Is Crypto.com Safe?

Crypto.com is a popular cryptocurrency exchange in the U.S. Its easy-to-use mobile app and cash-back debit card have made it a top choice for many crypto investors. But you may wonder if its safety and security are on par with its popularity.

We’ll go over Crypto.com’s security practices, and explain to what extent it’s safe and how it may be risky. We’ll also consider some strategies you can use to stay safe while using Crypto.com.

Let’s get into it!

Is Crypto.com Safe?

The short answer is that Crypto.com is one of the safer crypto exchanges around. It keeps 100 percent of customer funds in cold wallets, away from the prying hands of hackers. It also holds withdrawals to new addresses for 24 hours, allows for multifactor authentication, and provides 24/7 customer support in case you need to report unauthorized activity on your account.

Crypto.com implements all the standard practices of ultra-secure crypto exchanges, but no crypto exchange is completely free of risk — including Crypto.com. In the next few sections, we’ll go over Crypto.com’s security practices in detail, and we’ll discuss what risks you are still taking if you choose to use Crypto.com. In addition, we’ll discuss some ways you can stay safe while using Crypto.com.

Crypto.com Security Practices

Here is a list of Crypto.com’s security practices:

• Cold wallet storage. Every bit of customers’ crypto is kept in cold wallets, disconnected from the internet. The company provides its own crypto to hot wallets so users can make withdrawals, and it reimburses itself from customers’ accounts when these withdrawals are made. That should make it impossible for the company to become insolvent from a hack, since it always has enough crypto stored offline to potentially reimburse users.
• Secure software development lifecycle. To minimize the risk of security loopholes, Crypto.com uses static and dynamic analysis tools to evaluate its code before deployment. It also has a peer-review process it uses to catch errors.
• Multifactor authentication. Crypto.com requires you to enter a passcode when you do just about anything on the app. It also requires a two-factor authentication (2FA) code from your phone and email whenever you withdraw. Crypto.com calls this “multifactor authentication.” It provides multiple layers that an attacker must bypass to successfully steal your funds.
• Email warnings and withdrawal delays. If anyone tries to withdraw crypto to a new address using your account, then the app will delay the withdrawal for 24 hours and send you an email alert that a withdrawal is being made to a new address. That should give you time to contact customer service if the withdrawal was not authorized.
• 24/7 customer support. If you suspect your account has been compromised, then you can contact customer service directly through the app. Staff is on hand 24 hours a day, seven days a week to investigate and block withdrawals if necessary.

Crypto.com has great security practices, but no exchange has perfect security. In the next section, we’ll go over some of the risks of using Crypto.com.

Risks of Using Crypto.com

Crypto.com has top-notch security, but it isn’t perfect. Here are a few things to be aware of when using Crypto.com:

• Crypto is not FDIC-insured. If Crypto.com goes bankrupt and can’t pay you the crypto it owes you, then there is no one to bail you out. Crypto is not insured by the FDIC or any other fund.
• 2FA text messages can be intercepted. A common tactic of crypto thieves is to call your cell phone company and convince it to transfer service to the attacker’s phone. Once the service is transferred, the attacker gets your 2FA code sent to their phone through a text message. If they also have access to your email account, then they can access your account. With Crypto.com, the attacker will also need your PIN, so the app is more difficult — but still not impossible — to hack.
• Emails are easy to miss. If an attacker accesses your account and tries to make a withdrawal, Crypto.com will alert you via email and delay the withdrawal for 24 hours. But this email can easily get lost in a spam folder or buried under other emails you receive that day.

>> Related reading: Is AliExpress Safe?

Despite these risks, it’s actually pretty simple to protect your crypto while using the Crypto.com app. I’ll go over some tips for protecting your cryptocurrency when using the app, but first there is another Crypto.com safety issue to discuss: the notorious Crypto.com hack of January 2022.

Crypto.com Hack

In January 2022, Crypto.com staff admitted that it lost $30 million in a hack of the Because the exchange keeps all of its customers’ funds in cold wallets, however, none of Crypto.com’s 50 million users lost any crypto or cash.

