← All guides
June 3, 2026 · 7 min read

Is This Crypto.com Email a Scam? How to Verify It

Got a Crypto.com email about a withdrawal, a login alert, a locked account, or a verification code? Crypto phishing is relentless. Here's how to verify a Crypto.com email and protect your funds.

Short answer: a Crypto.com email about a withdrawal you didn't make, a "new device" login, a locked account, or a code to "confirm" something is a top phishing target — because crypto leaving a wallet is gone for good. There's no bank to call, no chargeback, no reversal. You verify a Crypto.com email the same way you verify any other: sender, links, and pressure. But with crypto, the stakes make that habit non-negotiable.

The most dangerous version pairs an email with a phone call from "Crypto.com support" — the email alarms you, the call talks you into approving access or moving funds.

Quick check: Don't click the email's link. Open the Crypto.com app or type crypto.com yourself and check your account. Crypto.com will never ask for your password, 2FA code, or wallet recovery phrase, and will never ask you to move funds to a "safe" wallet.

In this guide

How Crypto.com phishing works

The common Crypto.com scams all push you to act before you think:

  • The withdrawal alert. "A withdrawal of 0.5 ETH is being processed — if this wasn't you, cancel here." The "cancel" link leads to a fake login that captures your password and live 2FA code.
  • The new-device login. "We detected a sign-in from a new device/location. Secure your account now." Same harvesting page, different wrapper.
  • The locked / restricted account. "Verify your identity to restore access," with a form collecting your login and ID.
  • The verification-code email. A code arrives with "enter this to confirm" — while a scammer who already has your password waits for you to hand over the second factor.
  • Airdrop / reward bait. "Claim your tokens" links to a malicious site or a wallet-draining "connect" prompt.

The fake support call

Email plus phone is where the big losses happen. After (or instead of) the email, you get a call from spoofed "Crypto.com support" warning your account is compromised. To "secure" it, they push you to:

  • read back a 2FA or verification code (which actually approves their login or a withdrawal),
  • disable security features or "re-verify" on a fake page, or
  • move your crypto to a "safe" or "vault" wallet — which belongs to them.

No legitimate support process ever involves reading codes aloud or moving your funds elsewhere. Crypto.com support is reached through the app, and they contact you there — not via an unsolicited call or a number in an email.

The red flags

  • A link to "log in," "verify," or "cancel a withdrawal." Real account actions happen in the app, not via an emailed link.
  • Requests for a password, 2FA code, or recovery/seed phrase. Never share these. The recovery phrase especially — no real service ever needs it.
  • "Move your funds to a safe wallet." Always a scam.
  • Sender lookalikes such as crypto-com-support.com, cryptocom-secure.net, or crypto.com.verify-login.net instead of crypto.com.
  • Urgency around a withdrawal or "compromised account" to rush you.
  • An unsolicited "support" call or a number to call in the email.

Real Crypto.com email vs scam at a glance

| Signal | Real Crypto.com | Likely scam | | --- | --- | --- | | Sender domain | crypto.com | crypto-com-support.com, cryptocom-secure.net | | Links | crypto.com | Third-party or look-alike domain | | Asks for | Nothing sensitive | Password, 2FA code, or recovery phrase | | "Support" contact | You reach out via the app | Unsolicited call or email | | Fund moves | You initiate them | "Move to a safe wallet" on request |

Why crypto is the favorite target

Unlike a card charge, a crypto transfer can't be reversed or charged back — once it's sent, it's gone. There's no bank to call for a refund and no dispute process. That irreversibility is why scammers invest so heavily in exchange phishing and why the urgency is always cranked so high: they need you to act before you think, because once funds move, the window to recover them has closed.

When a Crypto.com email or "support" message makes you feel you must act this second to save your funds, that feeling is manufactured. Forward the message to FraudRoom and get a plain-English risk read before you click, call, or move anything — a real issue will still be there in ten minutes; a drained wallet won't come back.

How to verify a Crypto.com email

  1. Don't use the links in the email.
  2. Open the Crypto.com app, or type crypto.com into your browser yourself, and sign in.
  3. Check your account activity and security settings there. A real issue shows up; a fake one won't.
  4. If something genuinely looks wrong, use the support options inside the app — never a number from the email or an inbound call.

Protect your account

  • Use an authenticator app or hardware security key for 2FA rather than SMS where possible.
  • Set up a withdrawal allowlist (whitelist) so funds can only go to addresses you pre-approved, with a delay on new ones.
  • Never store or type your recovery/seed phrase anywhere online; it belongs offline, to you alone.
  • Treat any unsolicited "Crypto.com support" contact as a scam until proven otherwise — they respond inside the app, not by cold call.

If you already clicked or shared details

  1. Stop and close the page.
  2. From the real app, change your password, reset 2FA, and review withdrawal activity, connected devices, and any allowlist changes you didn't make.
  3. If funds may be moving, contact Crypto.com support through the app immediately.
  4. If you shared card or bank details, call your bank using the number on your card.
  5. Report it to the FTC at reportfraud.ftc.gov and, for larger crypto losses, the FBI at ic3.gov.

For the full recovery walkthrough, see what to do if you clicked a phishing link.

FAQ

How do I verify a Crypto.com email is real?

Don't click its links. Sign in to the Crypto.com app or type crypto.com yourself and check your activity and security settings. Real Crypto.com mail comes from crypto.com and never asks for your password, 2FA code, or recovery phrase.

Does Crypto.com call customers about suspicious withdrawals?

Be very skeptical of unsolicited calls. Scammers spoof Crypto.com's caller ID and pose as support to push you into sharing codes or moving funds. Verify only through the app, and never act on a number from an email or an inbound call.

Should I ever share my recovery phrase or move funds to a "safe wallet"?

Never. Your recovery (seed) phrase should stay offline and private, and no legitimate process asks you to move crypto to a "safe" wallet — that instruction is always a scam.

Crypto.com emailed me a verification code I didn't request — what does that mean?

It can mean a scammer who already has your password is trying to log in and needs your second factor. Don't enter or share the code. Open the app, change your password, and make sure 2FA is on. Never read a code back to anyone.

Is the Crypto.com airdrop or "claim your tokens" email real?

Almost always no. "Claim your reward / airdrop" emails link to malicious sites or to a "connect your wallet" prompt that can drain it once you approve. Don't connect a wallet or sign a transaction from an email link. Verify any real promotion inside the official Crypto.com app, and treat surprise free-token offers as bait.

I think someone has my Crypto.com password — what should I do first?

Open the app, change your password immediately, and reset two-factor authentication to an authenticator app or hardware key. Then review recent logins, devices, and withdrawal activity, and set or re-check your withdrawal allowlist so funds can't be sent to a new address without your approval. If anything looks wrong, contact support through the app.

Key takeaways

  • Crypto is irreversible, which is why exchange phishing is so aggressive and so urgent.
  • Never share a password, 2FA code, or recovery phrase — and never move funds on request.
  • Verify by signing in to the Crypto.com app or crypto.com yourself, never an email link.
  • Treat unsolicited "Crypto.com support" contact as a scam until you confirm it in the app.
  • Use an authenticator app and a withdrawal allowlist to add a safety margin.

Not sure about a message?

Forward it to check@fraudroom.com and get a plain-English scam check in minutes.

Try it free — 5 checks, no card