All of our content is written by humans, not robots. Learn More
Crypto header

Is Binance Safe?

Binance exchange has some of the lowest fees in the crypto industry, but is it safe to use? Let’s explore its security practices.

All of our content is written by humans, not robots. Learn More
By
&
Gabe Turner
Gabe Turner Chief Editor
Last Updated May 31, 2024
The content on this page is provided for informational purposes only. Security.org does not offer financial or investment advice, nor does it advise or encourage anyone to buy, sell, or trade cryptocurrency. It is advised that you conduct your own investigation as to the accuracy of any information contained herein as such information is provided “as is” for informational purposes only. Further, Security.org shall not be liable for any informational error or for any action taken in reliance on information contained herein.

If you’ve ever dabbled in crypto exchange, you’re very likely familiar with Binance. It’s the single largest crypto exchange platform on the planet that offers low fees and advanced trading tools. But even though Binance has a $9.3 billion trading volume in 2023, you might still be wondering if it’s a safe place to store and trade your cryptocurrency. That’s exactly what we’ll discuss in this guide.

Note that this guide is about Binance.US, or the version of Binance available in the United States (except a few select states like New York). There is also Binance.com, which is available outside of the U.S. But this article will only mention Binance.com if it is relevant to the U.S. version.

So, is Binance safe?

Is Binance Safe?

The bottom line is that Binance is a very safe crypto exchange (with some caveats). It keeps the vast majority of its crypto in “cold wallets” that are not connected to the internet. This limits losses in case of a hack and makes it unlikely that an attack will cause Binance to become insolvent. This means that if the exchange suffers a major attack, users are likely to be reimbursed by the company.

Binance’s security practices also meet high standards. It offers two-factor authentication (2FA) to verify logins, a real-time monitoring system to detect suspicious wallet activity, security notifications through email, and many other advanced security features. So if you want a safe place to store cryptocurrency, Binance is one of your best bets.

Binance's Basic Interface
Binance’s Basic Interface

On the other hand, no crypto exchange is 100 percent-secure, including Binance. In the next few sections, we’ll go over its security practices in detail, and we’ll consider some ways that these practices can be circumvented by attackers who wish to steal your crypto. We’ll also discuss ways that you can help to prevent these attacks.

First, let’s go over the primary security practices of Binance.

Binance.US Security Practices

Here are a few of Binance’s security measures that help to prevent cyberattacks:

  • Cold wallets. Ever since the notorious Mt. Gox hack,1 security experts have warned exchanges to always keep the vast majority of their crypto on devices that are not connected to the internet. Binance doesn’t disappoint here, as it states that the “vast majority” of its crypto is stored in cold wallets, outside of the grasp of cyberattackers.
  • Two-factor authentication (2FA). Like most crypto exchanges, Binance allows you to implement 2FA on your account. If you turn this feature on, you’ll be required to enter a code from your phone every time you log in or make a withdrawal. You can use text messaging or an authenticator app to receive the code. Unlike most exchanges though, Binance also allows you to use a hardware device such as Yubikey to receive the code, which is an even stronger method than using a mobile app.
  • Real-time monitoring. Binance tracks every action done on the exchange, and it has an algorithm that analyzes activity to see if it is unusual. Any action identified as suspicious results in a 24-to-48-hour freeze on withdrawals from your account. If you actually did authorize the action, you can contact customer service to have the freeze removed, or you can just wait for the time period to pass. But if your account was hacked, the 24-to- 48-hour freeze should give you enough time to alert the staff that your account has been compromised.
  • Access control. If you want further protection, you can set up “access control” mechanisms on Binance that limit withdrawals to only certain IP addresses or wallet addresses.
  • Organizational Security. Binance uses advanced organizational security systems to help keep its crypto secure, including threshold signature schemes (TSS)2 that require multiple parties to authorize a transfer from one wallet to another.
  • Security notifications. If Binance’s system detects suspicious activity on your account, it immediately notifies you through email.
  • Data encryption. Social Security numbers, addresses, and other personal data is stored in encrypted form, making it very difficult for a hacker to get this information.
  • Secure Asset Fund for Users (SAFU). Binance keeps a $1 billion fund available to reimburse users in case there is a major breach of Binance’s platform. This should help to make sure that the company does not go bankrupt and fail to pay its obligations to users.

