The first 5 minutes are critical after discovering your Binance account has been stolen—immediately change your password + reset 2FA + force log out devices + remove whitelist addresses + contact support. The probability of recovering funds is extremely low (usually < 5%) because attackers immediately withdraw crypto to their own wallets, and on-chain transactions are irreversible. Prevention is more important than recovery—enable the Withdrawal Whitelist + Anti-Phishing Code + Google Authenticator 2FA + use a hardware wallet for large assets. Before any operations, verify your identity on the Binance official website, get the APK from the official Binance APP, and view all platform processes at the Download Center.
How to Detect Theft
Common signs of being hacked:
- Unfamiliar login notifications (Email / APP push).
- Assets decreasing for no reason.
- Seeing unauthorized withdrawal or trade records.
- Notifications of changed password or email.
- 2FA unbinding or rebinding notifications.
- Not receiving Binance emails (the attacker may have changed your email).
- "Incorrect Password" prompts during login.
If you see any of these signs, follow the process below immediately.
5-Step Emergency Process
Step 1: Attempt to Log In
If you can still log in:
- Immediately change your password ("Account → Security → Change Password").
- Skip to Step 2.
If you cannot log in:
- The attacker may have changed your password.
- Follow the "Forgot Password" process.
- If you can log in after email + SMS verification, skip to Step 2.
- If still unable to log in, skip to "Handling Total Loss of Control."
Step 2: Force Log Out All Devices
The first thing to do after a successful login:
- Go to "Account → Security → Device Management."
- Click "Log Out All Devices."
- Kick the attacker's sessions offline.
Step 3: Reset 2FA + Modify Security Settings
- Reset Google Authenticator (if you suspect the 2FA itself was compromised).
- Change your email (if your current email might be leaked).
- Change your phone number (if your SIM was hijacked).
- Update your Anti-Phishing Code.
Step 4: Check + Revoke Suspicious Actions
- Check "Withdrawal History": Are there any unauthorized withdrawals?
- Check "Address Book": Have unfamiliar addresses been added to the whitelist?
- Check "Trade History": Are there any unauthorized trades?
If you find anything suspicious:
- Immediately delete unfamiliar addresses from the address book (if still possible).
- Cancel any pending withdrawal requests.
Step 5: Contact Support to Report
- APP "Customer Support → Report Account Stolen."
- Submit an appeal template (refer to "How to write a Binance Account Appeal").
- Explain: When it was discovered, details of suspicious operations, and actions taken.
- Provide: ID card screenshots, police report receipt (if already reported).
Handling Total Loss of Control
If the attacker changed your password, email, and phone number, and you are completely locked out:
1. Follow the Account Theft Appeal
- Visit
binance.com/en/forgot-passwordor the equivalent entry in the APP. - Select "Account stolen, unable to log in."
- Submit appeal materials:
- ID card photos.
- Selfie holding your ID card.
- The email address used for registration.
- Police report receipt (highly recommended to report first).
- Details of asset losses.
2. Wait for Manual Review
- Takes 7-15 business days.
- During this time, the account is frozen (also preventing the attacker from further actions).
- After approval, support will assist you in regaining control of the account.
3. Report to the Police
- Even if the recovery probability is low, report it to have a record.
- Obtain a police report receipt (case number).
- The police report receipt is strong evidence for your appeal.
Possibility of Fund Recovery
On-chain Withdrawals: Almost Impossible to Recover
If the attacker withdrew the crypto to their own wallet:
- On-chain transactions are irreversible.
- No institution can force the transfer of funds back.
- Recovery probability is < 5%.
The only possibility:
- The attacker transferred the funds to another exchange (not their own wallet).
- You can prove the theft + provide on-chain evidence + that exchange cooperates to freeze the funds.
- However, attackers usually use non-compliant exchanges they control, which won't freeze funds.
C2C Cash Out: Partial Recovery Possible
If the attacker exchanged the crypto for fiat via C2C:
- You can find counterparty information.
