CoinMetro offers multiple layers of proven protection for our users, and any unauthorized access would be due to user error. Offered account protection features at this time:

  1. Username & password

  2. IP verification for new devices or IPs requires approval via email

  3. Two-Factor verification (optional) for logins/transactions/password change

  4. To change an email or disable 2FA, this can only be done through our support, and we would verify the identity with identity documentation/selfie/note with the date and other details to verify authenticity.

We would also suggest enabling 2-Factor Authentication to protect your email account.

In case your account is compromised and funds are lost due to someone gaining unauthorized access to your account, that is not a scenario in which CoinMetro can cover any losses.

If there is an incident where CoinMetro is responsible, i.e. bad actors gaining access to our systems and stealing client funds, we would rectify this and any losses would be covered with treasury/reserves/operational capital.

However, the vast majority of client funds are kept in cold storage wallets, which are protected by multiple layers of offline security standard in the financial industry, all of which needs to be authorized in a short time span for any funds to be moved. So this is essentially impossible to be an attack vector.

What's known as "hot wallets" contain only a small percentage of the funds. In the crypto industry, due to the way cold wallets are handled, hacks generally are targeted towards hot wallets, as there simply is no way to target cold wallets. Hot wallets can be affected due to system breaches for example. However, we also use the institutional standard for hot wallet fund storage, BitGo.

Did this answer your question?