Scoutinternal

BitGo Login, Account Access, and Email-Related Issues

BitGo Login, Account Access, and Email-Related Issues

Problem

Customers experience a range of issues when attempting to log in to BitGo production (https://app.bitgo.com) or testnet (https://app.bitgo-test.com) environments. Common symptoms include: inability to log in due to forgotten passwords, 2FA problems, unverified IP address notifications, "Unsuccessful HTTP Response" errors, "something unexpected happened" errors, infinite login loops or spinners on testnet, "unauthorized" errors during account setup, accounts being locked or frozen, not receiving password-reset emails, and encountering fraudulent/phishing websites impersonating BitGo. These issues span the web UI, account authentication flow, and email notification systems.

Diagnostics

  • Confirm the environment: Is the customer logging into production (https://app.bitgo.com/web/auth/login) or testnet (https://app.bitgo-test.com/auth/log-in)? Testnet-specific outages have occurred independently of production.
  • Confirm the browser: Ask the customer which browser and device they are using. BitGo is optimized for Google Chrome on desktop. Safari/iOS and mobile browsers have caused issues.
  • Check the URL the customer is using: Verify it is an official BitGo domain (app.bitgo.com, app.bitgo-test.com, www.bitgo.com). Any other domain (e.g., bitgo-btc.com, bbttioc.top) is fraudulent.
  • Check user account status in admin tools (BGA/TAT): Search by the customer's email. Verify the account exists, check for email verification status, frozen/blocked state, and enterprise membership.
  • Check if the email is blocked: Use bga user unblockemail if email delivery (password reset, IP verification) is failing on BitGo's side.
  • Check 2FA method: Determine if the customer has 2FA configured and which method (Google Authenticator, Yubikey). Authy is no longer supported.
  • Check for account freeze: Multiple incorrect login or 2FA reset attempts can trigger a temporary account freeze.
  • Check the status page: Review https://status.bitgo.com/ for any ongoing outages or scheduled maintenance, especially for testnet.
  • Check if the issue is FTX-related: Many retail users created BitGo accounts specifically for FTX claims. These accounts may have unique onboarding/KYC issues handled by the FTX compliance workflow.
  • Review login notification emails: If the customer forwarded a "BitGo Login from [IP]" or "Action Required: Authorize BitGo Login" email, confirm it originated from notifications@bitgo.com and that the IP/browser match the customer's expected activity.

Resolution

Scenario: login-bitgo-re-email#unverified-ip-address

Trigger: Customer receives "You are trying to log in from an unverified IP address" and cannot proceed past the login screen.

Signals: unverified IP, Action Required: Authorize BitGo Login, IP address email, login blocked

Steps:

  1. Instruct the customer to check their email inbox (including spam/junk folders) for a message with the subject "Action Required: Authorize BitGo Login from [IP]".
  2. The customer must click the "Authorize IP Address" link in that email using the same device, same browser, and same network that triggered the notification.
  3. After clicking the link, the customer should return to https://app.bitgo.com/web/auth/login and log in again.
  4. If the email never arrives, check internally whether BitGo email delivery is blocked for the user (use bga user unblockemail). Also ask the customer to check with their IT team if emails from BitGo are being filtered.
  5. If the IP address shown in the email is not recognized by the customer, advise them not to authorize it and to change their password immediately, as unauthorized access may be occurring.

Notes: The "BitGo Login from [IP]" email (without the "Action Required" prefix) is an informational-only notification and does not require authorization — the customer can disregard it if the login was theirs.

"If you approve of this action, please click the button below to authorize this IP address: Authorize IP Address. If this was not you, please change your passwords immediately, as someone else may be accessing your account."

Scenario: login-bitgo-re-email#password-reset-not-received

Trigger: Customer cannot log in and reports that the password reset email is never received after using the forgot password flow.

Signals: lost password, forgot password, password reset email not received, Unsuccessful HTTP Response

Steps:

  1. Confirm the customer is using the correct password reset URL: https://app.bitgo.com/web/auth/forgot-password/recover-password (production) or https://app.bitgo-test.com/auth/recover-password (testnet).
  2. Ask the customer to check their spam/junk folder for the reset email.
  3. Ask the customer to verify with their IT team that emails from BitGo are not blocked.
  4. Internally, check whether the user's email is blocked on BitGo's side. If so, run bga user unblockemail to unblock and ask the customer to retry.
  5. If the customer receives the reset email but sees "Unsuccessful HTTP Response" when submitting the new password, verify the email address in admin tools and resolve any account state issues. The customer should then be able to log in, establish a password, and configure 2FA.

