ZH EN JA KO ES FR
Sign Up
Home Tutorials Categories Download About Disclaimer
ZH EN JA KO ES FR
Home/ Tutorials/Security/How to Set Up Binance Withdrawal Whitelist

How to Set Up Binance Withdrawal Whitelist

2026-04-08 ~ 21 min readSecurity

The most terrifying consequence of an account breach is having your coins withdrawn. If your account is unfortunately hacked, the most damaging thing the hacker can do is transfer your cryptocurrency to their wallet. The withdrawal whitelist serves as the last line of defense against this scenario. After enabling the whitelist feature on the official Binance website, only pre-approved addresses can receive your withdrawals. Setting it up via the official Binance APP is just as convenient. Apple users should first check the iOS installation guide to install the APP.

What is a Withdrawal Whitelist?

The withdrawal whitelist is a security feature. Once enabled, you can only withdraw cryptocurrency to addresses that have been pre-added and verified. Any address not on the whitelist will be unable to receive your withdrawals.

This is akin to setting a "transfer only to designated accounts" restriction on your bank card. Even if someone discovers your bank password, they can only transfer money to the few accounts you've preset, and cannot send it to unknown accounts.

The value of the withdrawal whitelist lies here: even if your account login details and 2FA are fully compromised, a hacker cannot transfer your assets away quickly. This is because adding a new whitelisted address requires verification and involves a mandatory cooling-off period.

How to Enable the Withdrawal Whitelist

Step 1: Access Security Settings

On the Binance APP, tap your profile icon to enter the User Center, and find the "Security" option. On the Security settings page, look for the "Withdrawal Whitelist" or "Withdrawal Address Management" feature.

On the web version, click the user icon in the top right corner, select "Security", and then find the Withdrawal Whitelist option on the security settings page.

Step 2: Turn on the Whitelist Feature

Toggle the switch next to Withdrawal Whitelist to turn it on. The system will require you to complete identity verification (entering a Google Authenticator code, SMS code, or email code) to confirm that it is you performing the action.

Step 3: Add Whitelisted Addresses

Once the whitelist is enabled, you need to add addresses that are allowed to receive withdrawals. Click "Add Address" or "Add Whitelist Address". Select the coin (e.g., BTC, ETH, USDT) and the corresponding network (e.g., ERC20, TRC20, BEP20). Enter the withdrawal address and give it a label (remark) for easy identification. After submitting, you must confirm it through multiple verifications.

Step 4: Wait for the Cooling-off Period

Newly added whitelisted addresses must wait through a cooling-off period before they can be used. Binance's cooling-off period is usually a few hours. This design prevents hackers from immediately adding their own addresses and withdrawing funds after a breach.

After the cooling-off period has passed, you can withdraw to this whitelisted address.

Whitelist Address Management

Adding Multiple Addresses

You can add multiple whitelisted addresses for each coin. For example, for BTC, you can add your hardware wallet address, a deposit address for another exchange, etc.

It is recommended to only add addresses you genuinely need to use and avoid adding too many. Fewer addresses mean higher security and easier management.

Addresses on Different Networks

The same coin may exist on multiple networks. For instance, USDT can operate on ERC20 (Ethereum network), TRC20 (Tron network), BEP20 (BSC network), etc. Addresses for different networks must be added to the whitelist separately.

When adding an address, make absolutely sure both the coin and the network are selected correctly. Adding an ERC20 address to a TRC20 whitelist is useless.

Deleting Whitelisted Addresses

If an address is no longer in use, it is advisable to remove it from the whitelist. To do this, find the corresponding address on the whitelist management page, click "Delete", and verify to confirm.

Regularly cleaning up unused whitelisted addresses is a good security habit.

Modifying Whitelisted Addresses

Whitelisted addresses cannot be modified directly. If you need to change an address, you must first delete the old one and then add the new one. The new address will also be subject to the cooling-off period.

