Lost or Changed Phone Number — Unable to Access BitGo Account (2FA Reset)

Problem

Customers contact support because they have lost their phone, changed their mobile phone number, switched to a new device, or no longer have access to the phone or authenticator app linked to their BitGo Two-Factor Authentication (2FA). This prevents them from logging in to the BitGo platform. The issue affects all account types and is one of the most common support requests. Customers may describe the problem as a lost phone, broken phone, changed number, new device, moved to a new country, or restored/reset iPhone/Android.

Diagnostics

• Confirm the customer's registered email address matches an existing BitGo account.
• Check the account's frozen status in the admin tool (e.g., "Frozen Status: Not Frozen").
• Determine the type of 2FA configured on the account (Google Authenticator, Yubikey, Authy, SMS-based, etc.).
• Ask the customer whether they still have access to their old phone/authenticator app or if it is completely inaccessible.
• Check whether the customer has 2FA recovery codes (the new 2FA system prompts users to download recovery codes at setup). If they have recovery codes, direct them to the self-service recovery flow before initiating a manual reset.
• Look up the account's email verification date, wallet balance, and recent transaction hashes internally to prepare for ownership verification.
• If the customer mentions a third-party platform (e.g., Baanx/BANXX, FTX), determine whether BitGo holds the wallet keys or if the customer should be redirected to the third-party support team.

Resolution

---

Scenario: phone-lost-changed-number#manual-2fa-reset

Trigger: The customer has lost their phone, changed their phone number, or no longer has access to their 2FA authenticator app and cannot log in to BitGo.

Signals: lost phone, changed number, new phone, broken phone, new device, can't login, 2FA, authenticator, two-factor, reset phone, moved country, old number not working

Steps:

1. Acknowledge the request and explain that BitGo Support will need to perform a manual 2FA reset after verifying account ownership.
2. Request the following ownership verification information from the customer:
   • Date of BitGo email verification — instruct the customer to search their inbox (including spam/junk) for an email with the subject line "Your BitGo Email Verification" and provide the date.
   • 3 transaction hashes (TXIDs) either to or from their wallet. If the customer does not have TXIDs, advise them to contact the exchange from which they originally received funds and request the TXIDs from that exchange's support team.
   • Wallet balance.
3. If the customer cannot provide the above three items, accept as an alternative: the first 8 characters and the last 8 characters of the BitGo Public Key from their keycard.
4. Once the customer provides the verification information, validate it against internal records.
5. If the information matches, initiate the manual 2FA reset on the account.
6. Notify the customer that the 2FA has been removed and instruct them to log in and set up a new 2FA method (e.g., Google Authenticator).
7. Provide the customer with the Google Authenticator setup instructions:
   • Download the Google Authenticator app from the Apple App Store or Google Play.
   • Click the "+" icon in the app to add a new account.
   • Scan the QR code displayed on the BitGo login page.
   • Enter the 6-digit code from the app into the BitGo prompt and click Submit.
8. If the initial reset does not appear to take effect and the customer still sees the authenticator prompt, perform the reset again and ask the customer to retry.

Notes: - BitGo Support will never ask for the customer's password, API tokens, or keycard document.

• If the customer has 2FA recovery codes (generated during account setup or from the settings page), they should attempt the self-service "Reset 2FA" flow on the login page before requesting a manual reset.
• For new IP addresses used during login, there may be a cooldown period; advise the customer to check their email for an IP verification message and check their spam/junk folder.

"We require the following information to remove the existing 2FA from your account: Date of BitGo email verification (search for 'Your BitGo Email Verification' in inbox) 3 transaction hashes either to or from your wallet. If you do not have your transaction hash(TXID) you must contact the Bitcoin exchange in which you first received your bitcoin and request the TXID's from their Support Team. Wallet balance. If you do not have the above information, we can also accept the First 8 characters and the Last 8 Characters of the BitGo Public Key from your keycard." (ticket #209439)

"Since you were unable to reset your 2FA via the link, Support will need to perform a manual reset. Before we can initiate the manual reset, we need to verify your ownership of the wallet." (ticket #214581)

"We have successfully validated the account ownership and removed the existing 2FA on the account. Please try accessing the account and let us know if you need any further assistance." (ticket #209439)

---

Scenario: phone-lost-changed-number#keycard-alternative-verification

Trigger: The customer cannot provide the email verification date, transaction hashes, or wallet balance, but does have their BitGo keycard or backup key information.

