The withdrawal whitelist is one of the most underrated security features on Binance. Once enabled, your account can only withdraw to pre-approved addresses — even if someone hacks into your account, they can't send your funds to their own wallet. It's the last line of defense for asset protection. Here's a detailed guide on how to set it up and use it.
Log into your account at the Binance official website to configure this, or download the Binance App to set it up directly on your phone.
How the Withdrawal Whitelist Protects You
Normally, you can enter any address when making a withdrawal on Binance. While convenient, this also means that if your account is compromised, an attacker can enter their own address and drain your funds.
With the withdrawal whitelist enabled:
- Only whitelisted addresses can be used as withdrawal destinations
- After adding a new address, there's a 24-hour waiting period before you can withdraw to it
- Removing a whitelisted address also requires security verification
The 24-hour cooldown is critical. Even if an attacker gains access to your account and adds a new address, you have a full day to detect the anomaly and freeze your account.
Enabling the Withdrawal Whitelist (Desktop)
- Log into Binance and go to "Wallet" > "Withdraw"
- Or go to "Security" settings
- Find the "Withdrawal Whitelist" feature
- Click "Enable"
- Complete security verification (email + Google Authenticator / SMS)
- Whitelist is now active
Once enabled, the withdrawal page changes — the destination address field becomes a dropdown menu, limiting you to whitelisted addresses only.
Adding Whitelist Addresses
After enabling the whitelist, add your commonly used withdrawal addresses:
- In the "Withdrawal Whitelist" management page, click "Add Address"
- Select the coin (e.g., BTC, ETH, USDT)
- Select the network (e.g., ERC20, TRC20, BEP20) — this step is critical; selecting the wrong network can result in permanent fund loss
- Paste the wallet address
- Give the address a label (e.g., "My Trust Wallet," "Ledger Cold Wallet")
- Complete security verification
- Address is added but requires a 24-hour wait before it can be used
Note: The same coin on different networks has different addresses. For example, if you want to withdraw USDT, you need to add ERC20 and TRC20 addresses separately.
Whitelist Address Management Tips
Organize by purpose:
| Category | Example | Use Case |
|---|---|---|
| Cold wallets | Ledger/Trezor addresses | Long-term storage |
| Hot wallets | MetaMask/Trust Wallet | Daily use |
| Other exchanges | OKX/Bybit deposit addresses | Cross-platform transfers |
| DeFi protocols | Fixed contract addresses | DeFi operations |
Only add addresses you actually need: The more addresses on your whitelist, the larger your exposure. Only add the ones you genuinely use.
Review periodically: Every month or two, look through your whitelist and remove addresses you no longer use.
Mobile App Setup
Setting this up in the Binance App is just as easy:
- Open the App and go to "Funds" > "Withdraw"
- Or go to "Profile" > "Security" > "Withdrawal Whitelist"
- Enable the feature and complete verification
- When adding addresses, select the coin and network, then paste the address
A nice perk of the mobile app: if someone modifies your whitelist (e.g., adds a new address), Binance will immediately push a notification to your phone. If the activity isn't yours, freeze your account right away.
FAQ
Q: I enabled the whitelist but need to withdraw to a new address — what do I do?
You'll need to add the new address to the whitelist first, then wait 24 hours. There's no shortcut. While inconvenient, this "inconvenience" is exactly what protects your assets. If you frequently need to withdraw to new addresses, add your commonly used ones in advance.
Q: Can I edit a whitelisted address?
No, addresses can't be edited directly. To change one, delete the old address and add the new one. The new address will also require a 24-hour waiting period.
Q: How long does it take for disabling the whitelist to take effect?
Disabling the whitelist also has a cooldown period, typically 48 hours. This prevents an attacker from turning off your whitelist and immediately withdrawing funds.
Q: What if an exchange changes its deposit address?
Some exchanges periodically rotate their deposit addresses. Always confirm the latest deposit address at the destination exchange before withdrawing. If it's changed, update your whitelist accordingly. Never send to an expired address.
Q: Are internal transfers also restricted by the whitelist?
No. Internal transfers between Binance accounts (via email or UID) are not affected by the whitelist, since these go through Binance's internal system rather than the blockchain.
Working with Other Security Features
The withdrawal whitelist works best alongside these features for complete protection:
- Google Authenticator: Prevents unauthorized logins
- Anti-phishing code: Protects against phishing email scams
- Device management: Only allows known devices to log in
- Withdrawal whitelist: Even if all other layers are breached, funds can't be moved
With four layers of protection stacked, an attacker would need to break through every single one to steal your assets — an extremely difficult task in practice.
Important Reminder
The most common mistakes when setting up the whitelist are pasting the wrong address or selecting the wrong network. Crypto addresses are long strings of seemingly random characters — spotting an error by eye is nearly impossible. Best practices:
- After pasting an address, verify at least the first 4 and last 4 characters
- When withdrawing to a new address for the first time, send a small test amount (e.g., 10 USDT)
- Only send the full amount after confirming the test arrives
The whitelist feature is free, easy to set up, and provides rock-solid security. Every Binance user is strongly encouraged to enable it.