Important notes

  • The importance of risk management cannot be ignored when it comes to user funds and data.

  • In this new series, we share our experience detecting and eliminating potential threats to help keep you safe.

  • Learn more about Binance's platform security measures with Jimmy Su, Director of General Security at Binance.

The best way to manage risks is to be prepared for them in advance. Here's how we keep users safe at Binance, starting with platform security measures.

Taking risks cannot be an option when it comes to your personal information and crypto assets. Therefore, risk awareness and management should be a top priority for all organizations that deal with what is valuable to their customers.

From volatility control mechanisms to the toughest security policies, Binance takes a holistic approach to protecting our users. In this new Managing Risk series, we'll share more about our best practices for detecting and combating the biggest threats to our users.

To kick off this series, we'll take you through Binance's platform security measures, which are the first line of defense for our users.

Binance's Stance Against Platform Security

"The best defense is attack. To protect our users, we must understand the crypto ecosystem not only from our users' perspective, but also from the hackers' perspective." – Jimmy Su, Binance General Security Director

At Binance, we carefully observe how powerful attackers operate and work on it. It is of utmost importance to ensure that we provide the highest level of security for users' personal data and funds. What is the cornerstone of our security? Being prepared for attacks in advance.

"An in-depth defense layer, such as platform security features, is of great importance for the security of all organizations. What we do differently is knowing our enemy through attack-defense simulation." – Jimmy Su, Binance General Security Director

To support this work, Binance enlists the help of two types of white hat hackers, internal and external.

These two groups of security experts have different but equally important roles in our platform security. Internal white hats are top-notch hackers working on the Binance Red Team. External white hats are participants in our bug bounty program. Both groups help simulate attacks to test vulnerabilities and vulnerabilities of our platform.

Running bounty programs and Capture the Flag competitions allows Binance to leverage the talents of world-class cybersecurity experts to improve our overall platform security.

Binance Platform Security Measures

Platform security: A holistic approach

Security is a complex issue. From technical vulnerabilities to human behavior, we need to examine many issues that may threaten us and prepare accordingly. Only in this way can we protect our users against many threats.

Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols

“We aim to be the best KYC provider by enabling our users and employees to test our KYC protocols.” – Jimmy Su, Binance General Security Director

As a global organization, Binance works with many merchants to tailor our KYC approach for users in different jurisdictions.

Binance also maintains best-in-class anti-money laundering (AML) processes through its internal services and external vendors. These processes include on-chain vendors such as Chainalysis, who assist us with targeted investigations that support fund recovery efforts.

Multi-factor authentication (MFA)

For a better user experience, our platform categorizes risk levels and implements appropriate multi-factor authentication (MFA) measures. Advanced MFA may not be needed for low-risk activities such as logging into Binance with a recognized device to view account balances. In contrast, a secondary login factor is required, especially for processing high-risk activities such as withdrawals.

Continuous surveillance

Hackers may be sharing information and tips with each other via dark web forums, so we monitor these flows and share information with law enforcement agencies to support the security of the entire industry.

We also pay attention to threats and conduct regular security audits. These inspections include:

  • Monitoring threat information. We monitor third-party data breaches and darknet markets for threat indicators. If your account appears to be at risk, we automatically secure your login information to protect you.

  • Real-time monitoring. We use advanced artificial intelligence and machine learning algorithms to detect abnormal activity on the platform, including unusual logins (logins from different customers, devices or locations) and transaction movements (timing, increased withdrawal amount).

  • Regular testing and inspection. We use techniques such as penetration testing, vulnerability scans and code reviews to test for vulnerabilities. Audits are also carried out to ensure user data privacy and security.

Anti-phishing code

In phishing scams, malicious actors send you fake Binance emails to steal your funds. If you have set the anti-phishing code, which is a four-digit code that only you and Binance know, this code will be added to emails we receive to you. This way, you can quickly and safely identify that emails come from Binance.

Binance Verification

Another way to find out if you are communicating with a real Binance source is through Binance Verification. You can verify website links, email addresses, phone numbers, WeChat IDs, Twitter accounts, and Telegram IDs.

Shooting whitelist

You can also create a capture whitelist to reduce the risk of unauthorized access. A whitelist is a list of trusted wallet addresses from which your cryptocurrency can be withdrawn.

Billion dollar SAFU fund

“Binance's billion-dollar SAFU fund is an industry first and the most comprehensive safety net a user can be in. No third-party insurance can currently match this.” – Jimmy Su, Binance General Security Director

In July 2018, Binance launched the Secure Asset Fund (SAFU) for users. This emergency fund helps users recover lost assets due to security breaches. The fund had a value of USD 1 billion on January 29, 2022, but its value fluctuates due to market changes. To solve this problem, we make sure we maintain the size of the fund by increasing it back to 1 billion USD when its value drops.

Training of employees

We offer security classes so our team can stay alert to the latest scams and social engineering attacks. We also practice phishing emails and send fake emails to Binance employees to test them for good security clearance. These activities help prevent our employees from falling victim to phishing scams.

Other platform measures

  • Login expiration mechanism

  • Instant security notifications

  • Cold storage of digital assets

  • Real-time monitoring of transactions and abnormal activities

A Note to Our Readers

"The best line of defense when it comes to user protection is to take a proactive role in protecting your assets and information. That's why educating our users is so important." – Jimmy Su, Binance General Security Director

Binance uses numerous security protocols to protect you and your assets. However, our tools and platform security measures will only go so far; our users must know how to recognize and avoid potential threats on their own.

Crypto holders should have the knowledge to recognize and avoid common threats. You can implement good security cleaning in many different ways, including:

 

Keep Calm and Manage Risks with Binance

To ensure platform security in all possible areas, Binance regularly sets new security goals every three months, such as stress testing our existing systems or providing training to our employees.

We also encourage all crypto holders to take proactive steps to protect their assets. This includes staying up to date on the latest scams in the Web3 space and the security features available to combat them.

Stay tuned for the next part of our series.

Further Reading

  • (Blog) KYC in Crypto - A Comparison

  • (Blog) Topic of the Day: Anti-Phishing Codes and Methods to Protect Yourself

  • (FAQ) Binance Account Security Tips