If your Binance account is compromised, the biggest loss is having crypto transferred out. The withdrawal whitelist feature prevents this — once enabled, you can only withdraw to addresses on the whitelist. Even if a hacker takes control of your account, they cannot send funds to their own address. Set this up on the Binance official website or the official Binance app. iPhone users see the iOS installation guide.

What Is a Withdrawal Whitelist?

Simply put: it is an "approved withdrawal address list."

  • Before whitelist: You can withdraw to any address
  • After whitelist: You can only withdraw to whitelisted addresses

To steal your funds, a hacker would need to add their address to the whitelist first. But adding a new address requires email confirmation, SMS verification, Google Authenticator, and usually a 24-hour freeze period. This gives you ample time to detect and respond to any suspicious activity.

Setup Steps

Step 1: Enable whitelist

App: Profile > Security > Withdrawal Whitelist > Enable Web: Avatar > Security > Withdrawal Whitelist > Enable

Complete security verification (SMS + Email + Google Authenticator) to enable.

Step 2: Add trusted addresses

After enabling, add your frequently used withdrawal addresses: Whitelist page > Add Address > Select coin > Select network > Enter address > Add a label (for identification) > Security verification > Done.

Recommended addresses to add: Your personal cold wallet, your deposit addresses on other trusted exchanges, your hardware wallet addresses.

Step 3: Wait for freeze period

Newly added addresses typically have a 24-hour freeze period during which you cannot withdraw to them. This is an excellent safety mechanism — even if someone bypasses verification and sneaks in an address, you have 24 hours to discover and act.

Whitelist Best Practices

Only add verified addresses: Double-check every character before adding. Sending crypto to a wrong address means permanent loss.

Clean up regularly: Remove addresses you no longer use. Fewer whitelisted addresses means higher security.

Manage by coin type: Whitelists are coin-specific. A BTC whitelist only applies to BTC withdrawals, ETH whitelist only to ETH. Add addresses separately for each coin you withdraw.

Label clearly: When adding addresses, describe them clearly — "My Ledger cold wallet," "OKX deposit address," etc. Makes management much easier.

Common Questions

Need to withdraw to a new address urgently?: Add the address and wait 24 hours. If truly urgent, temporarily disable the whitelist (requires security verification), complete the withdrawal, then re-enable. Not recommended to disable frequently.

Can the whitelist be disabled?: Yes, in security settings. Requires full verification, and withdrawal limits may be restricted for 24 hours after disabling.

Can whitelisted addresses be removed?: Yes. Find the address in management and delete it with security verification.

Does API withdrawal obey the whitelist?: Yes. API withdrawals are also restricted to whitelisted addresses.

Combined Security Setup

The withdrawal whitelist is one link in the security chain. Use it alongside:

  1. Two-factor authentication (2FA): Login and operation security
  2. Anti-phishing code: Phishing attack prevention
  3. Withdrawal whitelist: Asset transfer protection
  4. Email confirmation for withdrawals: Extra verification layer
  5. Device management: Login behavior monitoring

With all five enabled, your Binance account has extremely robust security. A hacker would need to simultaneously breach your password, SMS code, Google Authenticator code, email verification, and whitelist restrictions — an extremely difficult task.

Spend a few minutes enabling these security features and protect the assets you have worked hard to accumulate.