Sarai Hannah Ajai's Public Redacted Incident Report Regarding Suspected Unauthorized Crypto.com Sign-In Attempt and Possible Unauthorized Use of Email Identifier

 Public Redacted Incident Report Regarding Suspected Unauthorized Crypto.com Sign-In Attempt and Possible Unauthorized Use of Email Identifier

Formal Public Incident Report Narrative

Reporting Party: Sarai Hannah Ajai
Email Identifier Involved: [REDACTED EMAIL ADDRESS]
Incident Date: June 21, 2026
Primary Timeframe: Approximately 12:28 AM to 12:29 AM
Platform Involved: Crypto.com App / Crypto.com account-access system
Evidence Type: Redacted Gmail PDF export of Crypto.com notification email
Prepared For: Public evidence documentation, consumer-protection complaint reference, cybercrime complaint reference, identity-theft documentation, and related account-security records.

I. Summary of Incident

On June 21, 2026, at approximately 12:28 AM to 12:29 AM, the reporting party received an email notification from Crypto.com with the subject line: “Tried to Log In? Let Us Help.”

The email stated that Crypto.com detected an attempt to sign in to a Crypto.com App account using the reporting party’s email address. The email further stated that the email address was not associated with an existing Crypto.com account.

The reporting party did not authorize any person to use the reporting party’s email address to attempt to sign in to Crypto.com. The reporting party did not consent to any person using the reporting party’s email address, identity-related information, or personal identifier to access, test, open, create, verify, or attempt to initiate a Crypto.com account.

The evidence does not prove that a Crypto.com account was successfully opened. However, it documents that a Crypto.com sign-in or account-access workflow was initiated using the reporting party’s email identifier without authorization. Because Crypto.com is associated with cryptocurrency services and financial-account activity, this incident creates a serious concern regarding possible attempted identity misuse, account probing, unauthorized financial-account setup, attempted account creation, attempted credential testing, or unauthorized use of the reporting party’s email identifier.

At this time, the reporting party does not know who initiated the Crypto.com sign-in attempt. The reporting party does not have forensic confirmation identifying the device, IP address, browser, mobile app session, network, or physical location used in the attempted access. This report is prepared to preserve the incident as a suspected unauthorized account-access and identity-protection matter.

II. Key Evidence Observed

The redacted Gmail PDF export documents the following:

1. A Crypto.com notification email was sent to the reporting party’s redacted email address.
2. The email subject line stated: “Tried to Log In? Let Us Help.”
3. The sender was identified as Crypto.com.
4. The email was sent on Sunday, June 21, 2026, at approximately 12:28 AM.
5. The email stated that Crypto.com saw an attempt to sign in to a Crypto.com App account using the reporting party’s email address.
6. The email stated that the reporting party’s email address was not associated with an existing Crypto.com account.
7. The email included a pathway for creating a new account using that email address.
8. The Gmail export was preserved later on June 21, 2026.

These details support the reporting party’s concern that the reporting party’s email identifier was used in a Crypto.com account-access or account-creation workflow without permission.

III. Detailed Incident Description

On June 21, 2026, the reporting party discovered an email notification from Crypto.com in the reporting party’s Gmail account. The email was sent shortly after midnight, at approximately 12:28 AM. The subject line stated: “Tried to Log In? Let Us Help.”

The body of the email stated that Crypto.com saw an attempt to sign in to a Crypto.com App account using the reporting party’s email address. The message also stated that the email address was not associated with an existing account.

This is significant because it indicates that the reporting party’s email address was entered into Crypto.com’s sign-in or account-access system even though, according to Crypto.com’s message, no existing account was associated with that email address.

The email also included language indicating that a new account could be created using the same email address. This raises concern that the incident may involve an account-probing attempt, an attempted registration, or an unauthorized effort to use the reporting party’s email identifier in connection with a financial or cryptocurrency-related platform.

The reporting party did not initiate the Crypto.com sign-in attempt. The reporting party did not authorize any other person to use the email address for Crypto.com. The reporting party did not consent to any person attempting to test whether the email address was associated with Crypto.com. The reporting party did not consent to any person attempting to open, create, access, or prepare a Crypto.com account using the reporting party’s email address or identity-related information.

Because Crypto.com is associated with cryptocurrency services, digital assets, account verification, financial transactions, and related account activity, any unauthorized use of the reporting party’s email address in that environment creates a serious identity-protection and financial-account security concern.

