The only chink in the armor seems to be egopay, I'm not too familiar with it, is it possible to remove it as an option or tie it down to my email address as well?
Good idea. Maybe give the option to remove this altogether.
Also email-confirmations are a good idea too.
How about a second 2Factor for withdrawal? Then you can't reuse the stolen 2Factor used for the ("failed") login, and can even seperate the second 2Factor to another mobilephone. Which you keep at home or something.
Ente