How Safe Is Binance


The bottom line is that Binance is a very safe crypto exchange (with some caveats). It keeps the vast majority of its crypto in “cold wallets” that are not connected to the internet. This limits losses in case of a hack and makes it unlikely that an attack will cause Binance to become insolvent. This means that if the exchange suffers a major attack, users are likely to be reimbursed by the company.

Binance also offers hardware 2FA, a real-time monitoring system to detect suspicious activity, security notifications through email, and many other advanced security features.

Overall, Binance is a highly secure exchange.




On the other hand, no crypto exchange is 100 percent-secure, including Binance. In the next few sections, we’ll go over its security practices in detail, and we’ll consider some ways that these practices can be circumvented by attackers who wish to steal your crypto. We’ll also discuss ways that you can help to prevent these attacks.

First, let’s go over the primary security practices of Binance.

Binance.US Security Practices





 few of Binance’s security measures that help to prevent cyberattacks:


  • Cold wallets

  • Ever since the notorious Mt. Gox hack,1 security experts have warned exchanges to always keep the vast majority of their crypto on devices that are not connected to the internet. Binance doesn’t disappoint here, as it states that the “vast majority” of its crypto is stored in cold wallets, outside of the grasp of cyberattackers.

  • Two-factor authentication (2FA)
  • Like most crypto exchanges, Binance allows you to implement 2FA on your account. If you turn this feature on, you’ll be required to enter a code from your phone every time you log in or make a withdrawal. You can use text messaging or an authenticator app to receive the code. Unlike most exchanges though, Binance also allows you to use a hardware device such as Yubikey to receive the code, which is an even stronger method than using a mobile app.

  • Real-time monitoring.


                                         


 Binance tracks every action done on the exchange, and it has an algorithm that analyzes activity to see if it is unusual. Any action identified as suspicious results in a 24-to-48-hour freeze on withdrawals from your account. If you actually did authorize the action, you can contact customer service to have the freeze removed, or you can just wait for the time period to pass. But if your account was hacked, the 24-to- 48-hour freeze should give you enough time to alert the staff that your account has been compromised.


  • Access control.


                               

  • If you want further protection, you can set up “access control” mechanisms on Binance that limit withdrawals to only certain IP addresses or wallet addresses.

  • Organizational Security.



   


 Binance uses advanced organizational security systems to help keep its crypto secure, including threshold signature schemes (TSS) that require multiple parties to authorize a transfer from one wallet to another.


  • Security notifications





  • If Binance’s system detects suspicious activity on your account, it immediately notifies you through email.

  • Data encryption.




  •  Social Security numbers, addresses, and other personal data is stored in encrypted form, making it very difficult for a hacker to get this information.

  • Secure Asset Fund for Users (SAFU).






  •  Binance keeps a $1 billion fund available to reimburse users in case there is a major breach of Binance’s platform. This should help to make sure that the company does not go bankrupt and fail to pay its obligations to users.

    • Binance has some of the most advanced security systems of any crypto exchange. But it isn’t completely secure. In the next section, we’ll go over some risks of using Binance.    

    Risks of Using Binance



    No matter how secure Binance is, it is still an old-school, Web 2.0 app. In other words, it requires a username and password instead of a cryptocurrency wallet for logins. This means that when you first set up an account with Binance, you have to think up a password to use to log in.There are lots of security problems with this type of login system. For one, you might be tempted to use the same password for Binance that you do for other websites, just so that you can remember your password. But this means that if an attacker breaches the security of another website that you use, he will have a hash of your Binance password.

    Enabling 2FA can help to prevent these types of attacks. But many people receive their 2FA codes from text messages. These messages can be intercepted if the attacker calls up your phone company and pretends to be you, telling your phone company that you want to transfer your phone service to your “new phone” (the attacker’s phone).

    Binance Hack




    However, Binance admitted that this hack was not the fault of users, and it reimbursed all of its customers’ accounts from the SAFU immediately. None of Binance’s users lost any crypto or cash from the hack.

    This hack only affected the international version of Binance. The U.S. branch has never been hacked. But because Binance.US and Binance.com use similar security systems, we thought we should make you aware of this issue.