Crypto header

Is Binance Safe?

Binance exchange has some of the lowest fees in the crypto industry, but is it safe to use? Let’s explore its security practices.

By
&
Tom Blackstone
Gabe TurnerChief Editor
Last Updated on Jul 11, 2022
By Tom Blackstone & Gabe Turner on Jul 11, 2022
The content on this page is provided for informational purposes only. Security.org does not offer financial or investment advice, nor does it advise or encourage anyone to buy, sell, or trade cryptocurrency. It is advised that you conduct your own investigation as to the accuracy of any information contained herein as such information is provided “as is” for informational purposes only. Further, Security.org shall not be liable for any informational error or for any action taken in reliance on information contained herein.

Binance is well known as a crypto exchange that offers low fees and advanced trading tools. But you may have questions as to whether its security is up to snuff. In this guide, we’ll explore Binance’s security practices, and we’ll consider whether it is a safe and secure exchange. We’ll also discuss ways that you can help protect your crypto while using Binance.

Note that this guide is about Binance.US, or the version of Binance available in the United States. There is also Binance.com, which is available outside of the U.S. But this article will only mention Binance.com if it is relevant to the U.S. version.

So, is Binance safe?

Is Binance Safe?

The bottom line is that Binance is a very safe crypto exchange (with some caveats). It keeps the vast majority of its crypto in “cold wallets” that are not connected to the internet. This limits losses in case of a hack and makes it unlikely that an attack will cause Binance to become insolvent. This means that if the exchange suffers a major attack, users are likely to be reimbursed by the company.

Binance also offers hardware 2FA, a real-time monitoring system to detect suspicious activity, security notifications through email, and many other advanced security features.

Binance's Basic Interface
Binance’s Basic Interface

Overall, Binance is a highly secure exchange.

On the other hand, no crypto exchange is 100 percent-secure, including Binance. In the next few sections, we’ll go over its security practices in detail, and we’ll consider some ways that these practices can be circumvented by attackers who wish to steal your crypto. We’ll also discuss ways that you can help to prevent these attacks.

First, let’s go over the primary security practices of Binance.

Binance.US Security Practices

Here are a few of Binance’s security measures that help to prevent cyberattacks:

  • Cold wallets. Ever since the notorious Mt. Gox hack,1 security experts have warned exchanges to always keep the vast majority of their crypto on devices that are not connected to the internet. Binance doesn’t disappoint here, as it states that the “vast majority” of its crypto is stored in cold wallets, outside of the grasp of cyberattackers.
  • Two-factor authentication (2FA). Like most crypto exchanges, Binance allows you to implement 2FA on your account. If you turn this feature on, you’ll be required to enter a code from your phone every time you log in or make a withdrawal. You can use text messaging or an authenticator app to receive the code. Unlike most exchanges though, Binance also allows you to use a hardware device such as Yubikey to receive the code, which is an even stronger method than using a mobile app.
  • Real-time monitoring. Binance tracks every action done on the exchange, and it has an algorithm that analyzes activity to see if it is unusual. Any action identified as suspicious results in a 24-to-48-hour freeze on withdrawals from your account. If you actually did authorize the action, you can contact customer service to have the freeze removed, or you can just wait for the time period to pass. But if your account was hacked, the 24-to- 48-hour freeze should give you enough time to alert the staff that your account has been compromised.
  • Access control. If you want further protection, you can set up “access control” mechanisms on Binance that limit withdrawals to only certain IP addresses or wallet addresses.
  • Organizational Security. Binance uses advanced organizational security systems to help keep its crypto secure, including threshold signature schemes (TSS)2 that require multiple parties to authorize a transfer from one wallet to another.
  • Security notifications. If Binance’s system detects suspicious activity on your account, it immediately notifies you through email.
  • Data encryption. Social Security numbers, addresses, and other personal data is stored in encrypted form, making it very difficult for a hacker to get this information.
  • Secure Asset Fund for Users (SAFU). Binance keeps a $1 billion fund available to reimburse users in case there is a major breach of Binance’s platform. This should help to make sure that the company does not go bankrupt and fail to pay its obligations to users.

