Is Binance Safe?
Binance is the world’s largest cryptocurrency exchange, with a separate exchange (Binance.us) serving the US market. Binance’s missive market means higher liquidity and more efficient trades, but is Binance safe to use?
Many experienced traders remove their crypto from exchanges after they’re done trading. This measure helps safeguard against hacks, frozen accounts, and other risks. However, safety sometimes takes a backseat to convenience, and trade timing may interfere with your plans for a speedy withdrawal.
Adding to the concern, Binance’s founder and former CEO pled guilty to charges related to anti-money laundering (AML) compliance on the exchange. Despite this, Binance’s trading volume still dwarfs that of competing exchanges. In this guide, we’ll examine Binance’s safety features to answer the question, “How safe is Binance exchange?” Let’s start with the pros and cons of using the Binance platform for trading.
Pros and Cons of Binance
Binance has several advantages, including a large selection of popular cryptocurrencies, many of which aren’t available on Coinbase or Kraken. The platform is also well-known for its advanced trading tools. Safety features range from proof of reserves to whitelisting and even insurance funds.
Pros
- Over 400 cryptocurrencies
- Advanced trading tools
- 0.1% trading fees (advanced trade)
- Proof of Reserves
- IP and crypto wallet whitelisting
- Secure Asset Fund for Users (SAFU)
Cons
- Ongoing regulatory concerns
- Binance.com is not available in the US or Canada
- Binance.us does not support USD
- History of hacks and breaches
However, a spotty history of breaches and ongoing regulatory concerns give reason to investigate further. Let’s examine some of Binance’s safety features and how they work to protect users.
Key Binance Safety Features
How safe is Binance exchange? Since its launch in July 2017, Binance has introduced several key safety features, including an innovative self-insurance fund bearing the fun acronym SAFU. Let’s explore some of the safety and security measures Binance has put in place to protect users.
Secure Asset Fund for Users (SAFU)
One year after launching the Binance exchange, Binance launched the Secure Asset Fund for Users (SAFU). This emergency fund is intended to protect users against losses from a variety of potential causes. However, Binance specifically names login credential breaches due to a vulnerability or deficiency on Binance’s part as a key coverage target for the fund. Binance also reserves the right to change the use of the fund as needed.
Funding comes from a percentage of trading fee income set aside. Over the years, Binance has changed the fund’s makeup, shuffling token allocations. As of this writing, SAFU holds more than $1 billion in assets, currently stored in the USDC token, which is pegged to the USD value.
Binance publicizes the Ethereum wallet address of SAFU holdings for transparency.
0x4B16c5dE96EB2117bBE5fd171E4d203624B014aa
Proof of Reserves (PoR)
Binance was among several competing exchanges that led the way on proof of reserves (PoR), an audited method of showing an exchange has sufficient assets to cover user deposits. Proof of reserves shows Binance’s on-chain holdings relative to customer balances.
In many cases, Binance’s reserves well exceed those needed to cover customer balances.
Proof of reserves is an essential step toward transparency. CoinMarketCap, a leading crypto data aggregator, tracks more than 250 spot-market crypto exchanges. However, dozens of exchanges close or disappear each year. Among the most noteworthy have been Mt. Gox and the FTX exchange, the latter of which collapsed in 2022 amid scandal.
As the largest crypto exchange by trading volume, Binance represents a considerable risk to the crypto without proof or reserves. PoR provides verifiable assurance that funds are indeed SAFU, a term adopted by the community to indicate safety.
Binance’s PoR is searchable by asset type, with the block height provided for each asset. This allows quick verification using a block explorer to view holdings by wallet address.
Two-factor Authentication (2FA)
Although Binance offers crypto trading, the platform itself is still web 2.0, meaning you log in with a username and password. Login credentials are the keys to the kingdom. If someone gains access to your trading account, they can withdraw your funds or, in some cases, access your funding accounts, such as a bank account.
In the US alone, the number of data breaches topped 3,200 in 2023. Many of these breaches centered on login credentials and other account information.
Binance offers two-factor authentication, enabling users to secure their account with a separate device they control. This prevents remote access if your login credentials are compromised.
Supported 2FA authentication methods include a security key, such as Yubikey, or an authenticator app, such as Google Authenticator. Binance also offers its own authenticator app.
Secure Storage
Like most exchanges, Binance stores most of its assets in cold storage. A cold wallet refers to a crypto wallet that generates and stores the wallet’s private key offline. In short, a cold wallet is protected from online threats.
Binance publishes its cold wallet addresses for major coins such as BTC, ETH, and leading stablecoins, allowing users to verify funds independently.
