Our Top Pick: Revolut — Best overall crypto bank for most users Open Account ↗ (affiliate)

Is Crypto.com Safe?

Regulatory coverage, Proof of Reserves, CRO token risk, historical incidents.

SK
Reviewed by Stephan Kulik · Last updated: · How we rank

Short answer

Reasonably safe for everyday use — strong multi-jurisdictional regulation (MiCA CASP in EU, FCA in UK, MSB in US, MAS in Singapore, VARA in UAE, AUSTRAC in AU), quarterly Proof of Reserves, and a full-reimbursement record after the 2022 incident. Not ideal for large long-term holdings — CRO token concentration, repeatedly-cut card rewards, and generic custodial-platform risks apply. Use a hardware wallet for long-term positions.

Regulatory footprint

  • MiCA CASP authorisations in multiple EU member states (France AMF, Italy OAM, Malta MFSA)
  • FCA registration in the UK (cryptoasset firm register)
  • FinCEN Money Services Business (MSB) registration for US operations
  • MAS (Singapore) payment institution licence
  • VARA (Dubai) virtual asset service provider licence
  • AUSTRAC (Australia) DCE registration
  • Central Bank of Brazil PSP licence

This is one of the most extensive global regulatory footprints of any crypto platform. More jurisdictions = more oversight + more expensive for Crypto.com to operate = aligned with user safety.

Custody and Proof of Reserves

Customer crypto is held in a mix of cold storage and operational hot wallets, with institutional-grade custody partners. Quarterly Proof of Reserves attestations are performed by Mazars (historically) and Armanino (more recently). PoR snapshots confirm on-chain balances ≥ customer liabilities at a moment in time.

Important caveat: PoR is not a solvency audit. It verifies crypto-side coverage but not off-chain liabilities, counterparty exposures, or off-balance-sheet risk. See proof of reserves explained.

Historical incidents

January 2022 — 2FA bypass

Attackers bypassed 2FA on approximately 483 accounts, withdrawing approximately $35M in ETH, BTC, and other tokens. Crypto.com reimbursed all affected users in full. Response included mandatory whitelisting of withdrawal addresses, 24-hour delay on new address additions, and overall security overhaul.

Lesson: the platform's incident response was strong. No user lost funds permanently. Compare this to platforms that did not fully reimburse (multiple cases through crypto's history).

2022 — $400M accidental transfer

Crypto.com accidentally transferred approximately $400M to a Gate.io corporate address instead of an internal cold-storage move. The funds were recovered. This was an operational-process failure, not a security breach, but illustrated that internal controls were not at bank-grade maturity at that time.

CRO card rewards cuts

The Crypto.com Visa card rewards have been cut multiple times since 2022 — initially as high as 8% cashback, reduced repeatedly to current levels that are platform-tier-dependent and typically 1-5%. Each cut was announced, implemented within weeks, and communicated via app. The pattern suggests the original reward economics were unsustainable — which is normal for a growth phase — but means the product value proposition today is different from 2021 advertising.

Who Crypto.com is safe enough for

Good fit: users in regulated jurisdictions (EU, UK, US with MiCA/FCA/MSB coverage), active traders, Visa-card spenders, those using it for buy-sell-convert convenience.

Bad fit: users holding large long-term positions they treat as savings. Self-custody via hardware wallet is materially safer. See best crypto wallets.

Compare

Get Crypto.com Card ↗

Frequently asked questions

Is Crypto.com safe? +
Crypto.com has stronger regulatory coverage than many peers: MiCA CASP authorisations in France, Italy, Malta, and other EU markets; FCA registration in the UK; MSB in the US; and licensing in Singapore (MAS), Dubai (VARA), and Australia (AUSTRAC). Proof of Reserves is published quarterly by Mazars/Armanino. The main residual risks are (1) CRO token concentration — much of the rewards economics are denominated in CRO, which is issued by Crypto.com itself; (2) CRO card rewards have been repeatedly reduced, signaling unit economics pressure; (3) no FDIC or FSCS insurance for crypto.
Does Crypto.com have Proof of Reserves? +
Yes. Crypto.com publishes a quarterly Proof of Reserves attestation, most recently by Mazars and Armanino. The attestation confirms that customer-deposit liabilities are matched by on-chain custody addresses at the snapshot time. PoR is better than nothing but is not a solvency audit — it does not verify off-chain liabilities, counterparty exposures, or the quality of non-crypto assets. Treat PoR as one input among many.
What is CRO token risk? +
CRO is Crypto.com's native token. It is used to determine tier eligibility on the Crypto.com Visa card (Ruby Steel, Royal Indigo, Obsidian) and to boost staking yields. Because CRO value depends materially on Crypto.com's continued operation and growth, holding CRO concentrates platform risk. CRO has also been decoupled from the original Cronos chain migration; historical holders saw significant supply and valuation changes in 2022. Don't put long-term holdings in CRO as a standalone asset.
Why do you score Crypto.com lower than some competitors? +
Our Our Score for Crypto.com is 6.7, lower than Forbes/NerdWallet typical ratings. Three reasons: (1) CRO card rewards have been cut multiple times since 2022, eroding the product's core value proposition; (2) CRO token concentration in the value chain exposes users to platform-specific risk; (3) a 2022 incident where $35M was transferred to a wrong address undermined confidence in operational controls. None of these are disqualifying — hence 6.7, not a low single digit — but they warrant lower ranking than a competitor without these issues.
Has Crypto.com ever been hacked? +
In January 2022, Crypto.com disclosed an incident where funds were taken from user accounts through a 2FA bypass. Crypto.com reimbursed affected users in full. No customer lost funds permanently. The company subsequently increased security controls (mandatory withdrawal whitelisting, re-authentication on new addresses). This is a better outcome than most crypto incidents but illustrates that "custodial risk" is real even at well-regulated platforms.
Is Crypto.com safe for large holdings? +
No custodial platform is ideal for large long-term holdings. Crypto.com is a reasonable choice for small-to-medium balances, active trading, and card-spending use cases. For long-term holdings, move to a hardware wallet — see our /best-crypto-wallets/ guide.
Legal & editorial
esc
↑↓ navigate ↵ open esc close