Security First. Always.
Our commitment to our customers is built on trust. We believe that
security and data privacy are the foundations of achieving mainstream
cryptocurrency adoption.
Our Philosophy
Security and Privacy by Design and By Default
We drive a Zero Trust, Defence in Depth security strategy across our systems and platforms. Data privacy assessments are built into our processes to safeguard your personal information.
Empowering a Growth Mindset
To continually strengthen our security posture, we invest heavily in ongoing security and privacy awareness training for all staff.
Deposit and Transaction deposits
We screen all deposits for
compliance, and have a
dedicated team to monitor
all transactions
compliance, and have a
dedicated team to monitor
all transactions
100% of user cryptocurrencies are held offline in cold storage.
Crypto.com has a strategic partnership with Ledger, integrating its institutional-grade custody solution, Ledger Vault. We also leverage hardware security modules (HSM) and multi-signature technologies. Crypto.com has secured a total of USD 750M in cold storage insurance against physical damage or destruction, and third-party theft.
All funds held in hot wallets are corporate funds.
We leverage HSM and multi-signature, key-generation technologies to keep these funds secure. They are primarily used to ensure smooth day-to-day withdrawal requests from our customers.
Users’ fiat currencies are held in regulated custodian bank accounts.
If you are a U.S. resident, your USD balances are held at Metropolitan Commercial Bank, an FDIC member and insured depository institution. Your USD balances held at Metropolitan Commercial Bank are insured up to USD $250,000. You retain ownership of those funds in Metropolitan Commercial Bank accounts, meaning your fiat funds cannot be claimed by Crypto.com or its creditors.
Crypto.com adheres to the principle of least privilege.
We have strict controls on access rights to funds in both cold and hot wallets.
Crypto.com App
We’ve developed key security features in our apps
We follow a Secure Software Development Lifecycle.
Security is baked into our coding lifecycle. Our software is peer-reviewed and uses a combination of static and dynamic source code analysis tools.
We use Multi-Factor Authentication (MFA).
Transactions are protected by MFA, which includes password, biometric, email, phone, and authenticator verification.
We ensure withdrawal protection.
Whitelisting external addresses through email verification is mandatory.
We provide 24/7 live customer support.
It’s our priority to help you make the most of your Crypto.com experience.
Crypto.com App
Building a more robust crypto
community worldwide
Certifications and Assessments
Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have ISO/IEC 27701:2019, CCSS Level 3, ISO/IEC 27001:2013 and PCIDSS v3.2.1 Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks. Crypto.com has also engaged globally recognised security consulting and auditing firms like Kudelski Security to stress test and audit our core Blockchain systems.
Hacker One Bug Bounty
Crypto.com recognises the importance of security researchers in helping to keep our community safe. We encourage responsible disclosure of security vulnerabilities via our external bug bounty program on the leading platform, Hacker One.