May 04, 2026 ChainGPT

Binance rolls out 'Withdraw Protection'—user-set 1–7 day lock to blunt wrench attacks

Binance rolls out 'Withdraw Protection'—user-set 1–7 day lock to blunt wrench attacks
Binance rolls out user-controlled “Withdraw Protection” to blunt wrench attacks Binance is launching a new user-controlled withdrawal lock designed to blunt a rising physical threat to crypto holders: so-called “wrench attacks,” where people are coerced in person to move funds. The feature, called Withdraw Protection, lets users block on-chain withdrawals from their Binance account for a user-selected period of one to seven days. An optional stricter “lockdown” mode prevents early unlocking altogether. Binance’s announcement said the lock “cannot be overridden by the exchange,” though the company’s chief security officer, Jimmy Su, clarified to CoinDesk that the safeguard is enforced by an internal Binance policy—customer service cannot lift it—and that it does not stop law enforcement action. Why this matters Time delays are a practical countermeasure to coerced withdrawals. If a user enables the delay before traveling to a higher-risk location, an attacker who forces them to hand over credentials or keys cannot immediately move funds on-chain. Because on-chain transfers are irreversible, Su described the feature as a way to “give them more time to recover” in situations where users face physical danger or are targeted in-person. Binance built the tool after seeing patterns of high-risk or potentially coerced withdrawals and rising threats in certain regions, Su said. He framed Withdraw Protection as one layer in a defense-in-depth strategy rather than a silver bullet, alongside basic account hygiene and reductions in public exposure about crypto holdings. Not a cryptographic lock It’s important to distinguish between a cryptographic, immutable time lock and a policy-driven lock. Binance’s mechanism relies on internal policy enforcement rather than an onchain cryptographic constraint, which means it could hypothetically be reversed if the company were compelled by law. Su was explicit: “This does not prevent law enforcement from taking action on accounts.” Where it sits in the market Withdrawal-delay features are not new. Coinbase has long offered Vaults with a 48-hour delay and email confirmation, and Kraken provides a Global Settings Lock. Binance’s offering expands the options for users seeking to protect themselves against physical coercion and other high-risk scenarios. Threat landscape and context Industry data show the problem is growing. CertiK and researcher Jameson Lopp reported a 75% increase in verified physical-coercion incidents in 2025, reaching 72 confirmed cases, with assault-related incidents up 250%. Coerced withdrawals defeat conventional security checks because the legitimate user is completing all credential steps under duress; a time-based restriction changes that calculus. Other attack vectors Su also warned about non-physical routes to loss, notably scam trading bots and apps that request API keys with broad permissions. “If the trading bot is a scam, it can be used to cause trading losses and unauthorized withdrawals,” he said, urging users to treat API keys with the same care as passwords and two-factor tokens. Next steps at Binance Beyond Withdraw Protection, Binance said it is investing in context-aware authentication—raising friction for high-risk actions like withdrawals while smoothing routine tasks such as logins and trading. The exchange positions the new lock as another protective layer that users should combine with safe operational security: minimize online footprints, avoid advertising crypto holdings, and safeguard API keys and credentials. Bottom line Withdraw Protection gives Binance users a way to add a time buffer against coerced transfers—a practical, user-facing tool that acknowledges a shifting threat landscape. It’s not an immutable onchain lock, and it won’t stop lawful interventions, but it can materially reduce the risk of rapid, forced crypto exfiltration when used as part of broader security practices. Read more AI-generated news on: undefined/news