Binance is launching a user-controlled withdrawal lock aimed at combating a threat the crypto industry has spent the last year reckoning with: physical coercion of holders, also known as so-called key attacks.
The “Withdrawal Protection” feature allows users to freeze their own account from chain withdrawals for one to seven days, the exchange said on Monday. A stricter “lockdown” mode disables early unlocking entirely. Binance’s press release states that the lock cannot be circumvented by the exchange.
In an interview with CoinDesk, Jimmy Su, the exchange’s head of security, said the company created the feature in response to patterns seen in the wild, including “riskier, even forced withdrawals in some cases.”
He highlighted users traveling to regions where being identifiable as a crypto holder carries physical risk.
“We are seeing a trend where some users might be traveling to higher risk geographies,” Su said. “They want to have this layer of user control where they can put a restriction on withdrawals. In case something happens, it gives them more time to recover.”
When asked if the feature was specifically a defense against keystroke attacks, Su said this was one scenario, alongside cases in some regions where bad actors are actively working to identify crypto users for in-person targeting.
A political lock
Binance’s press release presented the non-cancelable lock as a strong guarantee. Su clarified that the mechanism is an internal policy.
“This is an internal policy for this particular feature. Our customer service agents cannot override it,” Su told CoinDesk. “The goal is to address the irreversible nature of crypto transfer. Unlike a fiat scenario where funds are withdrawn to a checking or bank account and there are ways to reverse the transaction, you cannot do that with on-chain crypto.”
The distinction matters. A cryptographic lock would effectively be immutable for the period chosen by the user. A policy lock is contingent on Binance continuing to enforce it and there being no legal obligation to lift it. Su said this feature does not block orders from law enforcement.
“This does not prevent law enforcement from taking action on accounts,” he said.
Why a delay is now worth proposing
Withdrawal timeout features are not new. Coinbase has offered vaults, with a 48-hour turnaround and email confirmation, for years. Kraken offers similar global settings locking.
The threat landscape has changed. According to data from CertiK and crypto researcher Jameson Lopp, verified incidents of physical coercion against crypto holders increased by 75% in 2025, reaching 72 confirmed cases. Incidents related to assaults jumped by 250%.
Forced withdrawals go against conventional account security. Each credential check is performed by the legitimate user.
A time lock changes this calculation: a user who activates withdrawal protection before traveling to a high-risk region cannot be forced to move funds to the destination, even under physical threat. Contacting support, in this case, would be of no use either.
Trading robots and the next layer
When asked what user behavior worries him most, Su pointed to commercial bots advertised on forums and ad networks that ask users to grant API keys with broad permissions.
“If the trading robot is a scam, it can be used to cause trading losses and unauthorized withdrawals,” Su said. Users should treat API keys with the same protection as their passwords or two-factor authentication, he added: “Once a key is used by a trading robot, it is as if it is operating on behalf of that user. »
Binance is investing in contextual authentication that varies friction based on detected risk, Su said. For routine actions like logging in or trading, the goal is to reduce visible challenges. For high-risk actions like withdrawals, more friction is needed.
He defined the removal of protection as a layer in a defense-in-depth approach, not a replacement for basic hygiene. The advice for the key attack threat model, he said, was to manage one’s online footprint.
“Crypto users need to protect their online presence,” Su said. “Trying to protect confidential information in terms of the amount of cryptography. Makes you a harder target.”