At this time, the evidence does not identify the individual or device that initiated the attempt. The email alone does not prove that an account was created, that funds were accessed, that funds were transferred, or that Crypto.com completed identity verification. However, the email is sufficient to document that the reporting party’s email address was used in a Crypto.com sign-in process without authorization.

IV. Suspected Unauthorized Conduct

Based on the available evidence, the reporting party believes this incident may involve one or more of the following suspected issues:

1. Possible Unauthorized Use of Email Identifier

An unknown person, device, or automated process may have entered the reporting party’s email address into Crypto.com’s sign-in or account-access system without permission.

2. Possible Account-Probing Attempt

The attempted sign-in may have been used to determine whether the reporting party’s email address was already associated with a Crypto.com account.

3. Possible Attempted Crypto.com Account Creation

Because the email stated that the email address was not associated with an existing account and included a pathway to create a new account using that email address, the reporting party is concerned that the incident may relate to an attempted unauthorized account-opening process.

4. Possible Identity Misuse or Attempted Identity-Theft Activity

Because cryptocurrency accounts may involve identity verification, financial records, payment methods, digital wallets, banking connections, tax records, transaction histories, or sensitive account data, the unauthorized use of the reporting party’s email address creates concern that unknown persons may be attempting to misuse the reporting party’s personal identifiers.

5. Possible Credential Testing or Login Workflow Abuse

The incident may also reflect an unauthorized attempt to test whether the reporting party’s email address could be used in a Crypto.com login workflow, account-recovery workflow, registration workflow, or account-creation workflow.

6. Possible Connection to Prior Account-Security Concerns

The reporting party has separately documented other suspected unauthorized access, account misuse, device-security concerns, and identity-related concerns. This Crypto.com incident should be preserved as part of that broader documentation history because it involves an external financial-technology platform and the reporting party’s personal email identifier.

The reporting party is documenting these concerns as suspected unauthorized misconduct. The reporting party is not claiming that the email alone identifies the responsible person. However, the email provides direct evidence that the reporting party’s email address was entered into a Crypto.com sign-in process without authorization.

V. Exhibit List and Evidence Description

Exhibit A — Redacted Gmail PDF Export of Crypto.com Email

This exhibit consists of a redacted Gmail PDF export showing an email notification from Crypto.com to the reporting party’s redacted email address. The email subject line is “Tried to Log In? Let Us Help.” The email was sent on Sunday, June 21, 2026, at approximately 12:28 AM.

The email states that Crypto.com detected an attempt to sign in to a Crypto.com App account using the reporting party’s email address. The email further states that the email address was not associated with an existing Crypto.com account.

This exhibit is important because it directly documents that the reporting party’s email identifier was used in a Crypto.com sign-in workflow.

Exhibit B — Crypto.com Message Content

This exhibit consists of the redacted body text of the Crypto.com message. The message states that the recipient appeared to be trying to sign in to the Crypto.com App using the email address and that the email address was not associated with an existing account. The message also includes an option to create a new account using the same email address.

This is significant because it supports the reporting party’s concern that the incident may involve account probing, attempted registration, attempted unauthorized account creation, or unauthorized use of the reporting party’s email identifier.

Exhibit C — Timestamp and Preservation Record

The redacted Gmail PDF shows that the email was sent shortly after midnight on June 21, 2026, and that the Gmail export was later preserved on the same date. This helps document the timeline of discovery and preservation.

VI. Security and Privacy Impact

This incident caused serious concern because an email address is a personal identifier commonly connected to account recovery, financial services, online registrations, identity verification, legal records, and digital communications.

The attempted use of the reporting party’s email address on Crypto.com is especially concerning because Crypto.com is connected to cryptocurrency services and potential financial-account activity. If an unauthorized person were able to create or access an account using the reporting party’s email address or related identity information, the incident could affect financial security, digital-asset security, account-recovery integrity, tax documentation, and identity-protection records.

The incident also creates concern that unknown persons may be testing the reporting party’s identifiers across financial platforms. Even where no account is successfully opened, an attempted sign-in or account-creation workflow may indicate that the reporting party’s email address is being used without consent in a manner that requires documentation and follow-up.

Because the Crypto.com email stated that the reporting party’s email address was not associated with an existing account, the reporting party understands that this evidence does not confirm a successful account creation. However, the unauthorized use of the email address in a Crypto.com sign-in workflow still requires preservation as an identity-protection, financial-account security, and cybersecurity concern.

VII. Public Evidence Posting Purpose

This redacted public incident report is prepared because certain consumer-protection and cybercrime complaint portals may not provide a direct method to upload supporting evidence during the complaint-submission process.