Signals: no email, no transactions, no balance, keycard, QR code keys, public key, backup key, first 8 last 8

Steps:

1. Ask the customer to share the first 8 and last 8 characters of their public key and/or backup key from their keycard.
2. Validate these characters against internal records.
3. If they match, proceed with the manual 2FA reset as described in the standard scenario above.
4. If the customer has a backup key email (e.g., from Keyternal), the public portion of that backup key can also be used for validation.

Notes: - Some long-inactive accounts (e.g., 5+ years old) may have customers who lack email verification records, transaction history, or balance information. The keycard / key character method is the fallback verification path for these cases.

"Could you please share the first 8 and last 8 characters of your public and backup key with us?" (ticket #214581)

"i have an email from keyternal that says The public part of your backup key on file is: xpub6GiRC55CS7HT..." (ticket #209439)

---

Scenario: phone-lost-changed-number#new-device-mobile-access

Trigger: The customer reports being unable to access the BitGo website or app from a mobile device, or mentions needing to "authorize" a new device.

Signals: authorize device, mobile device, iPhone, access to the website, app error, cannot access

Steps:

1. Confirm whether the customer is attempting to access BitGo from a mobile device.
2. Advise the customer that BitGo recommends accessing the platform via Google Chrome browser on a laptop or desktop rather than a mobile device.
3. If the issue is specifically about 2FA on a new device, follow the manual 2FA reset process described above.
4. If the customer mentions an IP-related error, instruct them to check their email (including spam/junk) for an IP verification email from BitGo and complete the verification.

Notes: - Some customers conflate mobile device authorization requests with 2FA issues. Clarify whether the root problem is 2FA loss or a platform access/IP verification issue.

"Could you please confirm if you are trying to access BitGo platform via mobile device? If so, we recommend and suggest that you access BitGo platform via Google Chrome browser on your laptop and desktop only." (ticket #246903)

"If you've recently changed your mobile device and need assistance setting up your 2FA application on the new device, We require the following to unfreeze or reset 2FA for your account: Date of BitGo email verification (please search your inbox for an email titled 'Your BitGo Email Verification')" (ticket #257983)

---

Scenario: phone-lost-changed-number#third-party-wallet-redirect

Trigger: The customer's wallet is managed by a third party (e.g., Baanx/BANXX) and BitGo does not hold the wallet keys.

Signals: Baanx, BANXX, third party, BitGo does not hold keys, external platform

Steps:

1. Confirm that the wallet in question is managed by a third-party platform and that BitGo does not hold the wallet keys.
2. Inform the customer that BitGo is unable to assist further with this issue and that they must work with the third-party support team (e.g., Baanx support) to resolve access problems.
3. Politely close the ticket. If the customer repeatedly reopens the ticket, escalate per internal policy.

Notes: - Do not perform 2FA resets or provide wallet recovery assistance for wallets where BitGo does not hold keys.

"Please note as we have mentioned before we're unable to help you further with this issue since BitGo does not hold the wallet keys. Please kindly work with the BANXX support team to get this issue resolved." (ticket #198043)

---

Scenario: phone-lost-changed-number#enterprise-user-role-change

Trigger: An enterprise administrator requests removal or role change of a user associated with a phone number or device change, across enterprise wallets.

Signals: remove user, role change, enterprise, all wallets, all enterprises, video verification, Calendly

Steps:

1. Confirm the enterprise and the email address of the user to be removed or modified.
2. Request the specific Wallet IDs affected (or confirm "all wallets and all enterprises" if that is the scope).
3. Schedule a video conference for identity verification using the Calendly link: https://calendly.com/bitgo-client-delivery/videoid
4. Instruct the requester to have a government-issued photo ID ready for the video call and to reference their ticket number when scheduling.
5. During the video call, verify the requester's identity and process the user removal/role change.
6. Confirm completion to the customer after the changes are made.

Notes: - This scenario applies to enterprise-level administrative changes, not individual consumer 2FA resets.

"We have received your request for a Wallet User Role change. For security purposes, we will need to schedule a video conference to verify your identification. Please use the following link to schedule a time to meet with us and verify the request: https://calendly.com/bitgo-client-delivery/videoid. Please be ready to provide your government issued photo ID during this meeting." (ticket #208849)

Related

• two-step-verification-setup — Covers the new 2FA system, recovery codes, and self-service reset flow that may prevent the need for a manual reset.
• two-factor-authentication — Details on setting up Google Authenticator, Yubikey, and other 2FA methods after a reset.
• keycards-and-private-keys — Guidance on keycard handling, relevant when customers use keycard characters for ownership verification.