Binance Adds 7-Day Withdrawal Lock Amid 75% Rise in Wrench Attacks

Binance launched "Withdraw Protection" on May 4, 2026 – a user-controlled lock that freezes on-chain withdrawals for one to seven days, preventing transfers even if an account holder acts under duress. Verified physical coercion incidents against crypto holders surged 75% in 2025, reaching 72 confirmed cases, according to CertiK and researcher Jameson Lopp.

Wrench attacks bypass every password and 2FA code. If you hold significant crypto, this is the threat model to understand – and Withdraw Protection is Binance's answer to it. Follow Web Snack for security developments that affect your holdings.

How 72 Wrench Attacks in 2025 Pushed Binance to Act

Verified physical coercion incidents against crypto holders jumped 75% in 2025 relative to 2024. Assault-related attacks within that figure rose 250%, and confirmed losses from the 72 documented cases exceeded $40.9 million. Jameson Lopp's long-running incident log puts the number closer to 70, with real totals likely higher because many cases get logged as generic robberies with the crypto angle omitted.

France saw 19 verified attacks in 2025 – over a quarter of global incidents – partly because the country hosts a dense class of publicly identifiable crypto founders and executives. The Ledger co-founder kidnapping in January 2025 was the most high-profile case. In February 2026, a Binance France employee was targeted in a botched home invasion in the Paris suburbs; two phones were stolen before suspects were arrested.

Coinbase has offered Vault accounts with a 48-hour delay and email confirmation for years. Kraken provides a similar Global Settings Lock. But the pattern of attacks in 2025 made a stronger, user-initiated version of the concept more pressing than those existing options.

Withdraw Protection: 1–7 Day Lock With a Hard-to-Override Policy

The feature lets users set a withdrawal freeze lasting one to seven days; the default window is 48 hours. During the lock period, on-chain withdrawals are blocked for everyone – including the account holder. Trading, depositing, and other account functions remain available.

A stricter "lockdown" mode disables early unlocking entirely, meaning the freeze runs until expiry regardless of what anyone requests. In the standard mode, early removal requires both an authenticator app and a hardware security key. Binance says the lock works alongside existing defenses including withdrawal address whitelisting, device management, anti-phishing codes, passkeys, and 2FA.

Binance's press release described the lock as exchange-unoverridable. CSO Jimmy Su clarified the precise mechanism to CoinDesk: "It's an internal policy for this particular feature. Our customer service agents are not able to override it." The distinction from a cryptographic lock is real – internal policy can theoretically be changed – and Su confirmed the feature does not block law enforcement orders. "This does not prevent law enforcement from taking action on accounts," he said.

Why Coercion Defeats Normal Account Security

Wrench attacks work because the legitimate user performs every step under duress. No password check, biometric gate, or 2FA prompt can flag a coerced withdrawal as suspicious – the real account holder is the one completing each action. A time delay changes that math: a user who activates Withdraw Protection before traveling to a high-risk region cannot be forced to move funds on arrival, even under physical threat.

Su framed the feature as one layer in a broader security model, not a standalone fix. Binance is building context-aware authentication that increases friction for high-risk actions like withdrawals while keeping routine actions such as login and trading low-friction. Su's practical advice for the wrench-attack threat model was more basic: "Crypto users need to protect their online presence. Trying to protect the confidential information in terms of how much they have in crypto. Make yourself a harder target."

A separate risk Su flagged is API keys issued to third-party trading bots. "If the trading bot is a scam, it can be used to cause trading losses and unauthorized withdrawals," he said. Keys issued to bots grant the same operational access as the account holder, and users who reuse or poorly manage them extend their attack surface significantly.

No Confirmed Rollout Dates for New Layers, But Direction Is Set

Binance has not announced a timeline for expanding context-aware authentication beyond its current development stage. Su described the direction without committing to specific feature launches: higher friction on withdrawals, lower friction on lower-risk actions. Withdraw Protection is the first concrete release in that framework.

The pressure to build it came partly from a pattern Binance observed internally. Su told CoinDesk the company saw "withdrawals that are more risky or even coerced in some cases" and noticed users traveling to regions where being visibly associated with crypto carries physical risk. The Binance France incident in February 2026 offered a direct data point.

Competing exchanges will likely face user pressure to match or exceed the feature. Coinbase's Vaults and Kraken's Global Settings Lock are both exchange-managed mechanisms; Binance's framing of Withdraw Protection as user-initiated and unoverridable positions it differently, even if the underlying guarantee depends on internal policy rather than cryptography.

Crypto security isn't just about wallet keys anymore. Get the threats that matter – physical, regulatory, and on-chain – in your inbox each week with Web Snack.

P.S. This article is for informational purposes only and does not constitute investment advice. Always conduct your own research and make independent decisions.