EU – Relevant Information on Crypto-Asset Transfer Services

Last updated: March 26, 2026

Last update: March 2026

1. Crypto-Asset Transfer Service Provider

Crossmint Europe, S.L. (“Crossmint”), with a registered office at C/ Villalar, 7 BJ IZQ, Madrid. Contact email: support@crossmint.com

2. Supervisory Authorities

Crossmint is authorized to provide cryptoasset services and is registered in the corresponding official registry of the Comisión Nacional del Mercado de Valores (“CNMV”), under number [*] (calle Édison, 4, Madrid - www.cnmv.es)

3. Main features of the cryptoasset transfer service provided

The cryptoasset transfer service consists of providing transfer services, on behalf of an individual or legal entity, of cryptoassets from one distributed ledger address or account to another. It will only be available through the channels where Crossmint provides its services (i.e., digital channels).

Crossmint’s cryptoasset transfer service is intended exclusively for legal entities (corporate clients), with individuals expressly excluded from this service.

Cryptoasset transfers may be carried out in the following cases:

  • Transfers between Crossmint clients.

  • Transfers to wallets not owned by the payer, including both self-managed wallets and wallets in MiCA-licensed PSCs, as well as exchanges or custodians located in third countries that are duly licensed, authorized, or registered in their country of origin,

  • Return of custodied Cryptoassets. In compliance with the obligations set forth in Article 75.6 of MiCA, the Customer may request, at any time and through the channels enabled for this Service, the full or partial return of the Cryptoassets held in custody by Crossmint, without this necessarily implying the termination of the Service. Returns may be made to:

(i) A distributed ledger address owned by the Customer at another Crypto Asset Service Provider (CAS) duly authorized under MiCA in the European Union;

(ii) Exchanges or custodians located in third countries, provided they hold the corresponding license or authorization in their country of origin;

(iii) Self-managed wallets.

4. Description of the method and procedure for initiating or consenting to a crypto-asset transfer and withdrawing an instruction or consent, including the specification of the information the Customer must provide for a crypto-asset transfer to be initiated or executed correctly (including how to authenticate):

The crypto-asset transfer service is provided by the Entity through the digital channel. Thus, the Customer’s request to execute a cryptoasset transfer is always available; however, execution is not automatic, as the internal authorization process for these transfers may take time, and the Customer must be aware of these circumstances, as they will be notified of them both in the contract and at the time of requesting the transfer.

To request the crypto-asset transfer service, the customer must preferably provide the following information, without prejudice to the fact that certain data may be collected and verified beforehand during the Know Your Customer (KYB) process through other reliable sources by the Entity:

  • Amount of crypto-assets to be transferred;

  • Reason/purpose of the transfer request;

  • Where applicable, information or documentation proving that the customer is the owner of the destination address to which they wish to transfer the cryptoassets;

  • Where applicable, details regarding the cryptoasset service provider where the customer holds the destination address for the cryptoassets, when possible.

  • In cases where the recipient is different from the originator of the transfer, the distributed ledger address of said beneficiary, in cases where a cryptoasset transfer has been recorded on a network using distributed ledger technology or similar technology, and the beneficiary’s cryptoasset account number, when such an account exists and is used to process the transaction

  • In the case of a crypto-asset transfer not recorded on a network using distributed ledger technology or similar technology and not made from or to a crypto-asset account, the Entity shall ensure that the crypto-asset transfer is accompanied by a unique transaction identifier; and

  • Where the necessary field exists in the relevant message format and the originator provides it to their crypto-asset service provider, the current LEI (in the case of legal entities) or, in the absence thereof, any other equivalent official identifier of the beneficiary that is available.

Pre-transaction information to clients regarding individual transfers

Upon receipt of a client’s instruction to execute a cryptoasset transfer, once the Entity has performed all relevant checks and the execution of said transfer has been internally authorized, the Entity shall, prior to executing the cryptoasset transfer, provide the client with at least the following information so that the client may read, understand, and confirm the transaction:

  • Warning regarding irreversibility: a brief, standardized warning regarding whether the cryptoasset transfer will be irreversible or sufficiently irreversible in the event of a probabilistic settlement and when.

  • Associated Fees: the amount of the charges for the cryptoasset transfer to be paid by the customer and, where applicable, a breakdown of the amounts of such charges, distinguishing, for example, between gas fees billed for the transaction through the relevant DLT network and other fees that Crossmint charges for its services.

