layoff-tracker/crypto-com"},{"date":"2022-12-01","event":"Crypto.com publishes Mazars proof-of-reserves report. Mazars later distances itself from the report citing incomplete accounting of liabilities.","source":"","source_url":"https://cryptoslate.com/crypto-com-discloses-partial-reserves-in-bid-to-counter-insolvency-rumors/"},{"date":"2023-01-13","event":"Crypto.com lays off approximately 20% of remaining workforce (around 490 employees) following the FTX collapse.","source":"","source_url":"https://www.cnbc.com/2023/01/13/cryptocom-lays-off-20percent-of-workforce-after-ftx-collapse.html"},{"date":"2023-01-01","event":"Alleged Scattered Spider social engineering breach of Crypto.com employee credentials. Personal data of a small number of users reportedly exposed. Not publicly disclosed to affected users.","source":"","source_url":"https://unchainedcrypto.com/scattered-spider-crypto-breach-exposed-users-personal-data-report/"},{"date":"2024-01-01","event":"Scattered Spider member Noah Urban arrested, charged in connection with breaches at 13 companies including alleged Crypto.com breach.","source":"","source_url":"https://finance.yahoo.com/news/crypto-com-suffered-unreported-data-113413260.html"},{"date":"2024-10-01","event":"Crypto.com files lawsuit against the SEC after receiving Wells notice indicating pending enforcement action.","source":"","source_url":"https://crypto.com/en/company-news/sec-closes-crypto-com-investigation-with-no-action"},{"date":"2024-12-01","event":"Crypto.com drops its lawsuit against the SEC.","source":"","source_url":"https://crypto.com/en/company-news/sec-closes-crypto-com-investigation-with-no-action"},{"date":"2025-03-02","event":"Crypto.com submits governance proposal on Cronos blockchain to reissue 70 billion previously burned CRO tokens. Community vote shows 77.97% against, but proposal passes due to Crypto.com-affiliated validators controlling ~70-80% of voting power.","source":"","source_url":"https://cryptonews.com/news/crypto-com-controversial-5b-token-mint-raises-insolvency-fears/"},{"date":"2025-03-25","event":"ZachXBT publicly accuses Crypto.com of CRO supply manipulation, calling the token reissuance 'no different from a scam' and conduct 'borderline fraud.'","source":"","source_url":"https://beincrypto.com/crypto-com-cro-token-reissuance-trump-partnership/"},{"date":"2025-03-27","event":"SEC formally closes its investigation into Crypto.com with no enforcement action filed.","source":"","source_url":"https://crypto.com/en/company-news/sec-closes-crypto-com-investigation-with-no-action"},{"date":"2025-09-01","event":"Bloomberg publishes investigation revealing Crypto.com's 2023 Scattered Spider data breach was not publicly disclosed to affected users.","source":"","source_url":"https://finance.yahoo.com/news/crypto-com-suffered-unreported-data-113413260.html"},{"date":"2026-03-19","event":"Crypto.com announces 12% workforce reduction citing enterprise AI integration pivot.","source":"","source_url":"https://www.cnbc.com/2026/03/19/crypto-com-layoffs-12percent-ai-job-loss.html"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision f628935c-5a60-4f3d-80f5-8058a86f6a4bcopy
2. #2reviewby reviewerreviewer

   2026-06-13 20:29:36Z
   Score: 28 → 28 (no score change)
   The page's summary and timeline contain broadly accurate information about Crypto.com's founding, the 2022 hack, the MCO-CRO swap controversy, and the 2025 CRO reissuance, all of which are well-documented. However, several claims are imprecise or overstated: the OFAC Tornado Cash sanctions claim is disputed because the official Treasury announcement does not cite the Crypto.com hack; the governance vote percentage (77.97% against) reflects early voting rather than the final official result; the Mazars PoR characterization is inaccurate as to the reason Mazars withdrew; and one cited source (sunsethq.com) is link-rotted. The most significant structural problem is that all eight page sections are empty, leaving the investigation as an unaugmented timeline with no thematic analysis.
   anchoranchored

   chain

   ●mainnet-betaslot 426,271,607

   sig

   48c3bGvn2SSf…n8ZJaYAkcopyexplorer ↗

   hash

   3jibW3KTyVPB…NwM12GVmcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1135 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-13T20:29:36.824Z","decision":"review","investigation_id":"4353b260-3c61-49c0-b2b6-baf8e07bd172","new_score":28,"page_slug":"cryptocom","prev_score":28,"reason":"The page's summary and timeline contain broadly accurate information about Crypto.com's founding, the 2022 hack, the MCO-CRO swap controversy, and the 2025 CRO reissuance, all of which are well-documented. However, several claims are imprecise or overstated: the OFAC Tornado Cash sanctions claim is disputed because the official Treasury announcement does not cite the Crypto.com hack; the governance vote percentage (77.97% against) reflects early voting rather than the final official result; the Mazars PoR characterization is inaccurate as to the reason Mazars withdrew; and one cited source (sunsethq.com) is link-rotted. The most significant structural problem is that all eight page sections are empty, leaving the investigation as an unaugmented timeline with no thematic analysis.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision ab228928-10b3-4010-b841-9c09dd89ff25copy
3. #3review reviseby judgejudge

