How safe is Crypto.com,
really?
Instead of a vague 'trusted' badge, we grade Crypto.com on five concrete, checkable criteria — each with sources. Here's exactly how it scores.
Criterion by criterion, with sources
- ✓ Regulation
Broadly licensed — Singapore MAS (Major Payment Institution), EU MiCA via Malta MFSA (2025), UK FCA (EMI + cryptoasset registration), US FinCEN MSB with state money-transmitter licences, plus Canada FINTRAC and Australia AUSTRAC. Source 1 → Source 2 →
- ✗ Proof-of-Reserves
A Merkle-tree reserves portal exists, but the last independent attestation (Mazars, 101–106% coverage) was December 2022; Mazars then exited crypto and no current independent auditor has been named. Source 1 → Source 2 →
- ✓ Flexible withdrawal
Flexible-term Crypto Earn can be withdrawn at any time with no lock-up; rewards accrue daily and pay out weekly. Lock-up only applies to fixed-term products. Source →
- ✓ Insurance Fund
Around $870M of insurance — $750M custodial cover for retail assets, $100M for institutional cold-storage theft (underwritten via Lloyd's of London / Aon) and $20M more. User error (phishing, wrong address) is not covered. Source →
- ✓ Track record (2+ years incident-free)
Operating since 2016. A January-2022 hack drained ~$34M from 483 accounts via a 2FA bypass — all affected users were fully reimbursed from company funds, and no comparable incident has occurred since. Source →
Incidents we count
Known incidents
1- January 2022 Attackers bypassed 2FA and withdrew ~$34M (444 BTC, 4,836 ETH + other) from 483 accounts. Crypto.com paused withdrawals, audited security, added a 24h delay for new withdrawal addresses, and fully reimbursed affected users. Source →
Current earn rates on Crypto.com
| USDT | 0.5 % | flexible |
| USDC | 0.5 % | flexible |
| BTC | 0.2 % | flexible |
| ETH | 0.2 % | flexible |