CoinCover | FAQs

ReCOVER
AssetCOVER
Fireblocks
BitGo
Ledger Recover provided by CoinCover
Support

How is ReCOVER an improvement over backing up our key material in-house?

CoinCover implements best-practice security infrastructure, with mitigations for single points of failure, which is harder to do cost-effectively with in-house backups.

Are we introducing new security vulnerabilities using a third party to manage ReCOVER?

No. CoinCover's systems, security and operational processes ensure that key material is secured and protected to the highest standards. Coincover holds ISO27001 certification and is externally vetted.

What happens if something happens to CoinCover?

CoinCover's financial stability and robust risk mitigation and business continuity policies ensure that the service can continue operating, even during major incidents, providing you with uninterrupted protection.

How long does it take until setup is complete and protection is activated?

Once the contract has been signed, it can take up to five working days.

Which cryptocurrencies do you protect?

We protect most major cryptocurrencies and any Standard ERC-20 Token. We keep a list of them here.

What happens if a transaction marked as ‘green’ by CoinCover’s API is later to be fraudulent?

If a transaction is marked as “Green” by our API and later proves fraudulent and falls under the risks that CoinCover protects against, we will honour the claim. We have paid out 100% of the valid theft claims we have received.

How long does it take for CoinCover to pay out a valid claim?

On average, it takes 15 days for us to pay out a claim once it has been validated.

What is CoinCover’s API's acceptance rate when screening transactions?

Our API has an average acceptance rate of 98.5%, which means that 98.5% of the transactions we screen are marked as ‘Green’.

What information is required to process a claim for a fraudulent transaction?

To process a claim, CoinCover will need specific information from the customer. This information includes, but isn't limited to:

Transaction ID
Local Crime Authority Reference Number
Wallet Address
Token used in the transaction

Additionally, we may request further details to investigate what went wrong with our technology to prevent the same risk from occurring again.

How do I perform a test recovery?

If you'd like to run a test recovery on your backup simulation workspace, you should:

Contact Fireblocks to set up a backup simulation workspace.
Once it's ready, submit a test recovery request to Fireblocks.
We will send you the test kit and instructions on how to complete the recovery.

What is the purpose of the Fireblocks Third Party Letter agreement?

The Fireblocks Third Party Letter Agreement allows CoinCover to work with Fireblocks on the customer's behalf. This needs to be signed by the customer before we can progress with the customer onboarding.

What is a Fireblocks key share recovery?

A key share recovery is carried out if you lose access to all your devices:

Contact Fireblocks, who will put your account into recovery mode.
Fireblocks will send you an encrypted backup of your key share.
We'll send you a recovery passphrase to decrypt your key share so you can regain access to your workspace and set up a new device.

How do I generate a reporting BitGo token?

The simplest way is by adding a 'Viewer Only API Token' to your BitGo account. This gives us visibility of your user account without being able to transfer any funds. Contact support@coincover for more details.

Why do I need to generate a reporting BitGo token?

The BitGo reporting token gives CoinCover read-view access to BitGo wallets that are protected by CoinCover. This is so that we can monitor the wallets and measure transactions and exposure levels. The service works by sending an alert to our system every time a transaction happens. We then use the access token to query the transaction, check it against our system and flag it if suspicious. If a suspicious transaction or a transaction outside of the agreed limits is flagged, we may contact you to investigate.

What is Ledger Recover?

Ledger Recover is an ID-based key recovery service that provides a backup for your Secret Recovery Phrase. If you lose or don't have access to your Secret Recovery Phrase, the service allows you to securely restore your private keys using a Ledger device.

Why do I need Ledger Recover?

You're responsible for storing your Secret Recovery Phrase. While this setup makes you enjoy all the benefits of self-custody and complete control over your assets, it also makes you solely responsible for their protection. Ledger Recover is designed for users who want to add an enhanced layer of security in case their Secret Recovery Phrase is lost or when they can't access it.

Who has access to my wallet with Ledger Recover?

In short, only you can access your wallet. When you subscribe to Ledger Recover, a pre-BIP39 version of your private key is encrypted, duplicated and divided into three fragments, with each fragment secured by a separate company—CoinCover, Ledger and EscrowTech. Each of these encrypted fragments is useless on its own. When you want access to your wallet, two of the three parties will send fragments back to your Ledger device, reassembling them to build your private key.

Does Ledger Recover compromise the security of my private key?

