COMMITMENT TO SECURITY

Security First. Always.

Building Trust is the cornerstone of our commitment to our customers; security and data privacy are the foundations of achieving mainstream cryptocurrency adoption
Vault door

Security Philosophy

At Crypto.com, our philosophy is to drive a proactive "Defense in Depth" culture, where we embed a security growth mindset into all aspects of our business processes.

We have controls at each layer of our systems to strengthen our overall security posture, and invest heavily in ongoing security and privacy awareness training for all staff company-wide.

We believe everyone has a role to play in security and we take a holistic approach to cybersecurity and continuously work to manage and mitigate risks in all aspects of People, Processes and the Technology we use.

Our Security

  • Our Cryptocurrency Security

    100% of user cryptocurrencies are held offline in cold storage.

    Crypto.com has a strategic partnership with Ledger, a global leader in security and infrastructure solutions for cryptocurrencies and blockchain applications, integrating its institutional-grade custody solution, Ledger Vault, leveraging HSM (hardware security modules) and multi-signature technologies.

    Crypto com has also secured cold storage insurance coverage up to US $100 million to safeguard against theft or direct loss with a market leader in institutional-grade cryptocurrency custody services.

    All funds held in hot wallets are corporate funds and leverage HSM (hardware security modules) and multi-signature key-generation technologies. Those funds are primarily used to ensure smooth day-to-day withdrawal requests from our customers.

  • Our Fiat Currency (Cash) Security

    Crypto.com keeps fiat currency of customers in custodian bank accounts that are secured and regulated. If you are a US resident, your USD balances are covered by FDIC insurance, up to US$250,000. You retain ownership of the currencies in bank accounts, i.e., your fiat funds could not be claimed by Crypto.com or its creditors.

  • Our Infrastructure Security

    Crypto.com leverages Amazon Web Services (AWS) and its security capabilities and services. These include:

    • Network and web application firewall capabilities
    • Controlled encryption in transit with TLS (Transport Layer Security) accross all services
    • Automatic encryption of all traffic
    • Business continuity planning for outages and attacks prevention
    • More details on AWS' Security Features can be found here

Our Internal Controls

Dedicated Compliance & Risk Management Functions

Crypto.com has designated compliance & risk management officers who implement compliance policies & procedures, and perform regular internal reviews to ensure Crypto.com is in full compliance with all regulatory requirements.

Crypto.com leverages industry-leading fraud and anti-money laundering partnership/ providers to manage risks.

Crypto.com App Security Features

Crypto.com has developed key security features in its App

Secure Coding

Software developers follow our Secure Software Development Lifecycle and our code is peer reviewed, as well as, using a combination of static source code analysis tools.

We have full-time staff to oversee the quality and logic of the code.

We have obtained external audit certifications from Quantstamp and Certik for the smart contracts we deployed.

Two-Factor Authentication (2FA)

  • Password
  • Biometric identification
  • Email verification
  • Phone verification

Withdrawals Protection

Mandatory whitelisting of external address through email verification.

Use of Authenticator (2FA) for transactions

Live customer support 24/7

Secure Coding

Software developers follow our Secure Software Development Lifecycle and our code is peer reviewed, as well as, using a combination of static source code analysis tools.

We have full-time staff to oversee the quality and logic of the code.

We have obtained external audit certifications from Quantstamp and Certik for the smart contracts we deployed.

Two-Factor Authentication (2FA)

  • Password
  • Biometric identification
  • Email verification
  • Phone verification
  • Authenticator

Withdrawals Protection

Mandatory whitelisting of external address through email verification.

Use of Authenticator (2FA) for transactions

Live customer support 24/7

Iphonex box

Certifications

Iso27001Pci

Crypto.com is the first cryptocurrency in the world to have both ISO27001:2013 and PCI:DSS 3.2.1, Level 1 compliance.

ISO/IEC 27001:2013 Certification is the "Gold Standard" for information security management (the audit was led by Bureau Veritas, a global leader in Testing, Inspection and Certification).

PCI:DSS (Payment Card Industry: Data Security Standard) outlines a set of strict requirements set by the payment card industry and is designed to ensure that organizations which process, store or transmit credit card data maintain a highly secure environment, and uphold the highest data security and privacy standards. Level 1 is the highest level of certification.

Iso27001Pci

Penetration Testing & Bug Bounty

icon
QUESTIONS/ CONTACT

If you have any questions or concerns about your Crypto.com account – or believe there has been an unauthorized login attempt and/or transaction that you do not recognize – please contact Support via in-app/website chat or [email protected].