Highlights
When it comes to funds and user data, the importance of risk management cannot be overstated.
In this new series, we share our experience in identifying and eliminating potential threats to help keep you safe.
Learn more about the security measures of the Binance platform with Jimmy Su, Director of Security at Binance.
The best way to manage risks is to anticipate them. This is how we keep our users safe on Binance, starting with our platform security measures.
When it comes to your personal information and crypto assets, taking risks is not an option. That's why understanding and managing risks should be a top priority for any organization that manages what is valuable to its customers.
From volatility control mechanisms to strict security policies, Binance takes a holistic approach to protecting users. In this new Risk Management series, we'll share more about our best practices for identifying and combating the biggest threats to our users.
To kick off this series, we'll take you through Binance's first line of defense for its users: the platform's security measures.
Binance and the security of its platform
“The offense is the best defense. To protect our users, we need to understand the crypto ecosystem not only from the user's point of view, but even more so from the hacker's point of view. – Jimmy Su, Chief Security Officer at Binance
At Binance, we observe and study in great detail how sophisticated attackers work. It is essential to ensure that we maintain the highest levels of security for user personal data and funds. The key to our security? Anticipate attacks.
“A deep layer of defense, such as platform security features, is critical to the security of all businesses. What we are doing differently is knowing our enemy through attack-defense simulation." – Jimmy Su, Director of Security at Binance
To support this work, Binance enlists the help of two types of white hat hackers: internal and external.
These two groups of security experts have different, but equally vital roles in the security of our platform. The internal white hats are world-class hackers hired into the Binance Red Team. External white hats are participants in our bug bounty program. Both groups help simulate attacks to test the weaknesses and vulnerabilities of our platform.
Running bounty programs and hosting Capture the Flag competitions allows Binance to leverage the capabilities of world-class cybersecurity experts to improve the overall security of our platform.
Binance platform security measures
Platform Security: A Holistic Approach
Security is complex. We have to look at everything that could threaten us—from technical vulnerabilities to human behavior—and prepare accordingly. Only then can we protect our users against a series of threats.
Know Your Customer (KYC) and Anti-Money Laundering (AML) Protocols
“Our goal is to be the best KYC provider by having our users and employees test our KYC protocols.” – Jimmy Su, Chief Security Officer at Binance
As a global organization, Binance coordinates with many providers to adapt the KYC approach to users in different jurisdictions.
Binance also maintains best-in-class anti-money laundering (AML) processes through its internal services and third-party providers. This includes on-chain providers like Chainalysis who assist us with specific investigations that support fund recovery efforts.
Multi-factor authentication (MFA)
For a better user experience, our platform categorizes risk levels and implements appropriate multi-factor authentication (MFA) measures. For low-risk activities such as logging into Binance with a recognized device to view account balances, advanced MFA may not be required. Conversely, high-risk activities, particularly withdrawals, will require a secondary login factor to execute.
Continuous surveillance
Hackers can exchange intelligence and tips through dark web forums; We track this and share information with authorities to support the safety of the entire industry.
We also look at threats and conduct regular security audits. Some of these are:
Threat intelligence monitoring. We monitor third-party data breaches and dark web markets for threat indicators. If it appears your account may be at risk, we will automatically secure your login credentials for your protection.
Real-time monitoring. We use advanced artificial intelligence and machine learning algorithms to detect irregular activity on the platform, such as unusual login patterns (logging in from different clients, devices or locations) and transaction patterns (frequency, increased number of withdrawals) .
Periodic tests and audits. We use techniques such as penetration testing, vulnerability scanning, and code review to test for weaknesses. Audits are also carried out to ensure the privacy and security of user data.
Antiphishing code function
In phishing scams, bad actors send fake Binance emails to steal your funds. If you have set up an anti-phishing code—a four-digit code that only you and Binance know—the code will be attached to our emails. Then you can quickly and safely identify that they are from Binance.
Binance Verify
Another way to verify if you are interacting with a real Binance source is through Binance Verify. You can check website links, email addresses, phone numbers, WeChat IDs, Twitter accounts, and Telegram IDs.
Withdrawal whitelist
You can also create a withdrawal whitelist to reduce the risk of unauthorized access. The whitelist is a list of trusted wallet addresses to which you can withdraw your cryptocurrencies.
SAFU fund valued at one billion dollars
“Binance’s $1 billion SAFU fund is an industry first and the most comprehensive safety net that can cover a user. Right now, no third-party insurance can match it.” —Jimmy Su, Chief Security Officer at Binance
In July 2018, Binance launched the Secure Asset Fund (SAFU) for users. This emergency fund helps users recover assets lost due to security breaches. The fund was valued at $1 billion on January 29, 2022, but fluctuates due to market changes. To address this, we are ensuring the size of the fund is maintained, returning it to $1 billion if its value falls.
Staff training
We provide security training so our team can stay alert to the latest scams and social engineering attacks. We also ran phishing email drills and sent fake emails to Binance employees to test good security hygiene. These activities help train our staff to avoid becoming victims of phishing.
Other platform measurements
Login expiration mechanism
Instant security notifications
Cold storage of digital assets
Real-time monitoring of transactions and irregular activity
A few words for our readers
“When it comes to user protection, the best line of defense is to be proactive in safeguarding your own assets and information. That is why it is essential to educate our users.” – Jimmy Su, Chief Security Officer at Binance
Binance employs a variety of security protocols to protect you and your assets. However, our platform security measures and tools can only go so far: our users also need to know how to recognize and avoid potential threats on their own.
Cryptocurrency owners must be equipped with the necessary knowledge to recognize and avoid common threats. You can practice good safety hygiene in many different ways, including the following:
Verify your identity:
Help us protect you from identity theft, fraud and financial crimes.
Activate MFA:
Add an extra layer of security by protecting your account.
Create a whitelist:
Only allow trusted addresses to withdraw funds from your account.
Activate an anti-phishing code:
This code is unique and will help you know if the emails you receive from Binance are legitimate.
Usa Binance verify:
Detect and prevent phishing attacks through emails, Twitter and more.
Keep calm and manage risks with Binance
To achieve platform security on all possible fronts, Binance regularly sets new security goals every quarter, such as stress testing our current systems and training our staff.
Additionally, we encourage all cryptocurrency owners to take proactive measures to safeguard their assets. This includes staying aware of the latest scams in the Web3 space and the security features available to combat them.
Stay tuned for our next installment.
You might also be interested…
Comparison of KYC processes in the crypto sector
Don't get caught by scammers: Anti-Phishing codes and how to protect yourself
Binance Account Security Tips
