Binance has rolled out a security feature called Withdraw Protection, and it is built for a threat that passwords and two-factor authentication cannot stop. Not a hacker. Not a phishing link. A person standing in front of you, demanding you move your funds.
The feature lets users freeze all on-chain withdrawals from their Binance account for a window of 1 to 7 days. Once that lockdown is active, no transfer goes out. Not by the account holder. Not by support. Not by anyone applying pressure from the outside.
When Your Own Security Becomes the Vulnerability
These incidents have a name in security circles: wrench attacks. The idea is straightforward. Forget breaking into an account remotely. Instead, find the person who holds it and force them to transfer directly. Every credential check clears, because the real user is the one completing it.
According to blockchain security firm CertiK, verified physical coercion cases against crypto holders rose 75 percent in 2025, hitting 72 confirmed incidents globally. Assault-related cases jumped 250 percent. Confirmed losses crossed $40.9 million. Researcher Jameson Lopp’s public repository puts the broader picture at 316 kidnap and ransom-style incidents since 2014, with 79 recorded in 2025 alone and at least 27 more logged already in 2026.
The cases are no longer isolated to one region or profile type. In January 2025, Ledger co-founder David Balland and his wife were abducted from their home in France. Last month, hooded men with firearms reportedly forced a family in France to hand over over $800,000 in digital assets. Cases have been documented in Dubai, New York, India, Pakistan, and Argentina. In parts of sub-Saharan Africa, where crypto adoption is growing fast but formal incident reporting is thin, the actual count is likely higher than what surfaces in public data.
Binance Chief Security Officer Jimmy Su said the tool came out of observed patterns. Users facing higher exposure when traveling, or when their holdings were publicly known, had no structural way to protect themselves once someone was physically present.
How the Lockdown Actually Works
Setting up Withdraw Protection takes under a minute. On the app: Account Centre, then Security, then Withdraw Protection. Set the window, confirm. On the web: Profile, Account, Security, Advanced Security, Withdraw Protection.
The default lockdown window is 48 hours. Users can set it anywhere between 1 day and 7 days. By default, the lockdown cannot be ended early by anyone, including the account holder. That is the design point. If someone forces you to try unlocking it, the system returns nothing. There is no override path.
An optional toggle called “Allow to unlock in advance” is available for users who want flexibility. Turning it on requires setting up a security key and authenticator app as verification. Phone and email can be added as additional steps. Leave it off, and the lockdown runs its full course no matter what.
Trading continues normally during an active lockdown. Spot positions, futures access, portfolio view, P&L tracking all stay live. Only on-chain withdrawals are blocked.
The Broader Security Stack This Sits Inside
Binance has framed this as one layer in a wider set of defenses, not a single fix. Withdraw Protection is specifically designed for physical security scenarios. The rest of the security architecture handles digital attack vectors.
Withdrawal whitelists restrict outgoing transfers to a pre-approved list of addresses, cutting most attacker options even if an account is compromised. Passkeys remove the primary attack surface for phishing and SIM-swap attempts. Biometric login ties access to a physical device. An anti-phishing code, an 8-character string, appears in every official Binance email. If it is missing, the message is not from Binance.
The one area the feature does not cover: legal orders from authorities. The Block confirmed in its coverage that the lockdown does not shield accounts from law enforcement requests.
Publicly disclosing holdings remains one of the most direct ways a person becomes a target. Screenshots of balances, public P&L posts, and detailed commentary on positions are the most common starting point for attackers identifying holders of meaningful funds. That applies regardless of which exchange or wallet is being used.
Binance has said it considers this a feature most users will rarely need. The point is that it exists when they do, and it works without needing support to intervene.
