Managing Risks: An In-Depth Look at Binance’s Platform Security
When it comes to user funds and data, the importance of risk management can’t be overstated.
In this new series, we share our experience in identifying and eliminating potential threats to help keep you safe.
Learn more about Binance’s platform security measures with Jimmy Su, Binance’s Chief Security Officer.
The best way to manage risks is to anticipate them. Here’s how we keep our users safe on Binance, starting with our platform security measures.
When it comes to your personal information and crypto assets, taking chances isn't an option. That's why risk awareness and management should be a top priority for any organization handling what is valuable to its customers.
From volatility control mechanisms to stringent safety policies, Binance adopts a holistic approach to protecting our users. In this new Managing Risks series, we’ll share more about our best practices of identifying and combating the biggest threats to our users.
To kick-start this series, we’ll take you through Binance’s first line of defense for our users – our platform security measures.
Binance’s Take on Platform Security
“Offense is the best defense. To protect our users, we need to understand the crypto ecosystem not just from the user’s point of view, but more so the hacker’s.” – Jimmy Su, Binance Chief Security Officer
At Binance, we keenly observe and study how sophisticated attackers work. It’s essential to make sure that we maintain the highest levels of safety for user’s personal data and funds. The key to our security? Anticipating attacks.
“An in-depth defense layer like platform security features is fundamental to every enterprise’s security. What we’re doing differently is knowing our enemy – through offense-defense simulation.” – Jimmy Su, Binance Chief Security Officer
To support this work, Binance enlists the help of two types of white hat hackers – internal and external.
These two groups of security experts have different but equally vital roles in our platform security. Internal white hats are world-class hackers hired into the Binance Red Team. External white hats are participants in our bug bounty program. Both groups help simulate attacks to test our platform’s weaknesses and vulnerabilities.
Posting bounty programs and hosting Capture the Flag competitions allows Binance to leverage the capabilities of top-notch cybersecurity experts to enhance our overall platform security.
Binance Platform Security Measures
Platform security: A holistic approach
Security is complex. We need to look at everything that could threaten us – from technical vulnerabilities to human behavior – and prepare accordingly. Only then can we protect our users against a range of threats.
Know Your Customer (KYC) & Anti-Money Laundering (AML) protocols
“We aim to be the best KYC provider by getting our users and employees to test our KYC protocols.” – Jimmy Su, Binance Chief Security Officer
As a global organization, Binance coordinates with many vendors to tailor our KYC approach for users in different jurisdictions.
Binance also maintains best-in-class anti-money laundering (AML) processes via its internal services and external vendors. This includes on-chain vendors like Chainalysis that help us with targeted investigations supporting fund recovery efforts.
Multi-factor authentication (MFA)
For a better user experience, our platform categorizes risk levels and implements the appropriate multi-factor authentication (MFA) measures. For low-risk activities like logging into Binance with a recognized device to view account balances, advanced MFA may not be required. In contrast, high-risk activities – particularly withdrawals – will require a secondary log-in factor to execute.
Hackers may exchange intelligence and tips through dark web forums – we track this and share information with law enforcement agencies to support the security of the entire industry.
We also look out for threats and perform regular security audits. This includes:
Threat intelligence monitoring. We monitor third-party data breaches and darknet markets for threat indicators. If it looks like your account may be at risk, we’ll automatically secure your login credentials for your protection.
Real-time monitoring. We use advanced artificial intelligence and machine learning algorithms to detect abnormal activity on the platform, including unusual login patterns (logging in from different clients, devices, or locations) and transaction patterns (timing, increased withdrawal amount).
Regular testing and auditing. We use techniques like penetration testing, vulnerability scanning, and code review to test for weaknesses. Audits are also conducted to ensure user data privacy and security.
Anti-phishing code feature
In phishing scams, bad actors send fake Binance emails to steal your funds. If you’ve set up an anti-phishing code – a four-digit code only you and Binance know – the code will be attached to emails from us. You can then quickly and securely identify that they’re from Binance.
Another way to check if you’re interacting with a real Binance source is through Binance Verify. You can verify website links, email addresses, phone numbers, WeChat IDs, Twitter accounts, and Telegram IDs.
You can also create a withdrawal whitelist to reduce the risk of unauthorized access. The whitelist is a list of trusted wallet addresses to which your crypto can be withdrawn.
Billion-dollar SAFU fund
“Binance’s billion-dollar SAFU fund is an industry first and the most comprehensive safety net a user can be covered by. Right now, no third-party insurance can match this.” – Jimmy Su, Binance Chief Security Officer
In July 2018, Binance launched the Secure Asset Fund for Users (SAFU). This emergency fund helps users recover lost assets resulting from security breaches. The fund was valued at US$1 billion on January 29, 2022, but fluctuates due to market changes. To address this, we’re making sure that the fund size is maintained – by topping it back to $1B when its value falls.
We provide security courses so our team can stay alert to the latest scams and social engineering attacks. We also hold phishing email drills and send fake emails to Binance employees to test for good security hygiene. These activities help train our staff to avoid getting phished.
Other platform measures
Login expiry mechanism
Instant security notifications
Cold storage of digital assets
Monitoring of transactions and abnormal activity in real time
A Word to Our Readers
“When it comes down to user protection, the best line of defense is being proactive in safeguarding your own assets and information. This is why educating our users is key.” – Jimmy Su, Binance Chief Security Officer
Binance employs a variety of security protocols to safeguard you and your assets. However, our tools and platform security measures can only go so far – our users have to know how to recognize and avoid potential threats on their own too.
Crypto owners should be equipped with knowledge to recognize and avoid common threats. You can practice good security hygiene in many different ways, including the following:
Keep Calm and Manage Risks With Binance
To achieve platform safety on all possible fronts, Binance regularly sets new security goals every quarter, like stress-testing our current systems and training our staff.
Furthermore, we encourage all crypto owners to take proactive steps to safeguard their assets. This includes being aware of the latest scams in the Web3 space and safety features available to combat them.
Stay tuned for the next installment of our series.