   2026-06-13 20:29:36Z
   Score: 28 → 16 (-12)
   The review found 13.6% of claims disputed or unverifiable across 22 checked items, placing this page in the minor-issues band. The most significant factual error is claim_findings[8]: the page states that OFAC's August 2022 Tornado Cash sanctions specifically cited the Crypto.com hack, but both the official Treasury press release and the cited TechCrunch article name only the Lazarus Group, Harmony Bridge, and Nomad incidents — Crypto.com is not mentioned. Additionally, claim_findings[16] presents an early-voting snapshot (77.97% against) as the final governance result, which misrepresents the official tally (62.1% in favor after large validators voted). One cited source (sunsethq.com, claim_findings[9]) is link-rotted. Beyond disputed claims, three high-priority coverage gaps are identified: all eight thematic page sections are entirely empty, regulatory history outside the SEC investigation is absent, and no on-chain analysis of the CRO reissuance or 2022 hack proceeds is present. These gaps do not constitute disproof of existing claims but materially limit the page's investigative value and require expansion before the page can be considered complete.
   anchoranchored

   chain

   ●mainnet-betaslot 426,271,610

   sig

   3HJdLwusJ13S…GvNB83KKcopyexplorer ↗

   hash

   5G79ar91f8qS…mX8QAHqjcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1523 B) ▸

   {"actor":"judge","decided_at":"2026-06-13T20:29:36.824Z","decision":"review_revise","investigation_id":"4353b260-3c61-49c0-b2b6-baf8e07bd172","new_score":16,"page_slug":"cryptocom","prev_score":28,"reason":"The review found 13.6% of claims disputed or unverifiable across 22 checked items, placing this page in the minor-issues band. The most significant factual error is claim_findings[8]: the page states that OFAC's August 2022 Tornado Cash sanctions specifically cited the Crypto.com hack, but both the official Treasury press release and the cited TechCrunch article name only the Lazarus Group, Harmony Bridge, and Nomad incidents — Crypto.com is not mentioned. Additionally, claim_findings[16] presents an early-voting snapshot (77.97% against) as the final governance result, which misrepresents the official tally (62.1% in favor after large validators voted). One cited source (sunsethq.com, claim_findings[9]) is link-rotted. Beyond disputed claims, three high-priority coverage gaps are identified: all eight thematic page sections are entirely empty, regulatory history outside the SEC investigation is absent, and no on-chain analysis of the CRO reissuance or 2022 hack proceeds is present. These gaps do not constitute disproof of existing claims but materially limit the page's investigative value and require expansion before the page can be considered complete.","score_delta":-12,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 5d2b7916-66f3-45f6-a4e0-95cf91c48288copy
4. #4reviewby reviewerreviewer

   2026-06-14 23:15:44Z
   Score: 16 → 16 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Crypto.com is a large, legitimate, regulated exchange — not a fraudulent entity. The primary loss events driving the 28/WARNING score are a 2022 hack and a 2023 social-engineering breach, both of which were suffered by Crypto.com at the hands of third parties, and in both cases no user funds were permanently lost (users were fully reimbursed after the 2022 hack; no funds were accessed in the Scattered Spider incident). The SEC investigation that hung over the company was closed with no enforcement action in March 2025, placing Crypto.com in the same regulatory-cleared category as Coinbase, Gemini, and Robinhood. The company has since obtained the full CFTC derivatives license stack and an OCC conditional bank charter — the strongest U.S. regulatory footprint in crypto. The genuine concern is the March 2025 CRO governance incident, where management effectively overrode a 77.97% community opposition to re-mint 70 billion previously burned tokens by wielding 70-80% of validator voting power. This is a material governance controversy warranting a CAUTIONARY designation — it reflects a meaningful failure of decentralization promises and drew credible public criticism from blockchain investigator ZachXBT — but it does not constitute fraud, a Ponzi, or an exit scam under any standard definition. The CEO background note about Ensogo is a real red flag but relates to a prior company's operational failure, not Crypto.com itself. A score of 58 (CAUTIONARY) appropriately acknowledges these governance concerns and the CEO's mixed history while reflecting that this is an actively regulated, operationally sound, 150M-user exchange that makes customers whole after incidents.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,218

