Meet the Top 101 in Crypto
Security
3 min read

Who Is Scattered Spider? Crypto.com Breach and Major London Cyber Attacks the Result of Crime Network

Published 22 September 2025
James Morales
Authors
Key Takeaways
  • Scattered Spider is an international cybercriminal group first observed in 2022.
  • Members of the operation were recently charged for a 2024 attack on Transport for London.
  • Other victims include Crypto.com and the casino operators MGM and Caesars.

Recent arrests in the U.K. mark the latest chapter in an international law enforcement operation to take down Scattered Spider.

The threat group, operational since 2022, was behind major cyber intrusions in recent years, targeting the likes of Cypto.com and Transport for London (TfL).

New Trending Crypto Wallet Offers
Sponsored
Disclosure
Opened in 2018
Promotions
Trusted, Secure & Crypto Friendly
Coins
Bitcoin Ethereum Tether Wrapped BNB USD Coin +87
Opened in 2017
Promotions
Receive Up to $10 in BTC when you buy and activate a Tangem Wallet.
Coins
Bitcoin Ethereum Tether Wrapped BNB Solana +68
Show More

Teenagers Behind Multimillion Dollar Hacks

One of the most notable things about Scattered Spider is the young age of many of its members.

At the time of their arrest in the U.K. last month, Thalha Jubair and Owen Flowers were 18 and 19. Yet, the National Crime Agency has charged them with involvement in an attack on TfL that “caused significant disruption and millions in losses.”

In a complaint filed on Thursday, Sept. 18, the U.S. Department of Justice tied Jubair to at least 120 ransomware incidents involving 47 U.S. entities.

Other members of the international cybercrime group were equally young when they took part in major intrusions.

For instance, Noah Urban, who worked as a “caller” for Scattered Spider, talking his way into secure systems over the telephone, was just 19 when the group targeted Crypto.com, Bloomberg reported on Friday.

Scattered Spider Behind Crypto.com Hack

With the law enforcement noose closing around Scattered Spider members, new details of their exploits are surfacing.

The Crypto.com data breach wasn’t publicly reported until recently. But on Monday, CEO Kris Marszalek denied covering the incident up.

“Any suggestion that we did not report or disclose a security incident is completely unfounded,” he stated.

Multimillion Dollar Ransom Payments

Between May 2022 September 2025, Scattered Spider extorted at least $115 from American firms the DoJ complaint against Jubair alleges.

According to Push Security, victims of the hacker collective and associated groups include MoneyGram, Reddit, Coinbase, MailChimp, HubSpot, Cloudflare, and Activision.

Some of the most high-profile incidents include data breaches at the casino operators MGM and Caesars, the latter of which paid a $15 million ransom to prevent Scattered Spider from releasing stolen login credentials.

Scattered Spider relied heavily on third-party ransomware, often sourced from specialized Russian vendors. The group has been observed using ransomware strains such as RansomHub, Qilin, and DragonForce.

These strains are typically distributed through a “ransomware-as-a-service” model, whereby malware developers receive a rental fee or cut of any ransom.

James Morales

James Morales is CCN’s blockchain and crypto policy reporter. He has been working in the news media since 2020, writing about topics such as payments, banking and financial technology. These days, he likes to explore the latest blockchain innovations and the evolving landscape of global crypto regulation.

With an educational background in social anthropology and media studies, James uses his platform as a journalist to explore how new technologies work, why they matter and how they might shape our future.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status