Whitelisting
Whitelisting on Binance refers to defining pre-approved wallet addresses. When you enable whitelisting, you choose which addresses are authorized for withdrawals. If someone gains access to your Binance account and tries to withdraw funds to an unauthorized address, Binance blocks the withdrawal and sends an email with an authorization code you can use if you initiated the transaction.
You can also whitelist specific IP addresses. Binance will deny access from any IP address not specified in your whitelist.
Monitoring
Binance monitors account activity for suspicious transactions, including deposits and withdrawals, to make the platform safer for users. The exchange now also strictly enforces Know Your Customer (KYC) and anti-money laundering (AML) policies. While these measures assist in compliance, they also help promote a safer trading environment.
Binance itself is also monitored. Binance’s run-ins with the US Department of Justice brought jitters to the crypto market, but at least one positive result of the kerfuffle was improved oversight. Two firms, one selected by FinCEN and the other chosen by the DOJ, now oversee Binance’s compliance efforts, reporting back to the US government.
The monitoring arrangement, part of a settlement agreement with the US Treasury Department and DOJ, is expected to last three years.
Encryption
As expected, Binance uses end-to-end encryption to secure connections to the site. In addition, both Binance.com and Binance.us encrypt stored user data.
Anti-phishing Measures
Phishing refers to spoofing emails to gain information or login credentials. For example, a scammer might send an email that appears to be from Binance asking you to log into your account. Once the scammer has your login information, they can access your account — unless you’ve enabled 2FA authentication.
To combat this risk, Binance lets you enable anti-phishing codes alongside several other security features.
Once you activate an anti-phishing code, Binance includes the code in all official emails from the platform. Emails that don’t include this code or that include an incorrect code aren’t genuine. Anti-phishing codes prevent hasty mistakes and remove the need for time-consuming detective work to determine if an email is genuine.
Binance Security Breaches
Every crypto exchange is a target for hackers and exploits, and as the world’s largest crypto exchange, Binance is an attractive target. Several breaches and hacks have occurred over the years. Let’s review some security issues Binance has faced and how the exchange reacted to protect against future attacks.
- BNB Bridge Hack: One of the most notorious crypto hacks didn’t affect the Binance exchange directly. Instead, the hack attacked a crypto bridge used for the BNB coin, a cryptocurrency project led by Binance. The stolen BNB coins were valued at $570 million at the time. BNB Chain announced an on-chain vote to determine the next steps and a hard fork fortified the chain against the vulnerability days after the exploit.
- $40 Million BTC Stolen: In 2019, a security breach led to the theft of API keys and 2FA codes. The hackers withdrew 7,000 bitcoins, about 2% of Binance’s holdings at the time, in one transaction. Binance has since hardened its security, and the Secure Asset Fund for Users covered the losses.
Binance users have suffered losses in other breaches. However, many of these involved individual accounts and may have been related to malware installed on the user’s machines. In one example, a user reportedly suffered an account breach that led to a $1 million loss. Binance officials denied responsibility for the hacked account, citing a malicious browser extension installed on the user’s device.
How Can Binance Improve Safety for Users?
Binance already leads the industry in many safety areas. However, there is always room for improvement to make users safer.
Education
Binance offers extensive educational materials on everything from trading to account safety. Users would benefit if Binance made these resources conspicuous in well-trafficked areas of the platform rather than in separate areas like Binance Academy alone. Many users may not be aware of some of the safety features offered by Binance or the risks associated with not enabling safety features.
Encourage More Robust 2FA
Binance requires 2FA in many cases, but it is possible to transact without using an authenticator app. In some cases, users can use SMS authentication, which can be exploited remotely with port-out scams. Authenticator apps offer better protection.
Encourage Withdrawals
Funds not kept on the platform aren’t at risk from platform breaches. Binance could encourage users to withdraw the majority of their funds when not needed for trades. Self-custody crypto wallets allow users to avoid the risks associated with custodial wallets like those used on Binance.
Credential Breach Alerts
Banks, credit reporting agencies, and even browsers now inform users of breached credentials. To enhance safety, Binance could notify users if the login credentials they’ve used have been compromised. In many cases, users reuse the same login credentials for multiple sites. A breach on another site could put their other accounts at risk.
Are there Safer Alternatives to Binance?
Binance’s impressive safety measures, combined with crypto best practices, make it a relatively safe exchange to use. Several other exchanges and brokerages also enjoy a good reputation for security.
- Coinbase: As the largest publicly traded crypto exchange, Coinbase sees more regulatory scrutiny. Coinbase built its business around newer crypto traders, favoring security and ease of use over lower fees and advanced trading tools. Basic 2FA is required for all accounts, and KYC is strictly enforced.