Binance has some of the most advanced security systems of any crypto exchange. But it isn’t completely secure. In the next section, we’ll go over some risks of using Binance.

Risks of Using Binance.US

No matter how secure Binance is, it is still an old-school, Web 2.0 app. In other words, it requires a username and password instead of a cryptocurrency wallet for logins. This means that when you first set up an account with Binance, you have to think up a password to use to log in.

FYI: The current Web 2.0 system is gradually being replaced by “Web 3.0,” which uses crypto wallets instead of passwords for logins.

There are lots of security problems with this type of login system. For one, you might be tempted to use the same password for Binance that you do for other websites, just so that you can remember your password. But this means that if an attacker breaches the security of another website that you use, he will have a hash of your Binance password.

Binance's mobile app on an iPhone
Binance’s mobile app on an iPhone

And once he has your Binance password hash, he might be able to crack it using Hashcat or some other cracking software, thus revealing to him your actual password.

Another problem is that Binance allows you to reset your password using your email. So if an attacker gets access to your email account, this hacker can change your Binance password and lock you out of your account.

Enabling 2FA can help to prevent these types of attacks, but it’s not foolproof. For example, the attacker might call up your phone company pretending to be you, and then tell them you want to transfer your server to your “new phone.” Or if you lose your phone, whoever finds it will have access to your Binance app and the phone number you use for 2FA.

Finally, there is always the risk that the Binance platform itself could be breached. This is exactly what happened in the infamous Binance.com hack of 2019.

Binance Hack

In May 2019, Binance.com announced that a group of hackers had managed to steal “a large number of API keys, 2FA codes, and potentially other info.”3 The hackers used multiple methods to steal this data, including viruses, phishing, and other methods. Using this data, they were able to make a withdrawal of about $40 million worth of Bitcoin.

However, Binance admitted that this hack was not the fault of users, and it reimbursed all of its customers’ accounts from the SAFU immediately. None of Binance’s users lost any crypto or cash from the hack.

This hack only affected the international version of Binance. The U.S. branch has never been hacked. But because Binance.US and Binance.com use similar security systems, we thought we should make you aware of this issue.

>> Related reading: Is Crypto.com Safe?

Overall, we think Binance acted appropriately in response to the hack. It recognized that the hack was caused by faulty platform security, not by anything that users could control. So it reimbursed users’ accounts, and only Binance itself lost money.

Still, had the hack been partially or fully the fault of users, Binance probably would not have reimbursed its users.

In the next section, we’ll go over some steps you can take to help keep your Binance account secure. This should help to prevent your crypto from being stolen out of your Binance account. And if it is stolen, it should make it more likely for you to be reimbursed.

Binance's security promise to its users
Binance’s security promise to its users

How to Stay Safe While Using Binance

Here are a few steps you can take to help protect the crypto you buy through Binance.

Enable two-factor authentication (2FA). If you enable 2FA, you’ll be required to enter a code from your phone every time you log in or make a withdrawal. This will help to prevent your account from being accessed in case your password is exposed or your email account is compromised. For even better security, consider using an authenticator app (instead of text messaging) to receive the code. Or, if you can afford it, purchase a Yubikey or other hardware solution to receive your 2FA code.

Use a strong password. Ideally, the password you use for Binance should be different from the password you use on other accounts. But a unique password won’t cut it. You need a strong password – at least 12 characters long with a combination of uppercase and lowercase letters, numbers, and special characters. If you’re having trouble thinking up a strong password, you can always use our Random Password Generator. (The passwords we generate are completely random and unique, and we don’t log any generated passwords!)

Watch out for malware. One of the easiest ways for a hacker to get your login info is to infect your PC with malware. The attacker sends you an email that looks like it’s from someone you know, and it contains a file attachment that appears to be a .pdf or some other legitimate file that you want. When you open the file, it infects your computer with software that searches through your computer looking for sensitive data. At this point, it can steal your Binance password from within your browser (assuming you’ve saved it there for convenience) or even record your keystrokes the next time you log in.

