Thank you everyone for your suggestions. I have read all posts and even though voting shows 50/50 response but the overall conclusion is that most of the people prefer Option 1 as they prefer for convenience and ease the most. With additional 2FA layer, everything is quite safe, making Option 1 the preferable choice among casinos and players.
The team was considering Option 2 because it has more flavor for cryptocurrency users. A person who prefers keeping full control of his funds (by using cryptocurrencies with private key security) would like keeping full control of his casino account too. But it turns out, people don't consider that much.
Some people questioned that Option 1 is completely safe and there's no reason why one should make things more complicated by using Option 2. Well, to certain degree that's true. But every system that is dependent on third party (email in this case) cannot be considered entirely safe. There is high chance that important information may leak in transition which is entirely out of user's control.
This gives me a new idea where the gambling sites could actually ask the gambler to choose their own security option and the gambler knows if he will be playing small or big and hence he can decide the method based on that.
I don't think any website would do this because it will make very difficult to maintain single database and unnecessarily create complication in the working of MVC (Model-View-Controller).