Notes: After a password reset, the user's wallet passphrase is no longer synced with wallets they were previously added to. They will be able to log in but cannot initiate transactions until a wallet admin removes and re-adds them to each wallet. This message is expected: "Resetting a forgotten password requires us to generate a new password for your account. This means that you will no longer be able to spend (but you will still be able to view transactions). To resume spending after generating a new password, you must be manually removed and re-added to all of your wallets."

"Could you confirm, if you tried resetting your password via this link: https://app.bitgo.com/web/auth/forgot-password/recover-password Once done please login to your account via below link: https://app.bitgo.com/web/auth/login Further, can you also confirm if you have never received any BitGo related emails? Can you also check with your IT team if Emails from BitGo has been blocked?" "We have verified your email address. You should now be able to login, establish a password, and configure your 2FA. We no longer support Authy. You will need to use an authenticator app such as Google Authenticator or a Yubikey Authenticator USB dongle."

Scenario: login-bitgo-re-email#2fa-reset-needed

Trigger: Customer cannot complete login because their 2FA device is lost, the authenticator app was reset, or they never received the 2FA setup during initial registration.

Signals: 2FA, two-factor authentication, authenticator error, OTP not received, 2FA reset, locked out

Steps:

  1. For self-service 2FA reset: Instruct the customer to log in to their account and when prompted for the 2FA code, click "Reset 2FA" and follow the on-screen instructions.
  2. If the self-service flow fails or the account is frozen due to multiple incorrect 2FA reset attempts: a. Verify the user's identity. For enterprise/premium clients, schedule a video conference via Calendly: https://calendly.com/bitgo-client-delivery/videoid. The customer must present a government-issued photo ID. b. Ask the customer to reference their ticket number when scheduling. c. If the customer is not initially verified by BitGo, they should bring someone on the call who has already been verified and can authorize their identity.
  3. After successful verification, perform the 2FA reset from the admin tools.
  4. Inform the customer that BitGo no longer supports Authy. They must use Google Authenticator or a Yubikey Authenticator USB dongle.

Notes: If the account has been frozen due to multiple incorrect 2FA reset attempts, support must remove the freeze before the customer can proceed. To verify identity for the manual reset, request: date of BitGo email verification, 3 transaction hashes to/from their wallet, wallet balance, or the first 8 / last 8 characters of the BitGo Public Key from their keycard.

"We have received your request to reset your Two-Factor Authentication. For security purposes, we will need to schedule a video conference to verify your Identification. Please use the following link to schedule a time to meet with us and verify the request: https://calendly.com/bitgo-client-delivery/videoid. Please be ready to provide your government issued photo ID during this meeting." "You can reset the 2FA from the UI itself. Please login to your account and when prompted for 2FA code, please click on Reset 2FA and follow the on-screen instructions."

Scenario: login-bitgo-re-email#testnet-login-outage

Trigger: Customer cannot log in to the testnet environment at https://app.bitgo-test.com — experiencing blank pages, infinite login loops, or infinite spinners. Multiple users affected.

Signals: bitgo-test, testnet, infinite loop, blank page, spinner, something unexpected happened, app.bitgo-test.com

Steps:

  1. Confirm the issue is on testnet only (https://app.bitgo-test.com), not production.
  2. Check https://status.bitgo.com/ for any reported testnet incidents.
  3. Escalate to the engineering team for investigation. Historically, testnet login outages have been server-side issues resolved by engineering (e.g., Jira BG-79652).
  4. Inform the customer that the issue is being investigated and provide updates as they become available. Production access is typically unaffected.
  5. Once engineering confirms the fix is deployed, notify the customer and ask them to retry.

Notes: Testnet outages have affected all users simultaneously, not just individual accounts. These have historically been resolved within hours. The issue does not affect the production environment.

"Our engineering team reports they have identified and fixed the issue. We are currently pending release for this to be fully resolved." "We are not seeing this issue in Production. Our engineering team reports they have identified and fixed the issue."

Scenario: login-bitgo-re-email#ui-errors-something-unexpected

Trigger: Customer sees "something unexpected happened" or "Oops! Something went wrong when fetching your inquiry" on various pages after logging in, or encounters ErrorID messages in the UI.

