How is Coincover protection an improvement over backing up our key material in-house?
Coincover implements best practice security infrastructure, with mitigations for single points of failure, which is harder to do cost effectively with in-house backups.
Are we introducing new security vulnerabilities by using a third-party to manage protection?
No. Coincover's systems, security and operational processes ensure that key material is secured and protected to the highest standards. Coincover holds ISO27001 certification and is externally vetted.
What happens if something happens to Coincover?
Coincover is well capitalised and has robust risk mitigation and business continuity policies in place to continue to operate, even during major incidents.
How long does it take until setup is complete and protection is activated?
It can take up to five working days from signing the contract.
Which cryptocurrencies do you protect?
We protect most major cryptocurrencies and any Standard ERC-20 Token. We keep a list of them here.
How do I perform a test recovery?
If you'd like to run a test recovery on your backup simulation workspace, you should:
Contact Fireblocks to set up a backup simulation workspace.
Once it's ready, submit a test recovery request to Fireblocks.
We will send you the test kit and instructions on how to complete the recovery.
What is the purpose of the Fireblocks Third Party Letter agreement?
The Fireblocks Third Party Letter Agreement allows Coincover to work with Fireblocks on the customer's behalf. This needs to be signed by the customer before we can progress with the customer onboarding.
What is a Fireblocks key share recovery?
A key share recovery is carried out if you lose access to all your devices:
Contact Fireblocks, who will put your account into recovery mode.
Fireblocks will send you an encrypted backup of your key share.
We'll send you a recovery passphrase to decrypt your key share so you can regain access to your workspace and set up a new device.
How do I generate a reporting BitGo token?
The simplest way is by adding a 'Viewer Only API Token' to your BitGo account. This gives us visibility of your user account without being able to transfer any funds. Contact support@coincover for more details.
Why do I need to generate a reporting BitGo token?
The BitGo reporting token gives Coincover read-view access to BitGo wallets that are protected by Coincover. This is so that we can monitor the wallets and measure transactions and exposure levels. The service works by sending an alert to our system every time a transaction happens. We then use the access token to query the transaction, check it against our system and flag it if suspicious. If a suspicious transaction or a transaction outside of the agreed limits is flagged, we may contact you to investigate.
What is Ledger Recover?
Ledger Recover is an ID-based key recovery service that provides a backup for your Secret Recovery Phrase. If you lose or don't have access to your Secret Recovery Phrase, the service allows you to securely restore your private keys using a Ledger device.
Why do I need Ledger Recover?
You're responsible for storing your Secret Recovery Phrase. While this setup makes you enjoy all the benefits of self-custody and complete control over your assets, it also makes you solely responsible for their protection. Ledger Recover is designed for users who want to add an enhanced layer of security in case their Secret Recovery Phrase is lost or when they can't access it.
Who has access to my wallet with Ledger Recover?
In short, only you can access your wallet. When you subscribe to Ledger Recover, a pre-BIP39 version of your private key is encrypted, duplicated and divided into three fragments, with each fragment secured by a separate company—Coincover, Ledger and EscrowTech. Each of these encrypted fragments is useless on its own. When you want access to your wallet, two of the three parties will send fragments back to your Ledger device, reassembling them to build your private key.
Does Ledger Recover compromise the security of my private key?
No, it doesn't. Ledger Recover service follows the same principle as signing the transaction on a blockchain—securely and only with your permission. No access to your private key is made to enable Ledger Recover to work.
To better understand this, let's go back to the basics and see how hardware wallets—which can be described as signing devices—work.
Hardware wallets have two primary purposes: to safeguard your private key and sign transactions on the blockchain. To sign the transactions, wallets need to access your private key. They can't sign transactions otherwise.
Ledger devices protect your private key with a Secure Element, a technology that has been battle-tested and used in the finance industry for 30 years, from storing passwords and fingerprints to processing contactless payments.
