Binance is launching a user-controlled withdrawal lock aimed at a threat that the crypto industry has spent the past year anticipating: physical coercion of holders, also known as the so-called wrench attacks.
The “Withdraw Protection” feature lets users freeze their own account against onchain withdrawals for one to seven days, the exchange said Monday. A stricter “lockdown” mode disables early unlocking entirely. Binance’s press release states that the lock cannot be overridden by the exchange.
In an interview with CoinDesk, the exchange’s Chief Security Officer Jimmy Su said the company built the feature in response to patterns it observed in the wild, including “withdrawals that are riskier or even forced in some cases.”
He pointed to users traveling to regions where identifying as a crypto holder carries a physical risk.
“We see a pattern where some of the users may go to riskier geographic locations,” Su said. “They want to have this user control layer where they can put a cap on withdrawals. If something were to happen, it would give them more time to recover.”
Asked if the feature was a defense against wrench attacks specifically, Su said it was a scenario along with cases in certain regions where bad actors are actively working to identify crypto users for personal targeting.
A policy lock
Binance’s press release framed the inviolable lock as a hard guarantee. Su clarified the mechanism is an internal policy.
“It’s an internal policy for this particular feature. Our customer service agents are not able to override it,” Su told CoinDesk. “The goal is to address the irreversible transfer nature of crypto.. Unlike a fiat scenario where funds are withdrawn into a checking or bank account and there are ways to reverse the transaction, you can’t do that with onchain crypto.”
The distinction matters. A cryptographic lock would in practice be immutable for the user’s chosen period. A policy lock depends on Binance’s continued enforcement and the absence of legal compulsion to lift it. Su said the feature does not block law enforcement orders.
“This does not prevent law enforcement from acting on accounts,” he said.
Why a delay is now worth offering
Withdrawal delay features are not new. Coinbase has offered Vaults, with a 48-hour delay and email confirmation, for years. Kraken offers a similar Global Settings Lock.
The threat landscape has changed. According to data from CertiK and crypto researcher Jameson Lopp, verified physical coercion incidents against crypto holders increased by 75% in 2025, reaching 72 confirmed cases. Assault-related incidents increased 250%.
Forced withdrawals defeat conventional account security. Each credential check is performed by the legitimate user.
A time lock changes this calculation: a user who activates withdrawal protection before traveling to a high-risk area cannot be forced to move money to the destination, even under physical threat. Contacting support wouldn’t help in this case either.
Trading bots and the next layer
Asked what user behavior worries him the most, Su pointed to trading bots advertised on forums and ad networks that ask users to provide API keys with broad permissions.
“If the trading bot is a scam, it can be used to cause trading losses and unauthorized withdrawals,” Su said. Users should treat API keys with the same protection as their passwords or two-factor authentication, he added: “Once a key is used by a trading bot, it’s as if they’re operating on behalf of that user.”
Binance is investing in context-aware authentication that varies friction based on detected risk, Su said. For routine actions such as login or trading, the goal is to reduce visible challenges. For high-risk actions like withdrawals, more friction is the point.
He framed retreat protection as one layer in a defense-in-depth approach, not a substitute for basic hygiene. The tip for the wrench attack threat model, he said, was to manage one’s online footprint.
“Crypto users need to protect their online presence,” Su said. “Trying to protect the confidential information relative to how much they have in crypto. Make yourself a harder target.”