Authentication and Security

The Entity shall provide the customer with this information each time the Entity receives a request for a cryptoasset transfer. In any case, this communication shall be made prior to the customer’s final confirmation of each requested transfer.

The Provider shall apply the appropriate authentication and verification measures for each transaction, in accordance with its security framework and transfer procedure. In particular, the Provider must apply a strong authentication process to the Customer when the Customer accesses their payment account through the console, initiates a transfer, and whenever the Customer initiates any action that may entail a risk of payment fraud or other abuses detected by the Provider in accordance with regulations. 5 Strong authentication refers to the process of verifying the Customer’s identity; that is, the Provider must verify that you are who you claim to be. This process requires the use of two or more elements categorized as knowledge (something only the Customer knows), possession (something only the Customer possesses), and inherence (something that is the Customer), which are independent—that is, the compromise of one does not compromise the reliability of the others—and designed to protect the confidentiality of identification data. However, the Provider may apply a non-enhanced authentication process, provided that regulations permit it, as well as request enhanced authentication when it deems it necessary.

5. Conditions under the Cryptoasset service provider may refuse, return, or suspend a Cryptoasset transfer:

The Entity may refuse to execute the cryptoasset transfer in cases where:

  • The customer has not provided the Entity with the required information;

  • The information provided is incorrect or incomplete;

  • Any risk or suspicion of an unusual transaction or of ML/TF risk or fraud is identified.

Procedure in the event of incorrect or incomplete information: If the reason for the rejection is that the information provided by the customer is incorrect or incomplete, the transfer will remain suspended, and the customer will be asked to correct the identified deficiencies.

Applicable Regulations: Furthermore, EBA Guidelines EBA/GL/2024/11 shall apply to the Entity’s operations.

Pre-execution controls

Before executing, rejecting, returning, or suspending a crypto-asset transfer, Crossmint must take into account:

  1. Compliance with anti-money laundering obligations: Compliance with the provisions of the Travel Rule and other applicable regulations regarding the prevention of money laundering and terrorist financing.

  2. Risk assessment: The assessment of risks associated with the transfer, including:

  • Customer profiles.

  • Unusual activity patterns.

  • High-risk jurisdictions.

  1. Preventive measures: The application of measures such as:

  • Requesting additional information.

  • Conducting additional checks.

  • Temporarily suspending the transfer until the identified risks are mitigated.

Specifically, Crossmint has the following controls in place to determine whether a transfer is executed, refunded, or suspended. The transfer management process is as follows:

  • The customer requests the transfer or refund of a cryptoasset and enters the Travel Rule data required by Crossmint.

  • Crossmint reviews the information.

  • Crossmint verifies the crypto-asset service provider or destination wallet.

  • Next, the destination wallet is analyzed using Elliptic (or a similar tool) to identify any suspicious transactions or relationships associated with the wallet.

  • If all the above controls are satisfactory, the transfer is executed.

Return cases

The transfer may be returned:

  • From Crossmint, for any of the reasons set forth in the previous section; or

  • If the destination PSC returns it for failing to comply with Travel Rule obligations, for example, because:

    • Incomplete information is provided, or

    • The information provided is inconsistent with that held by the destination PSC.

When a transfer is rejected, returned, or suspended, the Entity shall provide the customer with, at a minimum, the following information:

Client Notification on Rejection, Return, or Suspension

  • The reason for the rejection, return, or suspension, whenever possible in accordance with applicable regulations;

  • If applicable, the manner in which the customer may remedy the rejection, return, or suspension;

  • The amount of any costs or fees incurred by the customer and, if possible, their reimbursement.

6. Reference to the Procedure for Determining the Time of Receipt of a Transfer Instruction and Any Cut-Off Times Established by the Crypto-Asset Service Provider:

The Entity will allow customers to request the crypto-asset transfer service on a continuous basis; however, in accordance with the provisions of section 4, its execution will be subject to a control and verification process. Specifically:

Deadline

Included on the same business day

No deadline, as the aim is to offer a 24/7 service.

Not applicable.


Time of order receipt

The order is considered received when the Provider receives it via the console and it is correctly formatted (including confirmation and, where applicable, the minimum necessary verifications).

Immediate execution

Transfers are processed immediately upon receipt of the order and after passing the applicable preliminary controls and the corresponding network operating times.

Irrevocability

As a general rule, transfers are irrevocable once confirmed by the Customer and received by the Provider. For external transfers, once the transaction is broadcast to the network, the operation cannot be reversed by the Provider, given the nature of the distributed ledger network.