Ledger's operating system allows access to the private key stored within the Secure Element, but only after you manually approve and confirm it. To learn more about how the process works behind the scenes, read this explanation from Ledger's CTO Charles Guillemet and check out his interview about wallet security. For a technical explanation of how Ledger Recover operates, see Charles Guillemet's tweet.
What would happen to my Ledger Recover subscription and related data if one of the companies goes out of business?
To restore your keys, you need two out of three fragments that are securely kept by the three independent and trusted companies. If one of the companies holding a fragment shuts down, you will still be able to restore your keys until another trusted company replaces it.
What should I do with my recovery sheet once I subscribe to Ledger Recover?
Ledger Recover can restore your private keys to your device, but it can't provide you with your Secret Recovery Phrase. If you have any other physical/digital copies of your recovery sheet or Secret Recovery Phrase, it's your responsibility to secure them. Keep in mind that anyone who obtains your Secret Recovery Phrase can access your wallet.
What is a Secret Recovery Phrase (SRP) or a seed phrase?
Secret Recovery Phrase (SRP) is a unique list of 24 words that backs up the private keys and gives you access to your crypto assets. Learn more → What is a Secret Recovery Phrase?
How does Coincover handle subpoenas/warrants from governmental agencies under Ledger Recover?
Coincover will never pass your information to a third-party unless it has a legal obligation to do so. For example, law enforcement agencies often have extensive criminal investigation powers, including the ability to obtain production orders requiring information to be produced. It may result in a criminal offence for any entity supporting Ledger Recover to fail to comply with a production order, but Coincover would always take all reasonable steps to verify a production order before complying with it.
You should also note that the Recovery Seed Phrase (RSP) is encrypted and split into three fragments – all of which are held by independent companies established in separate legal systems. Since a minimum of two of three fragments would be required to gain access to your wallet, it is likely that an order would need to be obtained in at least two jurisdictions. These individual fragments are not exploitable on their own. Two of them would need to be recombined and decrypted with separate keys. Any order of this nature would realistically only ever be obtained in the most serious cases of criminality (such as where terrorist financing is suspected).
Coincover will never be able to access your seed phrase. Coincover or the other backup providers will only ever manage one encrypted fragment. We do not hold nor have access to the other fragments that make a complete seed phrase.
How do I make a complaint?
At Coincover we aim to provide the highest level of service to our customers. However, if you aren't completely happy with our service, please email email@example.com, and we will attempt to resolve the issue within 48 hours during business hours (9 am - 5 pm, Monday to Friday). In the unlikely event that we are unable to resolve the issue to your satisfaction, we will investigate further and respond within eight weeks.
How do I contact Coincover Support Team?
Please contact us by emailing firstname.lastname@example.org - we will respond within 48 hours during business hours (9 am - 5 pm, Monday to Friday).
How do I cancel my service?
Please contact us by emailing email@example.com - we will respond within 48 hours during business hours (9 am - 5 pm Monday to Friday).
How do I pay my invoice?
Payment can be made in BTC or fiat. You can also pay via PayPal. We do not currently accept stablecoins.
How do I add/remove an Access Control List (ACL) member?
If you need to make a change to any members of your ACL, please contact us at firstname.lastname@example.org. We'll then arrange a video call to confirm the request. A majority of your ACL members will need to be present on the call, which should take around 10 minutes.
When is my protection activated?
Protection is activated once the following onboarding steps are complete:
Signing an agreement with us
ID checks for all ACL members
Payment of invoice
If required, any necessary recovery materials are received from your service provider
What is the renewal process?
Your agreement with us provides details of the renewal process. If you need help, please contact email@example.com, and we will check the details for you.
How do I protect additional workspaces or wallets?
If you want to protect additional workspaces or wallets, please contact us at firstname.lastname@example.org, and we'll guide you through the process.
If you can't find what you're looking for, please reach out to us. We always aim to respond within 48 business hours.