What Is the Withdrawal Whitelist Feature
The withdrawal whitelist is an important security feature provided by Binance. Once enabled, your account can only withdraw to pre-approved addresses. Any withdrawal to an address not on the whitelist will be automatically rejected by the system.
The core logic is easy to understand: just like setting your phone to "only allow calls from contacts," the whitelist restricts fund outflows to addresses you've recognized. Even if someone obtains your account password and verification codes and attempts to transfer funds to an unfamiliar address, the system will block the withdrawal because that address isn't on the whitelist.
For users holding significant assets, the whitelist is essentially a must-enable feature. It adds an extra layer of protection beyond account passwords and two-factor authentication, greatly reducing the risk of fund loss due to account compromise.
The whitelist feature is free — no additional cost or special account tier is required. All users who have completed basic identity verification can find and enable this feature in their security settings.
Steps to Enable the Whitelist Feature
Here are the specific steps to set up the whitelist on Binance's web platform:
Step 1: Log into the Binance website, click on your user icon in the upper right corner, and navigate to the "Security Settings" page. Find the "Withdrawal Address Management" or "Whitelist" option in the security settings list.
Step 2: Toggle on the whitelist feature. The first time you enable it, the system will require security verification, including email verification code and Google Authenticator (or SMS verification code), to confirm the account owner is performing the operation.
Step 3: Confirm activation. The system will display a notice explaining the rules that take effect after enabling the whitelist. After confirmation, the whitelist feature is officially active.
Important note: After enabling the whitelist, the system typically imposes a security waiting period (usually several hours) during which withdrawals may be temporarily restricted. This is the platform's security mechanism to prevent attackers from quickly enabling a whitelist, adding malicious addresses, and immediately transferring funds.
On the App, the path is similar — navigate to "Security" > "Withdrawal Address Management" or "Whitelist Management." The layout may differ slightly from the web version, but the core functionality is the same.
Adding and Managing Whitelist Addresses
After enabling the whitelist, you need to add trusted withdrawal addresses before you can withdraw normally.
To add a whitelist address: On the whitelist management page, click "Add Address." You'll need to fill in the following information — coin type (e.g., BTC, ETH, USDT), network (e.g., ERC20, TRC20, BEP20), address (the specific wallet address), and a note (to help you identify the purpose of this address).
After completing the form, the system will require another round of security verification (email code plus authenticator) to confirm the addition. Once verified, the new address is added to the whitelist.
Each time a new whitelist address is added, a security waiting period is also triggered. During this period, the newly added address cannot yet be used for withdrawals. Withdrawals to that address become available only after the waiting period ends. This mechanism ensures that even if an attacker manages to add a malicious address, the account owner has time to detect the anomaly and take action.
Managing existing whitelist addresses is straightforward. In the whitelist, you can see all added addresses including coin type, network, abbreviated address, and notes. Addresses no longer in use can be directly deleted. Deletion also requires security verification.
A good habit is to periodically review your whitelist to ensure all addresses listed are ones you currently use and recognize. If you spot an unfamiliar address, delete it immediately and review your account security settings.
Important Considerations for Whitelist Addresses
When using the whitelist feature, several important details require attention.
Address and network must both match. For example, if you add a USDT ERC20 address to the whitelist, you can only withdraw USDT to that address via the ERC20 network. If you want to withdraw USDT via TRC20 to a different address, you need to separately add that TRC20 address. Even for the same purpose (such as transferring to the same exchange), different networks typically have different deposit addresses, each needing to be added individually.
Address accuracy is critical. When adding whitelist addresses, it's strongly recommended to copy and paste rather than type manually. Manually entering long address strings is extremely error-prone, and blockchain transactions sent to wrong addresses are usually irreversible. After pasting, always verify the first and last few characters to confirm they match the target address.
The whitelist is not a cure-all. It protects the withdrawal step, but if an attacker gains full control of your account (including security verification methods), they could theoretically disable the whitelist or add new whitelist addresses. So the whitelist should be used alongside strong passwords, two-factor authentication, anti-phishing codes, and other security measures to form a multi-layered defense.
If you need to withdraw to a new address not on the whitelist, you have two options: add the new address to the whitelist and wait for the security period to end before withdrawing, or temporarily disable the whitelist (not recommended). Always choose the first approach — while it means waiting longer, the security is far better.
Combining the Whitelist with Other Security Features
The whitelist delivers maximum value when combined with other security features, creating a comprehensive security defense.
First is two-factor authentication. Ensure your account has Google Authenticator or a hardware security key enabled as a second verification factor. Every whitelist modification requires two-factor verification — if two-factor authentication itself is bypassed, the whitelist's protection is significantly weakened.
Second is the anti-phishing code. Enabling the anti-phishing code in Binance's security settings means all official Binance emails will contain your designated anti-phishing code. This helps you distinguish real from fake emails, preventing you from clicking phishing links that could expose your account information.
Third is login device management. Periodically check your trusted device list and remove devices no longer in use. Limiting the number of devices that can log in is also an effective way to reduce intrusion risk.
Fourth is withdrawal limit settings. Beyond the whitelist, you can adjust daily withdrawal limits in security settings. Even if a whitelist address is maliciously exploited, a lower daily limit caps the maximum loss from any single incident.
These features combined create a fairly comprehensive security system. An attacker would need to simultaneously breach passwords, authenticator, whitelist, and device management — four lines of defense — to transfer funds, making it significantly harder.
Common Use Scenarios and Recommendations
Here are some typical use scenarios for the whitelist feature.
Long-term holders. If you primarily accumulate coins and rarely need to withdraw, enable the whitelist and add only your own cold wallet address. This way, even if your account is compromised, funds can only go to your own cold wallet — an automatic safeguard.
Multi-exchange users. If you frequently transfer funds between Binance and other exchanges, add each exchange's deposit address to the whitelist. When withdrawing, select the target address from the whitelist, which also avoids the risk of errors from manual address entry each time.
DeFi users. If you frequently withdraw to MetaMask or similar wallets for DeFi participation, add your MetaMask address to the whitelist. However, if you frequently change wallet addresses or use multiple DeFi protocol addresses, whitelist management can become cumbersome — you'll need to balance security and convenience.
Regardless of your use scenario, developing the habit of verifying after adding whitelist addresses is important. After each new address addition, make a test transfer with the minimum amount first. Only proceed with large transfers after confirming the test funds arrive successfully.