Act Immediately When You Spot Warning Signs
You're scrolling through your phone when you suddenly receive an email from Binance saying your account was logged in from an unfamiliar city. Or you open the APP and notice your balance is less than the last time you checked. Or you enter the correct password but simply can't log in. These signals all point to one thing: your Binance account security may have been compromised.
In situations like this, speed is everything. After gaining access to your account, attackers typically try to withdraw funds as quickly as possible. The sooner you take action, the smaller your losses will be.
Emergency Freeze: Your First Response
Don't overthink it — freeze the account first and figure out the rest later.
If you can still log in: Open the Binance APP, go to "Profile" > "Security Settings" > "Disable Account." Once confirmed, all account functions are immediately frozen, including login, trading, withdrawals, and transfers.
If you can no longer log in: Check your registered email for recent security alert emails from Binance. At the bottom of these emails, there will be a "Disable Account" link. This link works without logging in — it's a one-click emergency freeze channel designed by Binance specifically for urgent situations.
If neither method works: Go directly to the Binance website and contact live support, explain the situation, and request an emergency freeze. Customer service response times are usually quick, especially for account security requests which are treated as high priority.
After freezing, take a deep breath — your funds are temporarily safe. The next step is to identify the root cause.
Investigation: How Were You Compromised?
While waiting for recovery, take time to investigate the security vulnerability. Otherwise, even after recovering your account, it could be compromised again.
Check your registered email. Log into your email and look for any suspicious forwarding rules (a common tactic by attackers). Review the email login history for unusual IPs and locations. If your email was also compromised, prioritize securing it first — change the password, enable two-factor authentication, and remove suspicious app authorizations.
Recall your recent activities. Did you click any suspicious links? Did you enter your Binance password on any unfamiliar website? Did you download any suspicious apps or software? Did you log into Binance on public WiFi? Did you share your password with anyone? These are all common leak vectors.
Check device security. Run a full scan with antivirus software on your phone and computer. Pay special attention to keyloggers or remote control malware.
Recovering Your Account
Once security threats have been eliminated, contact Binance support to request account recovery.
Prepare the following materials: registered email address or phone number, KYC identity document photos (front and back), a selfie holding your ID (it's recommended to write the date and "Recover Binance Account" on a piece of paper and include it in the photo), and screenshots of recent trades or deposits (to help verify your identity).
After submission, wait for review — typically 1 to 5 business days. The more complete and detailed your materials are, the faster the review process.
Comprehensive Security Hardening After Recovery
After your account is recovered, don't rush into operations. Follow these steps to rebuild your security defenses.
Change your password: Set a new high-strength password of at least 12 characters, including uppercase and lowercase letters, numbers, and special characters. Use this password only for Binance — don't share it with any other platform.
Rebind your authenticator: Unbind the old Google Authenticator and rebind a new one on your current device. Save the new 16-digit backup key securely.
Clean up login devices: Remove all devices in "Device Management," then keep only the device you're currently using.
Clean up withdrawal addresses: Delete all addresses in "Withdrawal Address Management" and re-add only your own addresses. It's recommended to enable the "Withdrawal Whitelist" feature.
Set up an anti-phishing code: Enter a phrase that only you know. From then on, every email from Binance will display this phrase, helping you identify genuine emails from fakes.
If Assets Have Already Been Transferred
If attackers withdrew some or all of your funds before you froze the account, you need to take the following steps.
When contacting support for account recovery, clearly report the theft and provide details of the transferred funds: cryptocurrency type, amount, withdrawal time, and destination address. Binance's security team has on-chain tracking capabilities and can assist in investigating fund flows.
Save all relevant screenshots and email notifications as evidence.
Consider filing a report with local law enforcement, especially if the stolen amount is significant. Provide the timeline and evidence materials you've compiled and cooperate with the police investigation.
It's important to accept that once on-chain transfers are confirmed, they're difficult to reverse. However, working with all relevant parties for investigation still offers a chance of recovery.
Frequently Asked Questions
Q: What happens to my assets after freezing?
They are completely safe. Freezing only suspends all operational functions — your assets remain untouched in the account. No one (including yourself) can move these assets during the freeze period.
Q: Will withdrawals be restricted after account recovery?
Yes. If you reset your password or authenticator during the recovery process, withdrawal functionality will be restricted for 24 to 48 hours. This is a security cooling-off period to ensure that even if the recovery process is exploited by attackers, funds cannot be immediately transferred.
Q: Can I still view my balance while the account is frozen?
It depends on the freeze method. If you voluntarily disabled your account but can still log in, some viewing functions may still be available. If the account is fully locked, you may need to wait for recovery to view it. Regardless, assets will not change during the freeze period.
Q: How can I tell if a security alert email is real or a phishing attempt?
If you've set up an anti-phishing code, every genuine Binance email will contain your unique phrase. If you haven't set one up, you can log into the Binance APP and check recent security activity records to cross-verify whether the events mentioned in the email actually occurred.