Coinmetro offers multiple layers of proven protection for our users. Our currently offered account protection features at this time include:
Username and Password
IP Verification for new devices or IPs requires approval via email
2-Factor Authentication (2FA) for logins, transactions, and password changes.
To change an email or disable 2FA, this can only be done through our support, and we would verify the identity with identity documentation, and a selfie with a note with the date and other details to verify authenticity.
In case your account is compromised and funds are lost due to someone gaining unauthorized access to your account, unfortunately, Coinmetro cannot cover any losses unless it is an incident where Coinmetro is responsible.
If there is an incident where Coinmetro is responsible, for example, bad actors gaining access to our systems and stealing client funds, we would rectify this and any losses would be covered with treasury, reserves and operational capital.
However, the vast majority of client funds are kept in cold storage wallets, which are protected by multiple layers of offline security standard in the financial industry, all of which needs to be authorized in a short time span for any funds to be moved. So this is essentially impossible to be an attack vector.
What's known as "hot wallets" contain only a small percentage of the funds. In the crypto industry, due to the way cold wallets are handled, hacks generally are targeted toward hot wallets, as there simply is no way to target cold wallets. Hot wallets can be affected due to system breaches for example. However, we also use the institutional standard for hot wallet fund storage, BitGo.