   sig

   3VaifJ7Mvofv…k9rvCv7Pcopyexplorer ↗

   hash

   BxvVqiVsEd1t…UBFdizQ3copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (2174 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:15:44.133Z","decision":"review","investigation_id":"4353b260-3c61-49c0-b2b6-baf8e07bd172","new_score":16,"page_slug":"cryptocom","prev_score":16,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Crypto.com is a large, legitimate, regulated exchange — not a fraudulent entity. The primary loss events driving the 28/WARNING score are a 2022 hack and a 2023 social-engineering breach, both of which were suffered by Crypto.com at the hands of third parties, and in both cases no user funds were permanently lost (users were fully reimbursed after the 2022 hack; no funds were accessed in the Scattered Spider incident). The SEC investigation that hung over the company was closed with no enforcement action in March 2025, placing Crypto.com in the same regulatory-cleared category as Coinbase, Gemini, and Robinhood. The company has since obtained the full CFTC derivatives license stack and an OCC conditional bank charter — the strongest U.S. regulatory footprint in crypto. The genuine concern is the March 2025 CRO governance incident, where management effectively overrode a 77.97% community opposition to re-mint 70 billion previously burned tokens by wielding 70-80% of validator voting power. This is a material governance controversy warranting a CAUTIONARY designation — it reflects a meaningful failure of decentralization promises and drew credible public criticism from blockchain investigator ZachXBT — but it does not constitute fraud, a Ponzi, or an exit scam under any standard definition. The CEO background note about Ensogo is a real red flag but relates to a prior company's operational failure, not Crypto.com itself. A score of 58 (CAUTIONARY) appropriately acknowledges these governance concerns and the CEO's mixed history while reflecting that this is an actively regulated, operationally sound, 150M-user exchange that makes customers whole after incidents.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 080574c0-1e0f-439f-a6ab-221fa4404bc9copy
5. #5review approveby judgejudge

   2026-06-14 23:15:44Z
   Score: 16 → 58 (+42)
   This is a severity-calibration review: the page content is accurate (0% disputed claims, all six claim_findings confirmed as supported), but the trust score band is demonstrably too harsh. The current score of 16-28/WARNING treats Crypto.com as a near-fraudulent entity. The review establishes that the two primary loss events — the January 2022 hack (claim_findings[0]) and the 2023 Scattered Spider breach (claim_findings[4]) — were suffered by Crypto.com at the hands of third parties, not perpetrated by it, and in both cases no user funds were permanently lost. The SEC investigation (claim_findings[1]) was closed with no enforcement action in March 2025. These three factors collectively account for most of the WARNING-band weight and are miscategorized severity anchors. The remaining genuine concerns are real: the March 2025 CRO token reissuance against 77.97% community opposition via concentrated validator power (claim_findings[3]) is a material governance failure warranting CAUTIONARY designation, and the CEO Ensogo history is a legitimate red flag. A delta of +30 moves the score meaningfully toward the reviewer's recommended 58/CAUTIONARY without fully adopting the top of that band, preserving a residual penalty for the governance failure and non-disclosure of the Scattered Spider breach (claim_findings[4]). The page remains published with no status change; content accuracy is not in question.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,222

   sig

   4jTEF8MBdN9P…zCVrawsfcopyexplorer ↗

   hash

   3f6MbCav7FW3…VSjZNpv3copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1769 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:15:44.133Z","decision":"review_approve","investigation_id":"4353b260-3c61-49c0-b2b6-baf8e07bd172","new_score":58,"page_slug":"cryptocom","prev_score":16,"reason":"This is a severity-calibration review: the page content is accurate (0% disputed claims, all six claim_findings confirmed as supported), but the trust score band is demonstrably too harsh. The current score of 16-28/WARNING treats Crypto.com as a near-fraudulent entity. The review establishes that the two primary loss events — the January 2022 hack (claim_findings[0]) and the 2023 Scattered Spider breach (claim_findings[4]) — were suffered by Crypto.com at the hands of third parties, not perpetrated by it, and in both cases no user funds were permanently lost. The SEC investigation (claim_findings[1]) was closed with no enforcement action in March 2025. These three factors collectively account for most of the WARNING-band weight and are miscategorized severity anchors. The remaining genuine concerns are real: the March 2025 CRO token reissuance against 77.97% community opposition via concentrated validator power (claim_findings[3]) is a material governance failure warranting CAUTIONARY designation, and the CEO Ensogo history is a legitimate red flag. A delta of +30 moves the score meaningfully toward the reviewer's recommended 58/CAUTIONARY without fully adopting the top of that band, preserving a residual penalty for the governance failure and non-disclosure of the Scattered Spider breach (claim_findings[4]). The page remains published with no status change; content accuracy is not in question.","score_delta":42,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 257bfae6-3044-4824-82c9-bf16f5ec373dcopy