Binance has some of the most advanced security systems of any crypto exchange. But it isn’t completely secure. In the next section, we’ll go over some risks of using Binance.

Risks of Using Binance.US

No matter how secure Binance is, it is still an old-school, Web 2.0 app. In other words, it requires a username and password instead of a cryptocurrency wallet for logins. This means that when you first set up an account with Binance, you have to think up a password to use to log in.

FYI: The current Web 2.0 system is gradually being replaced by “Web 3.0,” which uses crypto wallets instead of passwords for logins. You can find more info about how wallets work in our complete guide to crypto wallets.

There are lots of security problems with this type of login system. For one, you might be tempted to use the same password for Binance that you do for other websites, just so that you can remember your password. But this means that if an attacker breaches the security of another website that you use, he will have a hash of your Binance password.

Binance's mobile app on an iPhone
Binance’s mobile app on an iPhone

And once he has your Binance password hash, he might be able to crack it using Hashcat or some other cracking software, thus revealing to him your actual password.

Another problem is that Binance allows you to reset your password using your email. So if an attacker gets access to your email account, this hacker can change your Binance password and lock you out of your account.

Enabling 2FA can help to prevent these types of attacks. But many people receive their 2FA codes from text messages. These messages can be intercepted if the attacker calls up your phone company and pretends to be you, telling your phone company that you want to transfer your phone service to your “new phone” (the attacker’s phone).

Finally, there is always the risk that the Binance platform itself could be breached. This is exactly what happened in the infamous Binance.com hack of 2019.

Binance Hack

In May 2019, Binance.com announced that a group of hackers had managed to steal “a large number of API keys, 2FA codes, and potentially other info.”3 The hackers used multiple methods to steal this data, including viruses, phishing, and other methods. Using this data, they were able to make a withdrawal of about $40 million worth of Bitcoin.

However, Binance admitted that this hack was not the fault of users, and it reimbursed all of its customers’ accounts from the SAFU immediately. None of Binance’s users lost any crypto or cash from the hack.

This hack only affected the international version of Binance. The U.S. branch has never been hacked. But because Binance.US and Binance.com use similar security systems, we thought we should make you aware of this issue.

Overall, we think Binance acted appropriately in response to the hack. It recognized that the hack was caused by faulty platform security, not by anything that users could control. So it reimbursed users’ accounts, and only Binance itself lost money.

Still, had the hack been partially or fully the fault of users, Binance probably would not have reimbursed its users.

In the next section, we’ll go over some steps you can take to help keep your Binance account secure. This should help to prevent your crypto from being stolen out of your Binance account. And if it is stolen, it should make it more likely for you to be reimbursed.

Binance's security promise to its users
Binance’s security promise to its users

How to Stay Safe While Using Binance

Here are a few steps you can take to help protect the crypto you buy through Binance.

Enable two-factor authentication (2FA). If you enable 2FA, you’ll be required to enter a code from your phone every time you log in or make a withdrawal. This will help to prevent your account from being accessed in case your password is exposed or your email account is compromised. For even better security, consider using an authenticator app (instead of text messaging) to receive the code. Or, if you can afford it, purchase a Yubikey or other hardware solution to receive your 2FA code.

Use a strong password. Ideally, the password you use for Binance should be different from the password you use on other sites. That way, if another site you use gets hacked, your Binance password won’t be exposed. In addition, you can make the password hash harder to crack by combining capital and lowercase letters, numbers, and special characters, and by making the password as long as possible.

Watch out for malware. One of the easiest ways for a hacker to get your login info is to infect your PC with malware. The attacker sends you an email that looks like it’s from someone you know, and it contains a file attachment that appears to be a .pdf or some other legitimate file that you want. When you open the file, it infects your computer with software that searches through your computer looking for sensitive data. At this point, it can steal your Binance password from within your browser (assuming you’ve saved it there for convenience) or even record your keystrokes the next time you log in.

To help protect against this threat, scan file attachments with a good antivirus program. We’ve got a list of some of the best antivirus programs to help you pick one.