Security Logic Behind the Whitelist

The reason the withdrawal whitelist is so secure lies in the following mechanisms:

Multiple Verifications: Adding a new whitelisted address requires multiple verifications, such as Google Authenticator, SMS, and email. A hacker would have to compromise all these verification channels simultaneously to add an address.

Cooling-off Period: Even if a hacker passes all verifications and adds a new address, they still have to wait out the cooling-off period before withdrawing. This gives you ample time to detect the anomaly and take action.

Operation Notifications: Binance will notify you of whitelist changes via email and APP push notifications. If you see a whitelist modification notification that you didn't initiate, you can immediately log in to cancel it and change your password.

These three layers of protection combined make it exceedingly difficult for hackers to transfer your assets away quickly, even if they obtain your login credentials.

Precautions When Using the Whitelist

Carefully Verify Addresses

When adding a whitelisted address, be sure to confirm multiple times that the address is correct. A single character error could result in transferring your coins to the wrong address in the future, rendering them unrecoverable.

It is recommended to input the address via copy and paste rather than manual typing. After pasting, verify it character by character to ensure it hasn't been tampered with by clipboard-hijacking malware.

Add Addresses in Advance

Do not wait until you need to make an urgent withdrawal to add a whitelisted address. Because new addresses have a cooling-off period, it could delay things in an emergency. It's best to add your frequently used withdrawal addresses ahead of time.

Secure the Source of Your Whitelisted Addresses

The security of whitelisted addresses also depends on whether the addresses themselves are secure. If you are adding a hardware wallet address, ensure the hardware wallet's seed phrase hasn't been leaked. If it's an address from another exchange, ensure that exchange account also has robust security settings.

Do Not Disable the Whitelist Feature

Some people disable the whitelist because they find it too troublesome. This is highly discouraged. The inconvenience caused by the whitelist (having to wait when adding a new address) is far outweighed by the security guarantees it provides.

Combining Whitelist with Other Security Measures

Although the withdrawal whitelist is powerful, it shouldn't be your only security measure. It should form a complete security system alongside other security features.

Google Authenticator provides 2FA for logins and operations. Anti-phishing codes help you identify genuine emails. Strong passwords prevent brute-force attacks. Device management helps you monitor abnormal logins. The withdrawal whitelist protects your assets from being transferred away.

These measures stack upon each other; even if one layer is breached, the other layers are still there to protect you.

Use Cases for the Withdrawal Whitelist

Regular Users

If you only occasionally need to withdraw coins to your own wallet or another exchange, enabling the whitelist is a must. Just add a few commonly used addresses, and your daily usage won't be affected at all.

Frequent Traders

If you frequently transfer funds between multiple exchanges, you might need to add more whitelisted addresses. While managing them might be slightly more tedious, the boost in security is well worth it.

Long-Term Holders (HODLers)

If you are holding coins long-term and rarely withdraw, the whitelist is absolutely essential. Simply add your own cold wallet address, and you won't need to interact with it under normal circumstances.

Frequently Asked Questions

Will enabling the whitelist slow down my withdrawals?

If the target withdrawal address is already on the whitelist and has passed the cooling-off period, the withdrawal speed is the same as without the whitelist. You only need to wait out the cooling-off period when adding a new address.

Do addresses on the whitelist expire?

No. Once added to the whitelist and past the cooling-off period, the address remains valid indefinitely until you manually delete it. There is no need for periodic renewal.

Can I temporarily disable the whitelist to withdraw to a new address?

Technically yes, but it is strongly advised against. Disabling the whitelist lowers your account security. The correct approach is to first add the new address to the whitelist and wait out the cooling-off period before withdrawing.

What is the maximum number of addresses I can add to the whitelist?

Binance has a limit on the number of whitelisted addresses, but it is more than sufficient for regular users. Generally, you can add dozens of addresses per coin. Please refer to Binance's official documentation for specific limits.

How long is the cooling-off period for adding a whitelist address?

The cooling-off period usually ranges around a few hours, though the exact time may be adjusted based on security policies. The specific cooling duration will be displayed on the page when you add the address. During this period, you cannot withdraw to the new address.