To help protect against this threat, scan file attachments with a good antivirus program. We’ve got a list of some of the best antivirus programs to help you pick one.

Avoid getting phished. Another vector of attack is for the thief to set up a fake Binance site. He then sends you an email claiming to be Binance and telling you that you need to log in for some urgent reason. When you click the link in the email, it sends you to the fake site, and when you try to log in, the attacker accesses your username and password. That’s called phishing, and millions of people fall for it.

To help prevent this, check the sending address on every email that alleges to come from Binance, especially if it encourages you to click a link. An authentic email will come from the domain @binance.us or @binance.com, but a fake one may come from @ww-binance.com or some other misspelling.

More importantly, check the URL of the website the link leads to. You may notice that the domain there is not binance.us. To be even more secure, you can set up an anti-phishing code through the Binance app interface. Once you do this, the code will be included in any email from Binance, making it easier to spot fakes.

Binance's advanced interface
Binance’s Advanced Interface

Consider withdrawing your crypto. Ultimately, the most effective way to protect your crypto is to just take it out of the Binance exchange completely. Withdraw it into your private wallet, and store the seed words to your wallet in a secure location within your house. This does away with usernames and passwords completely, making it much more difficult for an attacker to get your crypto. For more information on how to do this, check out “Storing Crypto Safely Using Wallets,” in our complete guide to investing in crypto safely.

No crypto exchange is perfectly safe. But following these tips should dramatically increase your chances of keeping your crypto protected.

Now here are some final thoughts on Binance safety.

Final Thoughts on Binance Safety

Binance is an excellent crypto exchange for serious traders. It offers very low commissions, a large variety of coins, and advanced trading tools. Most importantly, Binance is a fairly safe crypto exchange, with lots of advanced security features.

But no crypto exchange is completely secure. In this article, we’ve explained the major security features of Binance, the risks of using Binance, and some ways that you can help to limit these risks.

We’ll finish off this guide with answers to some common questions about Binance safety.

Binance Safety FAQs

  • Is it safe to keep crypto on Binance?

    Yes … and no. Binance is one of the safer exchanges compared to others. So if you’re actively trading crypto and need to keep it on an exchange, Binance is a pretty secure choice.

    However, if you’re holding large amounts of crypto long term, a private hardware wallet may be a better choice than keeping it on an exchange.

  • Is Binance a wallet?

    No. Binance is a cryptocurrency exchange. You can use it to buy or sell crypto. To transfer your crypto to a wallet, you’ll need to make a withdrawal through the Binance app.

  • Can U.S. citizens use Binance?

    Binance.US is a licensed money transmitter in the U.S., and it’s legal in 46 states.

    Binance.US is not licensed to operate in Hawaii, New York, Texas, or Vermont. So if you live in these unsupported states, you may want to try Kraken or Coinbase instead.

    Binance.com is a separate exchange made for people who live outside the U.S. It is not licensed in the U.S. So U.S. residents may want to stick with Binance.US and stay away from Binance.com.

  • Is Binance insured?

    All cash deposits at Binance.US are held in U.S. banks and insured up to $250,000 by the Federal Deposit Insurance Corp. (or FDIC).

    Cryptocurrency at Binance is not insured. However, the company does keep a Secure Asset Fund for Users (SAFU) of over $1 billion to protect users in case of a major cybersecurity attack.

  • How can I withdraw from Binance to my bank account?

    Many readers want to know how to withdraw cash from Binance to get it out of the exchange. To do this, first click the “Wallet” tab at the top of the screen, then select “Withdraw.”

    Next, select “USD US Dollar” from the drop-down menu, and enter the number of dollars you want to withdraw. Finally, select your bank account, and follow the instructions to confirm the transaction. Your withdrawal should arrive in your bank account within one to three days.

Citations
  1. Investopedia. (2022). Mt. Gox. investopedia.com/terms/m/mt-gox.asp

  2. Binance Academy. (2019). Threshold Signatures Explained.
    academy.binance.com/en/articles/threshold-signatures-explained

  3. Binance. (2019). Binance Security Breach Update.
    binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update