Is Crypto.com Safe?

Crypto.com is well-known for its cash-back reward debit card and easy-to-use mobile app. But is it safe and secure? Let’s find out.

By
&
Tom Blackstone
Gabe TurnerChief Editor
Last Updated on Jul 11, 2022
By Tom Blackstone & Gabe Turner on Jul 11, 2022
The content on this page is provided for informational purposes only. Security.org does not offer financial or investment advice, nor does it advise or encourage anyone to buy, sell, or trade cryptocurrency. It is advised that you conduct your own investigation as to the accuracy of any information contained herein as such information is provided “as is” for informational purposes only. Further, Security.org shall not be liable for any informational error or for any action taken in reliance on information contained herein.

Crypto.com is a popular cryptocurrency exchange in the U.S. Its easy-to-use mobile app and cash-back debit card have made it a top choice for many crypto investors. But you may wonder if its safety and security are on par with its popularity.

We’ll go over Crypto.com’s security practices, and explain to what extent it’s safe and how it may be risky. We’ll also consider some strategies you can use to stay safe while using Crypto.com.

Let’s get into it!

Crypto.com Help
Crypto.com Help

Is Crypto.com Safe?

The short answer is that Crypto.com is one of the safer crypto exchanges around. It keeps 100 percent of customer funds in cold wallets, away from the prying hands of hackers. It also holds withdrawals to new addresses for 24 hours, allows for multifactor authentication, and provides 24/7 customer support in case you need to report unauthorized activity on your account.

Crypto.com implements all the standard practices of ultra-secure crypto exchanges, but no crypto exchange is completely free of risk — including Crypto.com. In the next few sections, we’ll go over Crypto.com’s security practices in detail, and we’ll discuss what risks you are still taking if you choose to use Crypto.com. In addition, we’ll discuss some ways you can stay safe while using Crypto.com.

FYI: Crypto.com is best for beginning crypto users and buy-and-hold investors. If you’re more of a day trader who uses technical analysis to find entry and exit points, you may want to consider Binance instead. Check out our full Binance review for more info.

Crypto.com Security Practices

Here is a list of Crypto.com’s security practices:

  • Cold wallet storage. Every bit of customers’ crypto is kept in cold wallets, disconnected from the internet. The company provides its own crypto to hot wallets so users can make withdrawals, and it reimburses itself from customers’ accounts when these withdrawals are made. That should make it impossible for the company to become insolvent from a hack, since it always has enough crypto stored offline to potentially reimburse users.
  • Secure software development lifecycle. To minimize the risk of security loopholes, Crypto.com uses static and dynamic analysis tools to evaluate its code before deployment. It also has a peer-review process it uses to catch errors.
  • Multifactor authentication. Crypto.com requires you to enter a passcode when you do just about anything on the app. It also requires a two-factor authentication (2FA) code from your phone and email whenever you withdraw. Crypto.com calls this “multifactor authentication.” It provides multiple layers that an attacker must bypass to successfully steal your funds.
  • Email warnings and withdrawal delays. If anyone tries to withdraw crypto to a new address using your account, then the app will delay the withdrawal for 24 hours and send you an email alert that a withdrawal is being made to a new address. That should give you time to contact customer service if the withdrawal was not authorized.
  • 24/7 customer support. If you suspect your account has been compromised, then you can contact customer service directly through the app. Staff is on hand 24 hours a day, seven days a week to investigate and block withdrawals if necessary.

Pro Tip: Depending on the state you live in, there may be crypto regulations you should be aware of. We’ve published this guide to state crypto laws to explain it all.

Crypto.com has great security practices, but no exchange has perfect security. In the next section, we’ll go over some of the risks of using Crypto.com.

Crypto.com Coin List
Crypto.com Coin List

Risks of Using Crypto.com

Crypto.com has top-notch security, but it isn’t perfect. Here are a few things to be aware of when using Crypto.com:

  • Crypto is not FDIC-insured. If Crypto.com goes bankrupt and can’t pay you the crypto it owes you, then there is no one to bail you out. Crypto is not insured by the FDIC or any other fund.
  • 2FA text messages can be intercepted. A common tactic of crypto thieves is to call your cell phone company and convince it to transfer service to the attacker’s phone. Once the service is transferred, the attacker gets your 2FA code sent to their phone through a text message. If they also have access to your email account, then they can access your account. With Crypto.com, the attacker will also need your PIN, so the app is more difficult — but still not impossible — to hack.
  • Emails are easy to miss. If an attacker accesses your account and tries to make a withdrawal, Crypto.com will alert you via email and delay the withdrawal for 24 hours. But this email can easily get lost in a spam folder or buried under other emails you receive that day.

Despite these risks, it’s actually pretty simple to protect your crypto while using the Crypto.com app. I’ll go over some tips for protecting your cryptocurrency when using the app, but first there is another Crypto.com safety issue to discuss: the notorious Crypto.com hack of January 2022.

Crypto.com Hack

In January 2022, Crypto.com staff admitted that it lost $30 million in a hack of the Because the exchange keeps all of its customers’ funds in cold wallets, however, none of Crypto.com’s 50 million users lost any crypto or cash.

The security team discovered that hackers had found a way to make withdrawals from compromised accounts without inputting 2FA codes, and 483 accounts were affected.

In response, the team suspended withdrawals and required all users to reset their 2FA. It then credited the lost crypto back to users’ accounts and absorbed the losses on its own balance sheet, preventing any users from losing funds. Just a few hours later, withdrawals were reinstated and users were once again allowed to transfer crypto to their own wallets.

Once the emergency was over, Crypto.com implemented several new security practices that were intended to prevent a hack like this from ever happening again. These included:

  • A 24-hour delay in withdrawals to new addresses.
  • Migration to a new 2FA system that is believed to be more secure.
  • Hiring a third-party security team to do a full audit of the platform.

