The feature, called Withdraw Protection, is available to all Binance users through account settings. Once activated, it blocks on-chain withdrawals for a user-selected period between one and seven days. A stricter "lockdown" mode removes the option to cancel the lock early, meaning no amount of pressure on a user or on Binance support staff can reverse it within the chosen window. Binance Chief Security Officer Jimmy Su confirmed that the restriction is absolute on the company's end: "It's an internal policy for this particular feature. Our customer service agents are not able to override it." Withdraw Protection sits alongside an existing suite of Binance security tools that includes withdrawal address whitelisting, device management controls, anti-phishing codes, passkeys, and two-factor authentication; it is an addition to that security stack rather than a standalone solution.

For users who choose the standard (non-lockdown) mode, early cancellation of the lock requires verification through both an authenticator app and a hardware security key, raising the bar significantly for anyone trying to force an account holder to release funds. Su also clarified that the feature carries one important boundary: "This does not prevent law enforcement from taking action on accounts." The lock is an internal policy control, not a cryptographic mechanism, so it does not shield accounts from regulatory or legal proceedings. Su also flagged a geographic dimension to the concern driving the feature's development: "We are seeing a pattern where some of the users might go to more risky geographical locations." Binance has not released internal heat-map data or other specifics to substantiate that observation.

A Feature Built for a Worsening Threat

The timing of the launch reflects a measurable escalation in real-world violence against crypto holders. According to CertiK, the world's largest Web3 security services provider, its Skynet Wrench Attacks Report published in February 2026 documented 72 verified physical attacks targeting crypto holders in 2025, a 75% increase from 41 incidents in 2024.

Physical assaults rose 250% year over year. Confirmed financial losses reached $40.9 million, up 44% from the prior year, though CertiK noted that actual losses are almost certainly higher due to unreported incidents, silent settlements, and untraceable ransoms.

The term "wrench attack" refers to physical coercion used to force someone to surrender cryptocurrency. The phrase was popularized by Jameson Lopp, an independent Bitcoin researcher and security professional, and draws on a long-standing observation that physical threats can bypass even the most sophisticated cryptographic protections.

Kidnapping was the most common method in 2025, accounting for 25 of the documented incidents, a 66% rise from 2024. Ari Redbord, Global Head of Policy at blockchain intelligence and risk management firm TRM Labs, offered a blunt assessment of where the trend is heading: "We'll continue to see [the numbers] of wrench attacks go up."

High-profile cases from 2025 include the kidnapping of Ledger co-founder David Balland and his wife in France in January 2025, an ordeal that ended after approximately 24 hours when the couple was rescued by law enforcement; a 17-day ordeal in New York in which an Italian crypto investor was held and abused until attackers extracted access to $28 million in Bitcoin; and a London incident in which a victim was drugged by someone posing as an Uber driver and robbed of $123,000 in Bitcoin and XRP. The Balland case is a pointed reminder that in at least some 2025 incidents, the decisive resolution came through law enforcement intervention rather than any technical security tool.

Europe accounted for more than 40% of all verified 2025 incidents, with France alone recording 19 confirmed cases, the highest of any country globally.

What This Means for Users in Africa and South Asia

For users in sub-Saharan Africa and South Asia, where Binance is one of the most widely used platforms for P2P trading and fiat on-ramps, the feature has direct practical relevance. Binance has significant user bases in Nigeria, Kenya, Ghana, and India, all markets where analysts assess that institutional law enforcement response to crypto-related crime tends to be slower and less coordinated than in Western Europe or North America.

Nigeria has faced compounding crypto security concerns in recent years. Beyond physical coercion incidents, the country was heavily exposed to the CBEX collapse, a Ponzi scheme that drained an estimated 1.3 trillion naira (roughly $840 million) from retail investors, according to reporting by Al Jazeera and Nigeria Communications Week. That pattern of large-scale retail exposure is relevant to the physical-threat landscape as well: when significant numbers of identifiable investors suffer concentrated losses in a compressed period, they can become visible targets for coercive actors seeking to recover or redirect remaining assets by force.

Nigeria has also deported over 100 foreign nationals, including 60 Chinese and 39 Filipino citizens, convicted of running crypto-based fraud operations targeting Nigerian residents.

In India, where millions of retail users trade actively on P2P platforms despite a restrictive tax environment, the expanding on-chain footprint of identifiable wallet holders creates growing exposure to the kind of OSINT-driven targeting that CertiK flagged in its report. Attackers increasingly identify high-value targets through public blockchain addresses, social media activity, and crypto conference attendance. It should be noted that no verified 2025 wrench attack data has been directly attributed to India by CertiK or TRM Labs; the risk profile described here is based on analyst inference and regional extrapolation from the broader global dataset.

Practical steps for users in Africa and South Asia:

• Enable Withdraw Protection in Binance account settings and consider activating lockdown mode during travel or periods of heightened personal risk.
• Whitelist withdrawal addresses so that any new destination requires additional verification before funds can move.
• Avoid public disclosure of holdings on social media, at conferences, or in online forums.
• Separate your public identity from your wallet addresses and limit the number of people who know the scale of your holdings.
• If you self-custody assets outside Binance, consult a security professional about multi-signature wallet setups or multi-party computation (MPC) architectures.

Limits of the Tool

The Withdraw Protection feature only covers funds held on Binance. Users who self-custody assets in hardware wallets, mobile wallets, or decentralized finance protocols remain fully exposed to physical coercion, and no exchange-level policy can change that. Crisis24, a global security and risk management firm, points to multi-signature wallets and multi-party computation (MPC) architectures as the relevant technical mitigations for self-custody holders.

The feature is reactive by design. It creates a time window for victims to seek help, but it does not prevent an attack from being initiated. For users in regions where law enforcement response capacity is limited, that distinction is critical: the lock buys time, but the protection it offers depends entirely on what can be accomplished within that window.

CertiK's broader finding points toward a behavioral shift already underway: "Beyond direct losses, the psychological and reputational fallout is reshaping behavior across the industry, pushing founders and high-net-worth individuals toward operational anonymity and geographical relocation." Redbord's warning that attack numbers will keep climbing underscores the structural gap that no single platform feature can close. Exchange-level controls represent a meaningful first line of defense, but the underlying incentive for physical coercion persists as long as crypto wealth remains identifiable and transferable under duress.