The security team discovered that hackers had found a way to make withdrawals from compromised accounts without inputting 2FA codes, and 483 accounts were affected.

>> Also see: Is Cash App Safe?

In response, the team suspended withdrawals and required all users to reset their 2FA. It then credited the lost crypto back to users’ accounts and absorbed the losses on its own balance sheet, preventing any users from losing funds. Just a few hours later, withdrawals were reinstated and users were once again allowed to transfer crypto to their own wallets.

Once the emergency was over, Crypto.com implemented several new security practices that were intended to prevent a hack like this from ever happening again. These included:

• A 24-hour delay in withdrawals to new addresses.
• Migration to a new 2FA system that is believed to be more secure.
• Hiring a third-party security team to do a full audit of the platform.

We think Crypto.com did a great job responding to the hack. It understood that users were not at fault, and it properly reimbursed them once it recognized the problem. Still, users were reimbursed after this hack only because it was genuinely not their fault. If a user negligently allows their account to be hacked, they won’t be reimbursed.

>> Also check out: Is DuckDuckGo Safe?

In the next section, we’ll provide some tips that will help you make sure you’re taking the proper steps to protect your crypto. It will make it more likely that you’ll be reimbursed if your account gets hacked, but, more importantly, it will also make it less likely that you’ll lose your crypto in the first place.

How to Stay Safe While Using Crypto.com

Here are a few techniques you can use to make it much less likely that an attacker will be able to steal your crypto from Crypto.com.

• For 2FA, use an authenticator app instead of SMS. Authenticator apps are more secure than text messaging because they do not depend on your phone service. An attacker may be able to transfer your phone service to himself. But if you use an authenticator app (like Google Authenticator), this particular attack vector is closed.
• Use a strong PIN. One of Crypto.com’s best security features is its PIN requirement, which provides an extra layer of defense against attackers. But if your PIN is easy to guess, then it won’t be much help. Avoid using personal information (such as a phone number or Social Security number) as a PIN, and try to avoid repeating digits (e.g. 5555) or using sequential numbers (1234).
• Use a strong email password. Your PIN can be reset by anyone who has access to your email, so make sure the password to your email account is strong. Consider using capital and lowercase letters, numbers, and special characters in your email password.
• Set up an anti-phishing code. One common crypto scam is for an attacker to send an email that looks like it came from your exchange. When you click a link in the email, it takes you to a fake website login page. When you attempt to sign in, your login credentials are stored and then used by the attacker to get into your real account. To combat this type of attack, set up an anti-phishing code. Under the “Security” submenu of the “Settings” menu, click “Anti-Phishing Code.” Then click “Create Code.” Follow the instructions to set up your anti-phishing code. This code will now be included in any email from Crypto.com, which will help to distinguish fake emails from real ones.
• Consider withdrawing your crypto from the app. Ultimately, you have to trust Crypto.com with any crypto you leave in the app. But if you withdraw it into your own wallet, then it’s no longer under Crypto.com’s control. If you aren’t actively trading your crypto, then consider transferring it into a private wallet.To do this, tap the “Transfer” button, and select “Withdraw” → “Crypto” → “External Wallet.” Click “+Add Wallet Address,” and follow the instructions to add your crypto address.

Following these steps should make theft of your crypto much less likely.

Wrapping Up

Crypto.com is an excellent beginner-friendly crypto exchange. It makes buying crypto easy through a convenient mobile app. Most importantly, Crypto.com is a very secure exchange. Its app is mobile-only and requires a PIN for practically everything you do on it, and it delays withdrawals to new addresses for 24 hours. It also keeps 100 percent of customer funds offline, in a cold wallet.

All these policies combine to make Crypto.com an ultra-secure exchange.

Using any crypto exchange carries some risk, however, including Crypto.com. We’ve gone over these risks, and we’ve provided some tips for how to minimize them to keep your crypto secure.

Now, here are some answers to frequently asked questions about Crypto.com safety.