For that reason, the reporting party is preserving redacted evidence on a public documentation page so that complaint reviewers, investigators, service providers, or authorized parties may review the supporting incident record if necessary.

The public version intentionally redacts direct personal identifiers, including the reporting party’s full name, full email address, Gmail account data, account-specific links, and any security-sensitive information. Unredacted evidence should be preserved separately for law enforcement, agency review, legal review, or service-provider verification if requested through an appropriate official process.

Public Evidence Link: [INSERT REDACTED PUBLIC BLOG EVIDENCE URL HERE]

VIII. Evidence Preservation

The reporting party preserved the following evidence:

1. Redacted Gmail PDF export of the Crypto.com email.
2. Sender information identifying the notification as coming from Crypto.com.
3. Redacted recipient information.
4. Subject line: “Tried to Log In? Let Us Help.”
5. Date and time shown on the email: Sunday, June 21, 2026, at approximately 12:28 AM.
6. Body text stating that a sign-in attempt occurred using the reporting party’s email address.
7. Body text stating that the email address was not associated with an existing Crypto.com account.
8. Body text offering the option to create a new account using the same email address.
9. Redacted preservation copy of the Gmail export.

The reporting party should preserve the unredacted PDF, email headers, original Gmail message, screenshots, and any future Crypto.com correspondence separately in a private evidence folder.

IX. Requested Follow-Up Actions

The reporting party intends to consider the following follow-up actions:

1. Preserve the original Crypto.com email and unredacted PDF export in a private legal evidence folder.
2. Preserve a separate redacted copy for public documentation.
3. Avoid clicking sign-in or account-creation links from the email unless independently verified through Crypto.com’s official support channels.
4. Review full email headers in Gmail, if available, to preserve routing and authentication details.
5. Contact Crypto.com through an independently verified support channel to request confirmation that no account exists under the reporting party’s email address.
6. Request that Crypto.com document the attempted sign-in event, including date, time, IP address, device information, app session, and approximate location information if available.
7. Request that Crypto.com restrict or flag attempted account creation using the reporting party’s email address unless personally verified by the reporting party.
8. Confirm that the reporting party’s email account password is strong and unique.
9. Confirm that two-step verification is active on the email account.
10. Review recent account-security activity for the email account.
11. Review account recovery settings, forwarding rules, filters, connected apps, and third-party access.
12. Preserve any additional Crypto.com emails, verification codes, password-reset emails, account-opening notices, or unusual financial-platform emails.
13. Consider submitting or supplementing a consumer-protection report if additional evidence shows attempted financial-account creation.
14. Consider submitting or supplementing a cybercrime complaint if additional evidence supports attempted identity misuse, unauthorized account creation, or unauthorized financial-platform activity.

X. Good-Faith Statement Regarding Legal and Technical Limits

The reporting party is making this report based on personal observation and the Crypto.com notification received at the reporting party’s redacted email address.

The reporting party did not authorize the use of the email address for any Crypto.com sign-in attempt, account-access attempt, account creation, identity verification, or financial-platform registration.

The email does not independently identify the responsible person or persons. The email also does not prove that a Crypto.com account was successfully opened. However, it does document that the reporting party’s email address was used in a Crypto.com sign-in workflow without authorization.

Because the incident involves a cryptocurrency-related platform and a personal email identifier, the reporting party is preserving this report as part of official legal, cybersecurity, identity-protection, and financial-account security documentation.

XI. Statement of Good-Faith Belief

The reporting party believes this incident raises legitimate concerns regarding possible unauthorized use of an email identifier, possible account probing, possible attempted Crypto.com account creation, possible attempted identity misuse, and possible financial-platform account-security risk.

The reporting party is not claiming that the Crypto.com email alone proves who initiated the attempt. The reporting party is also not claiming that the email alone proves a completed account opening, financial transaction, or successful identity-verification event.

However, the reporting party is documenting the incident because the use of the reporting party’s email address in a Crypto.com sign-in workflow was not authorized and creates a valid security concern.

This redacted public report is prepared for public evidence documentation, consumer-protection complaint reference, cybercrime complaint reference, identity-theft records, and possible review by Crypto.com, Google, consumer-protection agencies, cybercrime reporting portals, law-enforcement entities, or other authorized reviewers.

Prepared by: Sarai Hannah Ajai
Date Prepared: June 21, 2026
Related Evidence: Exhibit A through Exhibit C
Sensitive Information: Full name, full email address, account credentials, verification codes, full Gmail headers, Gmail URLs, message thread identifiers, and other security-sensitive data are redacted from the public version and preserved separately in private records.