Signals: something unexpected happened, Oops, ErrorID, bg-ui, fetching your inquiry, UI error

Steps:

  1. Ask the customer to clear all browser cache, update Google Chrome to the latest version, and retry.
  2. If the error persists, ask the customer to try from an incognito/private browsing window.
  3. If accessing from a mobile device, instruct the customer to retry from a desktop or laptop computer using Google Chrome.
  4. Collect the ErrorID (if displayed), the URL where the error occurs, and a full browser window screenshot.
  5. If clearing cache and switching browsers does not resolve the issue, escalate to engineering with the collected details.

Notes: For FTX-related KYC onboarding errors ("Oops! Something went wrong when fetching your inquiry"), the issue may be a Persona workflow problem. Escalate to Prod Ops, not Compliance.

"Could you please clear all your browser cache once and update the google chrome to the latest version and try again? The issue should be fixed then." "Retry this from a desktop or laptop computer using Google Chrome."

Scenario: login-bitgo-re-email#browser-compatibility

Trigger: Customer reports the BitGo login page does not load or displays incorrectly, and they are using Safari, iOS, Edge, or a non-Chrome browser.

Signals: Safari, iOS, Mac, Edge, login page not loading, browser

Steps:

  1. Advise the customer that the BitGo platform is optimized to work with the Google Chrome browser.
  2. Instruct them to switch to Google Chrome on a desktop or laptop computer and retry.
  3. If the issue persists on Chrome, proceed with standard UI troubleshooting (clear cache, incognito mode, latest Chrome version).

Notes: This has been observed specifically with Safari on iOS/Mac devices. The recommendation is to use Chrome exclusively for the BitGo platform.

"Can we trouble you to only use chrome for the access? the platform is optimized to work with the chrome browser."

Scenario: login-bitgo-re-email#fraudulent-phishing-website

Trigger: Customer contacts BitGo about a website that is not an official BitGo domain (e.g., bitgo-btc.com, bbttioc.top) or reports receiving suspicious communications claiming to be from BitGo.

Signals: scam, fraud, phishing, fake website, bitgo-btc.com, bbttioc.top, unauthorized website, risk control, impersonation

Steps:

  1. Confirm that BitGo has no association or relationship with the fraudulent website or communication.
  2. Advise the customer to cease all communication or interaction with the fraudulent person or application immediately.
  3. Provide the official BitGo URLs:
    • BitGo Official site: https://www.bitgo.com/
    • BitGo Official Platform: https://app.bitgo.com/web/auth/login
    • BitGo Mobile Apps can only be downloaded on official Apple Store and Google Play Store.
  4. Advise the customer: "If you have reason to believe that you or someone else is the victim of fraud or other financial crime, we suggest you contact your local authority immediately. If either the victim or the alleged subject of an Internet crime is located within the United States, you may file a complaint with the IC3 - https://www.ic3.gov/."
  5. Refer the inquiry to the BitGo Compliance team for further tracking.
  6. Note: A member of BitGo will not contact customers outside of the BitGo domain.

Notes: Common fraudulent patterns include: websites claiming BitGo's domain was "attacked by hackers" and redirecting to a new URL; fake trading platforms using the BitGo name that demand deposits for "risk control" or "anti-money laundering" fees; and phishing emails mimicking BitGo notifications. BitGo cannot assist with fund recovery from third-party scam sites.

"BitGo has no association or relationship in any capacity with www.bitgo-btc.com. BitGo recommends you cease all communication or interaction with the above person or application." "BitGo has no association or relationship in any capacity with https://bbttioc.top/. BitGo recommends you cease all communication or interaction with the above website or application."

Scenario: login-bitgo-re-email#account-locked-or-frozen

Trigger: Customer cannot log in because their account has been frozen — either due to multiple failed login/2FA attempts, an onboarding link that corrupted their account state, or an enterprise freeze (e.g., past-due billing).

Signals: account frozen, account locked, unauthorized, unable to log in, enterprise reinstated, past due balance

Steps:

  1. Check the user's account status in admin tools (BGA/TAT) for frozen or locked state.
  2. If the freeze is due to multiple incorrect login or 2FA attempts: Remove the freeze from the admin tools and reset 2FA if needed. Verify identity per the 2FA reset scenario before proceeding.
  3. If the freeze is due to billing/past-due balance (internal AR request): Verify the enterprise ID (ensure full, correct ID is provided). Set the appropriate payment plan in admin tools to reinstate access. Coordinate with ar@bitgo.com.
  4. If the account was corrupted by clicking a new onboarding/signup link while already having an existing account: Escalate to engineering immediately. Provide the onboarding link the customer used. Do not have other enterprise users click the same link until the issue is resolved.
  5. Confirm with the customer that they can log in after the fix.

