中文 EN JA KO
Register Binance
Your Account Might Be Under Attack Right Now The Golden Five Minutes: Freeze Immediately After Freezing: Assess Calmly Trace the Intrusion Path Eliminate the Threat Restore Your Account and Harden Security Should You File a Police Report? FAQ

What to Do When Your Binance Account Faces a Security Threat

2026-03-27 · Advanced Skills · 16

Your Account Might Be Under Attack Right Now

Crypto account attacks come in many forms, and some are extremely subtle. Don't assume that only a sudden disappearance of assets counts as an attack. All of the following are warning signs:

  • You receive a "new device login confirmation" email from Binance, but you didn't log in from a new device
  • Your phone receives a Binance verification code via SMS, but you didn't initiate any operation
  • You spot a trade you never made after logging in
  • The security settings page shows your 2FA method has been changed
  • You discover a new API key has been created
  • An unfamiliar address appears in your withdrawal whitelist

If you encounter any of these situations, act immediately. If you need a backup account, you can register a new one through this link. Android users should download the latest APP to ensure you're using the most secure version.

The Golden Five Minutes: Freeze Immediately

The less time between discovering an anomaly and completing the account freeze, the better. Binance offers multiple ways to freeze your account:

Option 1: Freeze via the APP

Open the Binance APP > tap your avatar in the top-left > Security Center > Disable Account. Your account freezes immediately after confirming.

Option 2: Freeze via the website

Log into the Binance web version > go to Security Settings > Disable Account.

Option 3: Freeze via email

If you can no longer log in, check any recent notification emails from Binance. Many of these emails have a "If this wasn't you, click here to disable your account" link at the bottom.

Option 4: Contact customer support

If none of the above methods work, request an emergency freeze through Binance's official support channels. Have your registered email and identity information ready for quick verification.

After freezing, all account functions are suspended — meaning the hacker can no longer operate your account either.

After Freezing: Assess Calmly

Once the account is frozen, the hacker is locked out (you're temporarily locked out too, but your assets are safe). Now you need to calmly evaluate the damage:

Check email records: Review all notification emails from Binance, arrange them chronologically, and build a timeline of suspicious activities. Pay attention to: login notifications, withdrawal notifications, security setting change notifications, and API key creation notifications.

Document key information: Record the time, type, amount, and destination address (if withdrawals occurred) of every suspicious operation in detail. Screenshot and save all relevant emails.

Assess asset status: If you can still view your asset page, compare your current balance with what you remember it should be.

Trace the Intrusion Path

Figuring out how the hacker got in is crucial — otherwise you could be attacked again after recovery:

Possibility 1: Password leak

You used the same password across multiple websites, and one of those sites was compromised. This is the most common cause of intrusion. Check haveibeenpwned.com to see if your email appears in known breach databases.

Possibility 2: Phishing attack

You clicked a fake Binance link and entered your login credentials on a counterfeit site. Check your browser history and recently clicked links.

Possibility 3: Device compromised

Your phone or computer had malware installed (keyloggers, remote access trojans, etc.). Think back to whether you recently installed apps from unknown sources or clicked suspicious attachments.

Possibility 4: SIM card hijacking

If you use SMS as your primary verification method, a hacker may have gained control of your phone number through carrier vulnerabilities. If you recently experienced a sudden loss of cell signal, this is highly likely.

Possibility 5: API key leak

If you used your Binance API key on a third-party quantitative trading platform or bot, a security vulnerability on that platform may have led to your API key being stolen.

Eliminate the Threat

Take targeted action based on the intrusion path:

  • Password leak: Change your Binance password and email password, then set unique new passwords for every site that used the same one
  • Phishing attack: Change your password, clear browser-saved passwords, install an anti-phishing browser extension
  • Device compromised: Run a full antivirus scan; in severe cases, factory reset or replace the device
  • SIM card hijacking: Contact your carrier to report the loss and get a replacement, then switch your Binance verification method to Google Authenticator
  • API leak: Delete all API keys and stop using suspicious third-party platforms

Restore Your Account and Harden Security

After confirming the threat has been eliminated, apply to restore your account through the Binance website. The restoration process requires identity verification (ID documents + facial recognition) and typically takes 1-7 business days.

Immediately execute this security hardening checklist after restoration:

  1. Set a strong password of 16+ characters, including uppercase and lowercase letters, numbers, and special characters
  2. Bind Google Authenticator as your primary 2FA method
  3. Set a new anti-phishing code
  4. Enable the withdrawal whitelist feature, allowing withdrawals only to addresses you trust
  5. Clean up the device management list — remove all devices and re-add only your current one
  6. Delete all API keys and recreate them with restricted permissions as needed
  7. Enable biometric login in the Binance APP

Should You File a Police Report?

If there are actual asset losses, it's recommended to file a report with your local law enforcement. Prepare the following:

  • Your identification documents
  • Binance account information (UID)
  • Records and screenshots of suspicious activities
  • The amount of asset losses
  • Withdrawal destination addresses (if applicable)

Also submit a security incident report through the customer service channel in the Binance APP. Binance's security team can trace on-chain fund flows, and if funds flowed into a compliant exchange's account, there's a chance of freezing and recovering them.

FAQ

Q: Can I still view my assets after freezing the account? A: It depends on the type and extent of the freeze. A partial freeze may allow viewing but not operations. A full freeze prevents login entirely.

Q: Can I still recover my account if the hacker changed my password and email? A: Yes. Contact Binance support and provide the ID documents used during registration. Through manual review they can verify you as the original account owner. The process takes longer but recovery is possible.

Q: What if I find all my assets were transferred out after restoring the account? A: Immediately submit a theft report through customer support and file a police report. Although the probability of recovery isn't high, the sooner you report it the better. Binance's security team will assist with the investigation.

Q: How can I prevent future attacks? A: Use a password manager to set unique strong passwords for each site, use Google Authenticator instead of SMS verification, enable the withdrawal whitelist, set an anti-phishing code, and don't use high-privilege API keys on third-party platforms.

Android: direct APK install. iOS: requires overseas Apple ID
Download App Register Binance

Related Articles

What Scenarios Is Binance Loans Best Suited For
Is Binance Copy Trading Reliable?
How to Export Binance Billing and Trading Data
Register Binance Now for Fee Discounts · Register through our link to get a permanent 20% trading fee discount
Register Binance Download