- Kraken: Founded in the same year as Coinbase (2011), Kraken quickly developed a reputation for security and transparency. The company was formed in response to the Mt. Gox hack and set a goal of providing a more secure way to buy and trade cryptocurrencies.
- eToro: The eToro brokerage is highly rated by its users for safety and ease of use. Only a handful of cryptocurrencies can be withdrawn from the platform, and these withdrawal requests are subject to review, reducing user risk.
Coinbase and Kraken provide safe alternatives for users in the US. Binance.com does not support the US, and Binance.us does not support cash deposits (crypto only). eToro recently limited its crypto trading options in the US to three cryptocurrencies, following a settlement with the US Securities and Exchange Commission (SEC).
What Should You Do To Stay Safe on Binance?
While exchanges have a duty to protect users where possible, security starts with the user. Some simple steps can help protect your trading account and any linked accounts. Let’s review some of the best practices that can help keep your account safe on Binance or elsewhere.
- Enable 2FA: Two-factor authentication requires authorization on another device you control. Consider using an authenticator app over SMS or email.
- Use Whitelists: You can define specific wallet addresses for withdrawals. This may prevent hackers or thieves from withdrawing your crypto.
- Withdraw Your Crypto: You can also reduce risk by withdrawing your funds from the exchange after you’ve completed your trade.
- Use a VPN: A virtual private network (VPN) can help protect your private information and reduce your risk when using public WiFi or while using untrusted networks.
- Choose a Strong Password: A strong password does not use dictionary words or personal references. It should also be at least 12 characters long and use mixed-case letters, numbers, and special characters. Lastly, don’t reuse passwords for multiple sites, and don’t share your password.
- Avoid Malware: Dodgy browser extensions and malware can compromise your online security. Vet any new apps or software carefully before installing.
- Limit Trading Amounts: You can’t lose what you don’t put on the table. Consider making smaller deposits when you trade.
Our Verdict – Is Binance Safe?
So, is the Binance exchange safe to use? Binance offers a wide array of safety features to improve your security when using the platform. However, many of these features still require user selection and activation. Not using available features like crypto wallet whitelisting, authenticator app 2FA, and anti-phishing codes makes your account more vulnerable. Additionally, whether using Binance or any other exchange, it’s always wisest to withdraw your funds after you’ve completed your trade.
FAQs
Can Binance be trusted?
Binance offers a wide range of safety features that users can enable to help secure their accounts. The exchange also offers proof of reserves, which allows users to verify that the exchange holds enough crypto to cover customer accounts.
How does Binance secure crypto?
Binance stores the majority of crypto assets in cold storage. A cold storage wallet generates and stores the wallet’s private keys offline, protecting against online threats.
Has Binance been breached before?
Yes, in 2019, more than $40 million worth of Bitcoin was stolen from Binance. The exchange boosted security and covered the loss with its self-insurance fund, called the Secure Asset Fund for Users (SAFU).
Is Binance legal in the US?
Binance.com is not available to US users. However, traders in the US can use Binance.us, although the selection of cryptocurrencies varies between the two platforms.
Does Binance report to the IRS?
Binance.us uses Form 1099-MISC to report earnings to the IRS. Binance.com does not serve US customers.
Which is safer, Coinbase or Binance?
Both platforms now focus on safety and offer many of the same security options. Coinbase may be a better choice in certain regions, such as the US and Canada.
References
- Binance SAFU USDC (etherscan.io)
- A timeline of the collapse at FTX (apnews.com)
- Largest cryptocurrency exchanges based on 24h trade volume in the world on September 25, 2024 (statista.com)
- What’s Behind the Increase in Data Breaches? (wsj.com)
- Binance Gets Two Compliance Monitors in Settlements With U.S. Authorities (wsj.com)
- Binance Blockchain Hit by $570 Million Hack, Exposing Crypto Vulnerabilities (nytimes.com)
- bnb-chain v1.1.16 (github.com)
- Hackers Steal $40.7 Million in Bitcoin From Crypto Exchange Binance (yahoo.com)
- Binance co-founder denies responsibility for $1M trading loss on hacked account (cointelegraph.com)
- eToro to shut down nearly all crypto trading in settlement with US SEC (reuters.com)
About Cryptonews
Our goal is to offer a comprehensive and objective perspective on the cryptocurrency market, enabling our readers to make informed decisions in this ever-changing landscape.
Our editorial team of more than 70 crypto professionals works to maintain the highest standards of journalism and ethics. We follow strict editorial guidelines to ensure the integrity and credibility of our content.
Whether you’re looking for breaking news, expert opinions, or market insights, Cryptonews has been your go-to destination for everything cryptocurrency since 2017.