I would think the most secure way to handle a lost second factor would be to only allow that user to withdraw the funds on account to a previously setup destination. Once all the funds have been moved out they can remove the second factor and resume trading once the new funds are added.