7. DLT Network Compatibility, Estimated Execution Times, and Block Confirmations Required for Irreversibility:

Blockchain Network

Eligible Cryptoasset

Estimated Transaction Time (under standard network conditions)

Number of Confirmations Required

Aptos

USDC

< 1 min

1

Arbitrum

USDC

250 ms

12

Avalanche (and subnets)

USDC and EURC

< 1 min

1

Base

USDC and EURC

2000 ms

12

Ethereum

USDC and EURC

3–15 min

12

Flow

USDC

3000 ms

1

Hedera

USDC

5000 ms

1

Optimism

USDC

2000 ms

12

Polygon

USDC

2000 ms

128

Sei

USDC

650 ms

1

Solana

USDC, EURC

< 1 min

1

Stellar

USDC and EURC

5 s

1

Sui

USDC

< 1 min

1

* These times are estimates and may vary depending on network congestion, internal AML validations, or technical checks required by the Entity or involved third parties

8. Charges, Fees, or Commissions Payable by the Client in Relation to the Crypto-Asset Transfer Service:

The fees applicable to the execution of transfers are: i) the fixed fees agreed upon in the applicable Order Form and ii) a variable fee of up to 0.40% of the euro equivalent amount of the transfer on the date it is executed, plus any applicable taxes. This variable fee will be communicated to the Client prior to each transaction.

The details of each transaction and its fees will be retained in the Client’s transaction history. Such records will be retained for a period of ten (10) years, in accordance with the applicable data retention framework.

9. Communication Channels and Technical Requirements for Notifications Related to the Crypto-Asset Transfer Service:

Crossmint communicates general information and notifications regarding the cryptoasset transfer service through the following channels, depending on the nature and urgency of the matter:

  • Email: Primary channel for contractual notifications, service updates, regulatory communications, and fraud or security alerts.

  • Web platform (Dashboard): Operational notifications, account activity, and transaction alerts.

  • API/Webhooks: Real-time programmatic notifications regarding transaction events, status changes, risk indicators, and security alerts.

  • Dedicated support channels: For critical matters, including fraud or active threats, through contractually designated contacts.

10. Form and frequency with which information related to the Cryptoasset Transfer Service must be provided or made available:

Information regarding the transfer service will be provided:

  • Upon settlement of the transaction: confirmation document and settlement statement (which will include all service costs and fees).

  • In the quarterly position statement to be sent to the Client.

  • In the annual transaction report to be sent to the Client.

11. Language(s) of the Agreement and Communications Under Article 82(1) of MiCA:

Spanish and English.

12. Secure Notification Procedure in Case of Suspected or Actual Fraud or Security Threats:

Crossmint will contact the Client via their previously validated corporate email address to confirm whether the transaction is being carried out intentionally.

If the Client confirms that they are the victim of fraud or a scam, the transfer will not be executed. Otherwise, the transaction will be evaluated in accordance with internal control procedures, and if no additional risks are detected, it will proceed as instructed.

13. Means and Time Period for Notifying Crossmint of Unauthorized, Incorrectly Initiated, or Incorrectly Executed Transfers and Crossmint's Liability:

The Entity shall be liable to customers for any damages or losses caused by the execution of transfers that have not been previously authorized by the customer or that, where applicable, have been initiated or executed incorrectly, unless such damages result from cases of fault or negligence on the part of the user, or from unforeseeable circumstances or force majeure, including but not limited to widespread failures in blockchain networks, interruptions in third-party services not attributable to the Entity, natural events, massive denial-of-service (DDoS) attacks, interruptions in telecommunications infrastructure, or unforeseen regulatory decisions that prevent the execution of transfers.

In any case, the customer will be provided with the means and deadlines for notifying the Entity of any unauthorized or incorrectly initiated or executed cryptoasset transfer, and such notification must be made within a maximum of 30 calendar days from the date on which the customer became aware of the transaction, as well as the maximum amount for which the Entity will be liable for this reason.

If you detect suspicious activity, please contact Crossmint immediately via:

14. Client's Right to Terminate the Crypto-Asset Transfer Services Agreement:

The Customer may terminate the Annex regarding the provision of transfer services at any time, subject to the limitations set forth in the Master Agreement or any order form referencing said Master Agreement.

Exercising the right to terminate this Annex shall not result in the termination of other Services that the Customer may have contracted, which shall remain in effect.

IMPORTANT: Please read this document carefully before requesting a crypto-asset transfer. Keep a copy for future reference.