Cryptocurrency exchange Binance launched "Withdraw Protection" on May 4, 2026, a user-controlled security feature that allows account holders to impose a temporary lock on all on-chain withdrawals for a period of one to seven days. The tool is designed to mitigate risks from physical coercion, often called “wrench attacks,” which have become an increasingly prevalent threat for crypto holders.
"User protection is important across all digital and financial platforms, and security is most effective when it is both proactive and user-driven," Jimmy Su, Chief Security Officer at Binance, said in a statement. "Withdraw Protection is designed as a proactive control that gives users more choice over account security, and it reflects the evolution of digital asset services toward stronger user safeguards."
The feature is an opt-in control where users define the lock's duration. A "strict lockdown" option makes the delay irreversible by anyone, including Binance support staff, until the timer expires. An alternative setting allows for an early unlock, but only if the user has pre-configured both an authenticator app and a physical security key. While the lock is active, all other account functions, including trading, remain accessible.
The launch addresses a shift in the crypto threat landscape away from exchange-level hacks toward individual-focused attacks. Data from security firm CertiK and researcher Jameson Lopp showed that verified incidents of physical coercion against crypto holders rose 75 percent in 2025 to 72 confirmed cases. Because coerced withdrawals are authorized by the legitimate account holder, they bypass most conventional security measures like 2FA and whitelists. The time-delay introduced by Binance's new feature provides a critical window for a user under duress to escape the situation or seek help.
While withdrawal delay features are not new—Coinbase has long offered its "Vault" with a 48-hour delay, and Kraken provides a "Global Settings Lock"—Binance's implementation is notable for its explicit framing as a defense against physical threats and the non-overrideable nature of its strict lockdown mode. Su clarified that the feature is an internal policy lock, not a cryptographic one, and does not shield an account from legitimate law enforcement orders.
Su also emphasized that the tool is one layer of a defense-in-depth strategy and does not replace the need for fundamental security hygiene. He advised users to remain vigilant about managing their public footprint and to be cautious of third-party trading bots that require broad API permissions, which can be another vector for unauthorized account activity.
This article is for informational purposes only and does not constitute investment advice.