Notes: When processing internal AR requests to reinstate frozen enterprise accounts, always double-check the enterprise ID. A single missing character will cause a "not found" error. For onboarding link corruption, the engineering team may need to restore the account state directly.

"Please reinstate this account for 3 days, so client can withdraw their funds from their BitGo account." "After clicking a link to onboard a new Bitgo account that was provided to me by Min Chan (from BitGo), it seems to have reset something on my account and I am no longer able to log into my account using my normal credentials."

Scenario: login-bitgo-re-email#audit-login-alerts

Trigger: Customer requests evidence of unauthorized login monitoring or login alert configurations for audit/compliance purposes.

Signals: audit, unauthorized login, monitoring, alerts, login notifications, compliance evidence

Steps:

  1. Gather the required information from the customer: enterprise name(s) and ID(s), and the time period for the report.
  2. Escalate to the reporting/Prod Ops team to generate a report of unauthorized login attempts for the specified enterprises and date range.
  3. The report should be password-encrypted for security. Send the report via the support ticket and provide the password separately via email.
  4. BitGo sends login notification emails automatically when a login is detected from a new IP address. These are sent to the email address associated with the account that was logged into.

Notes: There is no self-service configuration page in settings for login alert recipients. The alerts are automatically sent to the account email associated with the login. Customers may need to explain this behavior to auditors.

"Please note that this report is password encrypted for security purposes and the password will be provisioned separately from the Salesforce Ticket, via email."

Scenario: login-bitgo-re-email#new-user-unauthorized-on-setup

Trigger: A newly invited user follows the email invitation link and sees an "unauthorized" red bar error on the account setup page.

Signals: unauthorized, new user, account setup, email prompt, invitation link

Steps:

  1. Verify the new user's account has been created in admin tools and that they have been added to the correct enterprise(s).
  2. Ask the user to reset their password via https://app.bitgo.com/web/auth/forgot-password/recover-password and then log in.
  3. After successful login, confirm the user can see their enterprise and wallets.
  4. Note: If the user resets their password after being added to wallets, their new password will not automatically sync with the wallet encryption. The wallet admin must remove and re-add the user to each wallet to re-sync the password for transaction signing.

Notes: This password reset warning applies only to users who are already added as members on specific wallets. If the user has only been added to the enterprise (not yet to wallets), there is no spending impact from the password reset.

"If those additional users reset their login password then the new password will not synch automatically with their all wallets. So basically they can login using their new password but they will not be able to initiate the transactions because on the wallet backend there still old password is encrypted. In order to sync the newly updated password the original wallet creator or any other on the admin has to remove that user and needs to read on the wallet to resynch the newly updated login password with the wallet."

Scenario: login-bitgo-re-email#testnet-signup-failure

Trigger: Customer cannot create a new account or enterprise on testnet — signup hangs at "Submitting. This may take a moment..." or returns "unable to create account. Please contact support".

Signals: testnet signup, unable to create account, developers.bitgo.com, sign-up, enterprise creation

Steps:

  1. Confirm the issue is on testnet (https://app.bitgo-test.com/auth/sign-up/plan or https://developers.bitgo.com/sign-up).
  2. Check for known testnet issues with engineering. This has been a recurring server-side issue affecting new enterprise creation on testnet.
  3. Escalate to engineering if the issue is not already tracked.
  4. Notify the customer when the issue is resolved and ask them to retry.
  5. Note: Production signup (https://app.bitgo.com/auth/sign-up) is typically unaffected.

Notes: This is distinct from login issues — it affects new account/enterprise creation specifically on testnet.

Scenario: login-bitgo-re-email#api-user-not-found

Trigger: Customer receives an "ApiResponseError: user not found" error with an ErrorID when attempting to access the platform or during the KYC/onboarding process.

Signals: ApiResponseError, user not found, ErrorID

Steps:

  1. Collect the ErrorID from the customer.
  2. Investigate the user account in admin tools using the email associated with the ErrorID.
  3. Resolve any account state issues (e.g., incomplete registration, email verification not completed).
  4. Instruct the customer to proceed with the KYC process once the issue is resolved.

Notes: This error has been seen during FTX onboarding flows where account setup was incomplete.

Scenario: login-bitgo-re-email#non-english-support

Trigger: Customer submits a support request in a language other than English.

Signals: German, Chinese, non-English, language

Steps:

  1. Respond with: "BitGo currently only provides support in English. To help us best address your issues please consider opening a new support request in English."
  2. Once the customer replies in English, proceed with standard troubleshooting for their underlying issue.

Related