The withdrawal whitelist is one of Binance's most important security features. Once enabled, withdrawals can only be sent to pre-added addresses — even if a hacker gains access to your account, they cannot transfer your assets. Register a Binance account and set up the whitelist immediately, and through the Binance APP you can enable it in just a few steps in security settings.
What Is the Withdrawal Whitelist?
The withdrawal whitelist is a security restriction mechanism. Once enabled, you can only withdraw cryptocurrency to addresses on the whitelist. Any address not on the whitelist cannot initiate a withdrawal request. This means even if someone obtains your account password and verification codes, they cannot transfer assets to an address they control. Newly added whitelist addresses typically have a 24-hour cooling period during which you can check whether you made the addition yourself, and cancel if you notice anything suspicious. For users holding large amounts of assets, the withdrawal whitelist is an essential security feature.
How to Enable and Set Up the Whitelist?
Log into the Binance APP, go to the "Security" settings in your profile. Find the "Withdrawal Whitelist" option and enable it. The system will require security verification (email code, SMS code, and Google Authenticator code). After enabling, enter the whitelist management page and tap "Add Address." Enter an address label (e.g., "My Cold Wallet"), select the coin and network, and paste the address. After confirmation, the address enters a 24-hour cooling period, and it becomes active after the period ends. You can add multiple whitelist addresses for different coins and networks. It's recommended to add all your frequently used withdrawal addresses to the whitelist to avoid being unable to withdraw when needed urgently.
Managing Whitelist Addresses
After adding whitelist addresses, you can view all added addresses on the management page. Each address displays its label, coin, network, and status (active or in cooling period). Addresses no longer needed can be deleted — deletion also requires security verification. Modifying an existing address (such as the address itself or network) is equivalent to deleting the old one and adding a new one, triggering a new cooling period. We recommend regularly reviewing the whitelist, removing unused addresses to reduce the attack surface. If you only withdraw to a few fixed addresses, keep the whitelist concise.
How the Whitelist Works with Other Security Features
The withdrawal whitelist should be used in combination with other security features for multi-layered protection. Google Authenticator is the first line of defense, requiring dynamic verification codes for every login and operation. Anti-phishing codes help identify real vs. fake Binance emails. Login device management lets you control which devices can access your account. The withdrawal whitelist is the last line of protection, ensuring assets cannot be transferred even if all other defenses are breached. We recommend enabling all these features to form a complete security system. Also set up the account freeze feature, allowing you to freeze all account operations with one click if you detect anomalies.
Common Questions About the Whitelist
Does enabling the whitelist affect C2C trading? No — C2C trading is an internal platform operation and doesn't involve on-chain withdrawals. How many addresses can be added? There's no limit — you can add as many as needed. Can the 24-hour cooling period be shortened? No — the cooling period is a fixed security mechanism. What's required to disable the whitelist? You must complete all security verifications to disable it, and there's a 24-hour withdrawal restriction period after disabling. What if I urgently need to withdraw but forgot to add the address? You can only add the address and wait for the cooling period — the whitelist cannot be bypassed. While these restrictions may sometimes be inconvenient, they are precisely what protects your assets.