Binance is launching a user-controlled withdrawal lock designed to counter a threat the cryptocurrency industry has faced over the past year: physical coercion of holders, also known as a so-called spanner attack.
The exchange said on Monday that the “Withdrawal Protection” feature allows users to freeze their accounts for one to seven days to prevent on-chain withdrawals. The stricter “locked” mode disables early unlocking entirely. Binance’s press release stated that the lock cannot be overridden by the exchange.
Jimmy Su, the exchange’s chief security officer, said in an interview with CoinDesk that the company built the feature in response to patterns observed in the wild, including “riskier and even forced withdrawals in some cases.”
He noted that there are physical risks for users traveling to areas where they are identified as cryptocurrency holders.
“We found that some users may be traveling to higher-risk geographies,” Su said. “They want to have a layer of user control that can put limits on withdrawals. That would give them more time to recover if anything happens.”
When asked if the feature was specifically targeted at spanner attacks, Su said it was a situation where in some regions bad actors actively identify cryptocurrency users for in-person attacks.
policy lock
Binance’s press release refers to the irreversible lock-in as a hard guarantee. Su clarified that the mechanism is an internal policy.
“This is an internal policy for this specific feature. Our customer service agents cannot override it,” Su told CoinDesk. “Our goal is to address the irreversible transfer nature of cryptocurrencies. Unlike fiat scenarios where funds are withdrawn to a checking or bank account, and there are multiple ways to reverse a transaction, this is not possible with on-chain cryptocurrencies.”
The distinction is important. The encryption lock is effectively immutable for a user-selected period of time. The policy lock is subject to continued enforcement by Binance and the existence of legal enforcement to lift the policy lock. Su said the feature would not block law enforcement orders.
“This does not prevent law enforcement from taking action against the account,” he said.
Why it’s worth delaying now
The withdrawal delay feature is not new. Coinbase has offered Vaults for years, with a 48-hour delay and email confirmation. Kraken provides a similar global settings lock.
The threat landscape has changed. Verified incidents of physical coercion against cryptocurrency holders increased by 75% in 2025, with 72 confirmed cases, according to data from CertiK and cryptocurrency researcher Jameson Lopp. Attack-related incidents surged 250%.
Forced withdrawals undermine traditional account security. Each credential check is completed by a legitimate user.
Time locking changes this calculus: users who activate withdrawal protection before traveling to a high-risk area cannot be forced to move funds at their destination, even in the event of physical threats. In this case, contacting support won’t help.
Trading bots and the next level
When asked about the user behavior that worries him most, Su pointed to trading bots advertised on forums and ad networks requiring users to grant API keys with broad permissions.
“If a trading bot is a scam, it can be used to cause trading losses and unauthorized withdrawals,” Su said. Users should treat API keys like passwords or two-factor authentication, he added: “Once a trading bot uses the keys, it’s as if they are operating on behalf of that user.”
Binance is investing in context-aware authentication that changes friction based on detected risks, Su said. For everyday operations like logging in or transacting, the goal is to reduce visible challenges. For high-risk actions like withdrawals, more friction is key.
He views withdrawal protection as a layer in a defense-in-depth approach rather than a substitute for basic hygiene. He said the recommendation for the Wrench attack threat model is to manage one’s online footprint.
“Cryptocurrency users need to protect their online image,” Su said. “The number of cryptocurrencies trying to protect confidential information. Making yourself a harder target.”
