You suddenly receive an email saying your Binance account was logged into from a device in an unfamiliar city — but you never did that. Or worse, you open the APP and find a significant chunk of your balance is missing. There's only one thing to do: act fast. If you're preparing to open an account, set all security features to maximum right after you register on Binance. Existing users should make sure they've downloaded the Binance APP with the latest version — mobile is fastest in emergencies.
Emergency Step 1: Disable Your Account
Whether or not you're 100% certain of an intrusion, disable first. Disabling doesn't harm any assets but immediately stops all operations.
When You Can Still Log In
- Open the Binance APP or website
- Go to "Account Security" or "Security Center"
- Find the "Disable Account" button
- Click and confirm
When You've Been Locked Out
Three approaches:
- Email link: Check login alert emails — there's usually a "Freeze Account" link at the bottom
- Password reset page: Click "Forgot Password" on the login page — there's a freeze option in the reset flow
- Contact support: Through the support portal at the bottom of the Binance website
Step 2: Protect Your Email
Your Binance password can be changed and verification methods disabled often because the email was compromised first. An intruder controlling your email controls everything.
Do these immediately:
- Change email password: Set a brand new, at least 16-character strong password
- Check login history: Look for unfamiliar IPs or devices
- Check email rules: Especially look for auto-forwarding rules — intruders commonly use this to secretly forward your emails
- Enable email 2FA: If not already enabled
Step 3: Document Evidence
While your memory is fresh, record:
- The exact time you noticed the anomaly
- The last time you normally used your account
- Unusual operations observed (unfamiliar device logins, unrecognized withdrawals, modified security settings)
- Screenshots of all related emails
- If there are asset losses, document the currencies and amounts
This information will be needed when contacting support and potentially filing a police report.
Step 4: Contact Binance Support
Use these official channels:
- Live support in the Binance APP or website
- Submit a security-category ticket in the Help Center
- Contact through official social media (watch out for fake support agents)
When explaining your situation, be clear and concise:
"My UID is XXXXX. On [date] at [time], I noticed unusual login/withdrawal activity on my account. I've already disabled the account. Please assist with the investigation."
Binance typically prioritizes security incidents and responds within 24 hours.
Step 5: Security Recovery
After Binance confirms safety and unfreezes your account, do a complete security rebuild:
Password Reset
- Set a completely new strong password
- Don't share it with any other platform
- Consider using a password manager to generate random passwords
Full Verification Reset
- Re-bind Google Authenticator (save the backup key)
- Confirm phone number and email bindings are correct
- Bind a hardware security key if possible
Clean Up Devices and APIs
- In "Device Management," keep only recognized devices and delete everything else
- In "API Management," delete all API keys
- Check if unfamiliar addresses were added to the withdrawal whitelist
Enable Advanced Security Features
- Anti-Phishing Code: Every official Binance email will carry your unique identifier
- Withdrawal Whitelist: Only allow withdrawals to trusted addresses
- Login IP restriction (if available)
New users who register on Binance should set these up from the start.
How Intrusions Typically Happen
Phishing Attacks
The most common method. You may have clicked a link that looked like the Binance website but was actually fake. It's recommended to only access Binance through downloading the Binance APP rather than clicking unfamiliar links.
Email Breach
You used the same email-password combination on Binance and another website that had a data breach.
Malware
Trojan programs on your computer or phone secretly recording keystrokes or capturing screen information.
SIM Swap
Attackers use social engineering to get carriers to transfer your phone number to their SIM card, thereby receiving your SMS verification codes.
Can Lost Assets Be Recovered
Honestly, it's difficult but not entirely impossible:
- If the withdrawal is still under review or in a security freeze period, account freezing can intercept it
- If already transferred to an on-chain address, recovery requires cooperation with law enforcement
- Binance has the SAFU fund — platform-side issues are compensated
- File a police report and keep the records
FAQ
Q: I received an unusual login alert but my assets are unchanged. Do I still need to take action?
A: Yes. Even if assets are unchanged, change your password and check security settings. The attacker may not have had time to act before you noticed.
Q: How long to restore a frozen account?
A: Usually 1-3 business days. Investigations may take longer, but your assets are completely safe during this time.
Q: I suspect someone close to me did this. What should I do?
A: Disable the account first, change all passwords, and check your devices for monitoring software. If significant amounts are involved, consider filing a police report.
Q: How to completely prevent this in the future?
A: Unique strong password + Google Authenticator + Anti-Phishing Code + Withdrawal Whitelist — enable all four and the probability of being hacked becomes extremely low.
Q: Binance support says I need to "pay a deposit to unfreeze" — is this real?
A: This is absolutely a scammer impersonating support. Official Binance support will never ask you to pay a deposit or make a transfer to unfreeze your account. Block immediately.