No, it doesn't. Ledger Recover service follows the same principle as signing the transaction on a blockchain—securely and only with your permission. No access to your private key is made to enable Ledger Recover to work.

To better understand this, let's go back to the basics and see how hardware wallets—which can be described as signing devices—work.

Hardware wallets have two primary purposes: to safeguard your private key and sign transactions on the blockchain. To sign the transactions, wallets need to access your private key. They can't sign transactions otherwise.

Ledger devices protect your private key with a Secure Element, a technology that has been battle-tested and used in the finance industry for 30 years, from storing passwords and fingerprints to processing contactless payments.

Ledger's operating system allows access to the private key stored within the Secure Element, but only after you manually approve and confirm it. To learn more about how the process works behind the scenes, read this explanation from Ledger's CTO Charles Guillemet and check out his interview about wallet security. For a technical explanation of how Ledger Recover operates, see Charles Guillemet's tweet.

What would happen to my Ledger Recover subscription and related data if one of the companies goes out of business?

To restore your keys, you need two out of three fragments that are securely kept by the three independent and trusted companies. If one of the companies holding a fragment shuts down, you will still be able to restore your keys until another trusted company replaces it.

What should I do with my recovery sheet once I subscribe to Ledger Recover?

Ledger Recover can restore your private keys to your device, but it can't provide you with your Secret Recovery Phrase. If you have any other physical/digital copies of your recovery sheet or Secret Recovery Phrase, it's your responsibility to secure them. Keep in mind that anyone who obtains your Secret Recovery Phrase can access your wallet.

What is a Secret Recovery Phrase (SRP) or a seed phrase?

Secret Recovery Phrase (SRP) is a unique list of 24 words that backs up the private keys and gives you access to your crypto assets. Learn more → What is a Secret Recovery Phrase?

How does CoinCover handle subpoenas/warrants from governmental agencies under Ledger Recover?

CoinCover will never pass your information to a third-party unless it has a legal obligation to do so. For example, law enforcement agencies often have extensive criminal investigation powers, including the ability to obtain production orders requiring information to be produced. It may result in a criminal offence for any entity supporting Ledger Recover to fail to comply with a production order, but CoinCover would always take all reasonable steps to verify a production order before complying with it.

You should also note that the Recovery Seed Phrase (RSP) is encrypted and split into three fragments – all of which are held by independent companies established in separate legal systems. Since a minimum of two of three fragments would be required to gain access to your wallet, it is likely that an order would need to be obtained in at least two jurisdictions. These individual fragments are not exploitable on their own. Two of them would need to be recombined and decrypted with separate keys. Any order of this nature would realistically only ever be obtained in the most serious cases of criminality (such as where terrorist financing is suspected).

CoinCover will never be able to access your seed phrase. CoinCover or the other backup providers will only ever manage one encrypted fragment. We do not hold nor have access to the other fragments that make a complete seed phrase.

How do I make a complaint?

At Coincover we aim to provide the highest level of service to our customers. However, if you aren't completely happy with our service, please email complaints@coincover.com, and we will attempt to resolve the issue within 48 hours during business hours (9 am - 5 pm, Monday to Friday). In the unlikely event that we are unable to resolve the issue to your satisfaction, we will investigate further and respond within eight weeks.

How do I contact Coincover Support Team?

Please contact us by emailing support@coincover.com - we will respond within 48 hours during business hours (9 am - 5 pm, Monday to Friday).

How do I cancel my service?

Please contact us by emailing support@coincover.com - we will respond within 48 hours during business hours (9 am - 5 pm Monday to Friday).

How do I pay my invoice?

Payment can be made in BTC or fiat. You can also pay via PayPal. We do not currently accept stablecoins.

How do I add/remove an Access Control List (ACL) member?

If you need to make a change to any members of your ACL, please contact us at support@coincover.com. We'll then arrange a video call to confirm the request. A majority of your ACL members will need to be present on the call, which should take around 10 minutes.

When is my protection activated?

Protection is activated once the following onboarding steps are complete:

Signing an agreement with us
ID checks for all ACL members
Payment of invoice
If required, any necessary recovery materials are received from your service provider

What is the renewal process?

Your agreement with us provides details of the renewal process. If you need help, please contact support@coincover.com, and we will check the details for you.

How do I protect additional workspaces or wallets?

If you want to protect additional workspaces or wallets, please contact us at support@coincover.com, and we'll guide you through the process.

KNOWLEDGE HUB

Frequently asked questions