Binance Unveils Withdrawal Lock to Counter Rising Wrench Attacks

TL;DR:

• Binance launched “Withdraw Protection,” a feature that allows users to lock withdrawals for between 1 and 7 days to protect against physical coercion attacks.
• The lock is an internal policy, not a cryptographic one, and does not prevent court orders or law enforcement actions from being applied to accounts.
• Physical coercion attacks against crypto users grew 75% in 2025, with at least 72 confirmed cases according to CertiK and researcher Jameson Lopp.

Binance launched a user-controlled withdrawal lock tool, designed to counter so-called “wrench attacks“: attacks in which malicious actors physically subdue cryptocurrency holders to force the transfer of their funds.

The feature, called “Withdraw Protection,” allows an account to be frozen against onchain withdrawals for a period of between one and seven days. A stricter mode, called “lockdown,” completely disables the possibility of early unlocking.

The announcement was accompanied by statements from Binance’s Chief Security Officer, Jimmy Su, who explained that the tool emerged from patterns detected by the exchange, including “withdrawals that are riskier or even coerced in some cases.” Su specifically mentioned users traveling to regions where being identified as a cryptocurrency holder implies potential physical risk.

A Policy Lock, not a Code Lock

Binance presented the mechanism as a guarantee that cannot be overridden by the exchange. However, Su clarified that this is an internal policy and not a cryptographic lock: customer service agents cannot revoke it, but the feature does not prevent judicial authorities from acting on accounts. “This does not prevent law enforcement from taking action on accounts,” the executive noted.

That distinction is crucial. A cryptographic lock would be practically immutable for the period chosen by the user. A policy lock depends on Binance’s continued compliance and the absence of legal measures to lift it.

A Feature That Was Already Overdue

Similar tools have existed for some time: Coinbase offers Vaults with a 48-hour delay, and Kraken has its Global Settings Lock. What has changed now is the volume of threats. According to data from CertiK and researcher Jameson Lopp, verified incidents of physical coercion against cryptocurrency holders grew 75% in 2025, reaching 72 confirmed cases, with a 250% increase in incidents linked to physical assaults.

A coerced withdrawal neutralizes any conventional security mechanism, since all verifications are completed by the legitimate user under duress. A temporary lock changes that scenario: whoever activates the protection before traveling to a risk zone cannot be forced to move funds at the destination, even under physical threat.

Binance Warns About the Use of Trading Bots

Su also warned about the use of trading bots that request API keys with permissions. A malicious bot can generate losses through trading operations and unauthorized withdrawals. The executive recommended treating those keys with the same care as passwords and authentication factors. On the matter of personal exposure, his advice was direct: manage activity so as not to become an easy target.