In an effort to address the growing threat of physical coercion, such as wrench attacks on cryptocurrency holders, Binance is rolling out a new feature called ‘Withdraw Protection.’ This tool allows users to lock their accounts against blockchain withdrawals for one to seven days. A more stringent ‘lockdown’ mode offers complete prevention from early unlocking. According to a recent statement by the exchange, these locks cannot be bypassed by Binance staff.
Jimmy Su, Chief Security Officer at Binance, mentioned in an interview with CoinDesk that this development stemmed from observed patterns of risky and potentially coerced withdrawals. He highlighted concerns for users who travel to areas where identifying as a cryptocurrency holder poses physical danger.
“We’re noticing trends where some users head to more dangerous locations,” Su explained. “They want control over their withdrawal capabilities, providing them with additional recovery time if necessary.”
When asked if this feature specifically targets wrench attacks, Su acknowledged it as one scenario among others, including regions where bad actors identify crypto holders for physical targeting.
Binance’s release describes the irrevocable lock as a solid assurance, though Su clarified that it is an internal policy measure rather than an unbreakable mechanism. “Our customer service agents cannot override this feature,” he noted. “The goal is to address the irreversible nature of crypto transactions; unlike fiat transfers, which can be reversed, onchain crypto transactions are permanent once completed.”
Although a cryptographic lock would remain immutable for the user-selected duration, a policy-based lock depends on Binance’s ongoing enforcement and is not immune to legal demands.
“This does not prevent law enforcement from acting on accounts,” Su stated.
Features that delay withdrawals aren’t new; Coinbase has offered Vaults with a 48-hour hold and email confirmation for some time, while Kraken provides a similar Global Settings Lock. However, the threat landscape is evolving. Data from CertiK and crypto researcher Jameson Lopp shows verified physical coercion incidents against cryptocurrency holders rose by 75% in 2025, reaching 72 cases, with assault-related incidents increasing by 250%.
Such coerced withdrawals bypass standard account security measures since all verifications are conducted by the rightful owner. A time lock alters this dynamic: users who activate Withdraw Protection before visiting high-risk areas can’t be forced to transfer funds there under duress, and contacting support would be futile.
Su expressed concerns about trading bots found on forums that request API keys with extensive permissions. “If a bot is fraudulent, it could lead to trading losses or unauthorized withdrawals,” he warned. He advised treating API keys with the same security as passwords or two-factor authentication: “Once an API key is used by a scam bot, it operates under the user’s authority.”
Binance is developing context-aware authentication that adjusts difficulty based on perceived risk levels. For common activities like logging in or trading, they aim to minimize visible challenges. However, for high-risk actions such as withdrawals, increased friction is intended.
Su considers Withdraw Protection one layer of a multi-tiered security approach, not a substitute for basic cybersecurity practices. He recommends that users manage their online presence carefully and conceal sensitive information regarding their cryptocurrency holdings to become less vulnerable targets.