We think Crypto.com did a great job responding to the hack. It understood that users were not at fault, and it properly reimbursed them once it recognized the problem. Still, users were reimbursed after this hack only because it was genuinely not their fault. If a user negligently allows their account to be hacked, they won’t be reimbursed.

In the next section, we’ll provide some tips that will help you make sure you’re taking the proper steps to protect your crypto. It will make it more likely that you’ll be reimbursed if your account gets hacked, but, more importantly, it will also make it less likely that you’ll lose your crypto in the first place.

Crypto.com Mobile Security
Crypto.com Mobile Security

How to Stay Safe While Using Crypto.com

Here are a few techniques you can use to make it much less likely that an attacker will be able to steal your crypto from Crypto.com.

  • For 2FA, use an authenticator app instead of SMS. Authenticator apps are more secure than text messaging because they do not depend on your phone service. An attacker may be able to transfer your phone service to himself. But if you use an authenticator app (like Google Authenticator), this particular attack vector is closed.
  • Use a strong PIN. One of Crypto.com’s best security features is its PIN requirement, which provides an extra layer of defense against attackers. But if your PIN is easy to guess, then it won’t be much help. Avoid using personal information (such as a phone number or Social Security number) as a PIN, and try to avoid repeating digits (e.g. 5555) or using sequential numbers (1234).
  • Use a strong email password. Your PIN can be reset by anyone who has access to your email, so make sure the password to your email account is strong. Consider using capital and lowercase letters, numbers, and special characters in your email password.
  • Set up an anti-phishing code. One common crypto scam is for an attacker to send an email that looks like it came from your exchange. When you click a link in the email, it takes you to a fake website login page. When you attempt to sign in, your login credentials are stored and then used by the attacker to get into your real account. To combat this type of attack, set up an anti-phishing code. Under the “Security” submenu of the “Settings” menu, click “Anti-Phishing Code.” Then click “Create Code.” Follow the instructions to set up your anti-phishing code. This code will now be included in any email from Crypto.com, which will help to distinguish fake emails from real ones.
  • Consider withdrawing your crypto from the app. Ultimately, you have to trust Crypto.com with any crypto you leave in the app. But if you withdraw it into your own wallet, then it’s no longer under Crypto.com’s control. If you aren’t actively trading your crypto, then consider transferring it into a private wallet.To do this, tap the “Transfer” button, and select “Withdraw” → “Crypto” → “External Wallet.” Click “+Add Wallet Address,” and follow the instructions to add your crypto address. If you don’t have a wallet yet, then check out our guide to choosing the right crypto wallet.

Following these steps should make theft of your crypto much less likely. For more detailed information on how to protect your crypto from theft, you may want to read How to Protect My Crypto.

Wrapping Up

Crypto.com is an excellent beginner-friendly crypto exchange. It makes buying crypto easy through a convenient mobile app. Most importantly, Crypto.com is a very secure exchange. Its app is mobile-only and requires a PIN for practically everything you do on it, and it delays withdrawals to new addresses for 24 hours. It also keeps 100 percent of customer funds offline, in a cold wallet.

All these policies combine to make Crypto.com an ultra-secure exchange.

Using any crypto exchange carries some risk, however, including Crypto.com. We’ve gone over these risks, and we’ve provided some tips for how to minimize them to keep your crypto secure.

FYI: Crypto.com is only one crypto exchange. There are others, such as Kraken and Robinhood, you may want to consider. Here is our review of Kraken and our Robinhood review.

Now, here are some answers to frequently asked questions about Crypto.com safety.

Crypto.com Safety FAQs

  • Is Crypto.com safe to store crypto?

    Yes and no. Crypto.com is a secure method to buy crypto and actively trade it, but an external hardware wallet is a more secure storage option if you plan to store large amounts of crypto for a long period of time.

  • Is Crypto.com safe for U.S. citizens?

    Yes. Crypto.com holds a money services business license with U.S. FinCEN, so it’s legal in the U.S. It also holds a money transmitter license in every U.S. state that requires it, except New York.

    It is also available legally in American Samoa, Northern Mariana Islands, Puerto Rico, and the U.S. Virgin Islands.

    If you live in New York, using Crypto.com is a violation of the app’s terms of service, making it riskier than other exchanges that are licensed in New York. New York residents may want to try Coinbase instead. Here is our analysis of Coinbase to learn more.

  • Where is Crypto.com based?

    Some people wonder what legal jurisdiction Crypto.com is located in.

    Crypto.com headquarters is listed on Craft.co as 1 Raffles Quay, 09 06, Singapore, but, like most crypto exchanges, it probably has a fully remote workforce, which means there is most likely no one in the office.

    Crypto.com is licensed to operate in the U.S. and 49 states as a money services business. In addition to its Singapore headquarters, it also has listed offices in Malta, Ireland, and the U.K. Its executives are publicly known and very involved in the crypto community.

  • How do I withdraw money from Crypto.com?

    Many readers ask how to withdraw cash from Crypto.com, because they worry their cash may be stuck in the app. To withdraw U.S. dollars from the Crypto.com app, first tap “Transfer” → “Withdraw” → “Fiat.” Then tap your USD balance and select “Withdraw USD.” Follow the instructions to add a U.S. bank account and complete the withdrawal.

  • Is Crypto.com safe to link my bank account to?

    Yes. Crypto.com uses Plaid to link your bank account to your exchange account. Your bank login info goes to Plaid, not Crypto.com, and Plaid is a trusted intermediary between banks and financial applications.

Citations
  1. Crypto.com. (2022). Crypto.com Security Report & Next Steps.
    crypto.com/product-news/crypto-com-security-report-next-steps