Avoid getting phished. Another vector of attack is for the thief to set up a fake Binance site. He then sends you an email claiming to be Binance and telling you that you need to log in for some urgent reason. When you click the link in the email, it sends you to the fake site, and when you try to log in, the attacker accesses your username and password.

To help prevent this, check the sending address on every email that alleges to come from Binance, especially if it encourages you to click a link. An authentic email will come from the domain @binance.us or @binance.com, but a fake one may come from @ww-binance.com or some other misspelling.

More importantly, check the URL of the website the link leads to. You may notice that the domain there is not binance.us. To be even more secure, you can set up an anti-phishing code through the Binance app interface. Once you do this, the code will be included in any email from Binance, making it easier to spot fakes.

Binance's advanced interface
Binance’s Advanced Interface

Consider withdrawing your crypto. Ultimately, the most effective way to protect your crypto is to just take it out of the Binance exchange completely. Withdraw it into your private wallet, and store the seed words to your wallet in a secure location within your house. This does away with usernames and passwords completely, making it much more difficult for an attacker to get your crypto. For more information on how to do this, check out “Storing Crypto Safely Using Wallets,” in our complete guide to investing in crypto safely.

No crypto exchange is perfectly safe. But following these tips should dramatically increase your chances of keeping your crypto protected.

Now here are some final thoughts on Binance safety.

Final Thoughts on Binance Safety

Binance is an excellent crypto exchange for serious traders. It offers very low commissions, a large variety of coins, and advanced trading tools. Most importantly, Binance is a fairly safe crypto exchange, with lots of advanced security features.

But no crypto exchange is completely secure. In this article, we’ve explained the major security features of Binance, the risks of using Binance, and some ways that you can help to limit these risks.

For more information on some common crypto scams and how to avoid them, you may want to read our guide to the most common crypto pitfalls. You can also check out our full review of Binance for a broader understanding of the Binance exchange.

We’ll finish off this guide with answers to some common questions about Binance safety.

Binance Safety FAQs

  • Is it safe to keep crypto on Binance?

    Yes … and no. Binance is one of the safer exchanges compared to others. So if you’re actively trading crypto and need to keep it on an exchange, Binance is a pretty secure choice.

    However, if you’re holding large amounts of crypto long term, a private hardware wallet may be a better choice than keeping it on an exchange.

  • Is Binance a wallet?

    No. Binance is a cryptocurrency exchange. You can use it to buy or sell crypto. To transfer your crypto to a wallet, you’ll need to make a withdrawal through the Binance app.

  • Can U.S. citizens use Binance?

    Binance.US is a licensed money transmitter in the U.S., and it’s legal in 46 states.

    Binance.US is not licensed to operate in Hawaii, New York, Texas, or Vermont. So if you live in these unsupported states, you may want to try Kraken or Coinbase instead. Here is our full review of Kraken and our Coinbase analysis.

    Binance.com is a separate exchange made for people who live outside the U.S. It is not licensed in the U.S. So U.S. residents may want to stick with Binance.US and stay away from Binance.com.

  • Is Binance insured?

    All cash deposits at Binance.US are held in U.S. banks and insured up to $250,000 by the Federal Deposit Insurance Corp. (or FDIC).

    Cryptocurrency at Binance is not insured. However, the company does keep a Secure Asset Fund for Users (SAFU) of over $1 billion to protect users in case of a major cybersecurity attack.

  • How can I withdraw from Binance to my bank account?

    Many readers want to know how to withdraw cash from Binance to get it out of the exchange. To do this, first click the “Wallet” tab at the top of the screen, then select “Withdraw.”

    Next, select “USD US Dollar” from the drop-down menu, and enter the number of dollars you want to withdraw. Finally, select your bank account, and follow the instructions to confirm the transaction. Your withdrawal should arrive in your bank account within one to three days.

Citations
  1. Investopedia. (2022). Mt. Gox. investopedia.com/terms/m/mt-gox.asp

  2. Binance Academy. (2019). Threshold Signatures Explained.
    academy.binance.com/en/articles/threshold-signatures-explained

  3. Binance. (2019). Binance Security Breach Update.
    binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update