At Crypto.com, we’re deeply committed to security and data privacy, and our teams work tirelessly to protect your information and assets. Recently, we introduced the Account Protection Programme (APP), which grants protection of up to US $250,000 if your account is compromised. This programme is currently available in 24 countries.
Crypto.com also wants to emphasise that maintaining your account’s security is a shared responsibility. For instance, to qualify for the APP, you must have enabled the security features available in your Crypto.com App and Exchange.
In this article, we will share the best practices for you to keep your Crypto.com app protected, as we always encourage having multiple layers of security; what we call, “Defense in Depth”.
DOs and DON’Ts
When it comes to security and privacy, every detail matters:
Use a unique email address/alias to register a Crypto.com account. By setting up a unique email address/alias when signing up for a new account, you can be sure this email address has not been previously leaked to spammers or hackers via other company/industry mailing-list breaches. It’s one of the many steps you can take to better protect yourself from phishing attacks. This tip works best when paired with an Anti-Phishing Code, which can be set up in our app.
Secure the email account you used to sign up for Crypto.com. The security of your personal email account has a direct impact on your Crypto.com account. To keep your Crypto.com-linked email secure, please use a unique and long password, turn on two- or multi-factor authentication (2FA or MFA) if your email provider supports it, and review your account activity regularly to check for possible security issues with both your email and Crypto.com account. If you feel that your personal email has been compromised, and are concerned about your Crypto.com app, then please reach out to our customer support for assistance.
Set up and use an Anti-Phishing Code. The Crypto.com App, Exchange, and NFT products come with a feature that lets you use an Anti-Phishing Code. This code is something which you only know, and appears in the email body which helps to identify whether emails that appear to be from us are genuine or not. In combination with a unique email address, the use of an Anti-Phishing Code ensures that your interaction with Crypto.com remains verifiable, separate from other accounts and services, adding an extra layer of security for your funds.
Always set unique pattern locks, passcodes, and passwords for your phone and the Crypto.com services you use. Unique pattern locks, passcodes, and passwords will help to protect your data and funds in case you lose your device. When you set up different unlock codes for each of the online services you use, it prevents hackers from gaining access to every account you have in case one of them gets compromised. We strongly recommend having different strong pattern locks, passcodes, and passwords for each of the Crypto.com products you use (Crypto.com App and DeFi Wallet have passcodes, while Crypto.com Exchange and NFT have passwords), as well as for all of your other apps and devices.
Use strong and unique passwords and consider installing password management software. With a password manager, you can free your mind from having to remember multiple password combinations. Ensure your master password is strong but easy for you to remember, like phrases that are only meaningful to you. Length is the most critical factor in a strong password, and using a combination of uppercase and lowercase letters with special characters in your passwords makes it significantly harder for hackers to compromise your account. Also, remember to avoid using personal information that can easily be guessed or found on social media. Remember, never reuse the same password for different platforms!
Enable Crypto.com’s Multi-Factor Authentication (MFA) feature for all your transactions. A major component of qualifying for Crypto.com’s Account Protection Programme (APP) for your account is the activation of the security features present in your apps, especially the MFA feature. Even without the APP, the presence of MFA provides a strong security layer for your transactions. Nevertheless, in order to qualify for the APP, you need to have your MFA enabled, so this is one of the first things to do when creating your Crypto.com account. In addition, you need to activate other security measures on your Crypto.com account to be covered under APP, including the Anti-Phishing Code discussed earlier and the 24-Hour Withdrawal Lock feature.
Make sure that the 24-Hour Withdrawal Lock feature for newly whitelisted addresses is always enabled. The 24-Hour Withdrawal Lock is a feature that adds an additional layer of security for your funds by stopping your account from transferring funds to an address that has been newly whitelisted over a period of 24 hours. Crypto.com recommends enabling this feature on your Crypto.com Exchange account at all times in order to prevent unauthorised access to your account to prevent withdrawing funds through a newly added address belonging to a fraudster. For your security, this feature is currently enabled by default on the Crypto.com App.
Do not root/jailbreak your devices. Rooting/jailbreaking, or the practice of bypassing software restrictions on your device, is a major security risk. Device manufacturers impose these restrictions for security purposes, among many other things. By rooting/jailbreaking your device, you leave it open to vulnerabilities down the road, additionally putting your account at risk. This is also a requirement to be eligible for using the App.
Keep your apps updated. App makers regularly roll out new security fixes and enhancements through their updates. Sometimes, the app update is solely for security purposes. Make sure you update your apps regularly — as soon as that update is available. This goes for all of your apps and your phone operating system; not just the Crypto.com app.
Do not publish or share the details of your Crypto.com Visa Card with anyone. When you pay with your Crypto.com Visa Card, never go through a third party, such as a cashier. Avoid sharing your card info with others at social gatherings. Please be assured that Crypto.com will never ask for your card details.
If you lose your Crypto.com Visa Card, freeze it through the Crypto.com App and contact our Customer Support team immediately. It is crucial to immediately lock your lost card through our app in order to keep your funds safe. Our Crypto.com Customer Support team is available 24/7 to help you every step of the way, from securing your account to replacing your lost card. The earlier you report your loss, the better your chances of ensuring the security of your funds.
Do not share your account credentials — like your MFA, PIN, or password — with anyone. The only instance where Crypto.com will ask for your details is when Crypto.com Customer Support confirms your identity by requesting your name, email, and a selfie with a handwritten paper containing your name and a date on it. No one from Crypto.com will ever ask for your login credentials, private keys, MFA security codes, or recovery phrases — no matter which mode of communication you use to contact us. Most importantly, if you have cold wallet storage, never share your secret phrases with anyone over the phone, email, or social media.
Do not store your MFA recovery code or Crypto.com DeFi Wallet recovery phrase on the same device you use to access our products. The practice of multi-medium backup will allow you to conveniently recover your account with Multi-Factor Authentication if you lose your device. You can also consider keeping one of your backups on an offline medium.
Do not store passwords and/or logins in an unencrypted form. Don’t sacrifice security for momentary convenience. You can’t predict when unauthorised third parties will try to access your account or whether you’ll lose your device — It could be in the very next minute, hour, or year from now. You must always be prepared and protected.
Continuous efforts on your part to secure your accounts are important when combating bad actors. We have shared some best practices in order to protect your devices and accounts, as well as ways to build good habits moving forward.