- Contact the police to intervene.
- In some cases, funds can be frozen.
Internal Transfers: Recovery Possible
If the attacker transferred the funds to another Binance account:
- Support can track the flow.
- After a successful appeal, the other account may be frozen.
- Recover funds through legal procedures.
However, this scenario is rare (attackers aren't stupid).
Assets Not Yet Withdrawn: Can Be Retained
If you act fast enough (within the first 5 minutes) before the attacker withdraws:
- Forcing a log out prevents the attacker from further actions.
- The Withdrawal Whitelist cooldown stops the attacker.
- Assets can be retained.
This is why the Withdrawal Whitelist is extremely important—it gives you 24-48 hours to react.
Aftermath of a Theft
1. Change Passwords on Other Platforms
If your Binance password is the same as on other platforms (which it shouldn't be):
- Immediately change passwords on those platforms.
- Avoid "credential stuffing" attacks.
2. Check Email Security
A common path for theft is compromising an email to reset the Binance password:
- Check email login records.
- Change your email password.
- Enable 2FA for your email.
- Check email forwarding rules (the attacker may have added a forward to their own email).
3. Check Device Security
- Run a virus scan on all devices.
- Check browser extensions (malicious extensions can steal accounts).
- Reinstall the OS on suspicious devices (extreme case).
4. Tax / Legal Consultation
- For large losses, consult a lawyer.
- Some countries allow tax deductions for crypto asset losses.
- Lawyers may find channels for recovery.
5. Psychological Adjustment
- The loss is a fact; avoid persistent anxiety.
- Summarize lessons learned to prevent future occurrences.
- Strengthen future account security settings.
Key Settings to Prevent Theft
Ranked by importance:
1. Google Authenticator 2FA
- Replaces SMS (prevents SIM swapping).
- Backup recovery keys on paper.
2. Withdrawal Whitelist + 24-48 Hour Cooldown
- The most critical anti-theft mechanism.
- Use in conjunction with an Anti-Phishing Code.
3. Anti-Phishing Code
- Identifies phishing emails.
- Setup takes 1 minute.
4. Security of the Email Itself
- Email password different from Binance password.
- 2FA enabled for email.
- No strange forwarding rules in the email.
5. Use a Hardware Wallet for Large Amounts
- Move long-term holdings to Ledger / Trezor.
- Private keys never touch the internet.
- Phishing is extremely difficult.
6. Device Security
- Don't operate on public Wi-Fi.
- Don't log in on untrusted computers.
- Regularly scan for viruses.
- Only install trusted browser extensions.
7. Don't Click Unfamiliar Links
- Verify any "Binance link" from email/DM/social media first.
- Typing binance.com directly in the address bar is safest.
FAQ
Q: Is reporting to the police useful after a theft? A: Obtaining a police report receipt helps with the appeal. However, the actual recovery probability is low (unless there is a clearly identified suspect in a cooperative jurisdiction).
Q: Will Binance compensate for stolen funds? A: No. Binance's SAFU fund covers Binance's own security incidents (e.g., the platform being hacked), not losses caused by a user's password leak or phishing.
Q: Can I still be hacked after enabling 2FA? A: In rare cases, yes. The common path is a phishing site that tricks you into entering both your password and 2FA code (Man-in-the-Middle attack). Therefore, only log in on the authenticated official website.
Q: Is it easier to be hacked while using a VPN? A: Not necessarily. A VPN itself doesn't affect security; the key is whether the VPN provider is trustworthy (poor quality VPNs may log traffic).
Q: Can I switch accounts and continue using Binance after being hacked? A: Theoretically, you can register a new account. However, a single ID can only KYC one account; the original account needs to be closed or frozen before opening a new one.
Q: Can a hardware wallet completely prevent theft? A: It prevents about 99% of cases. The remaining 1% involves physical attacks (you are hijacked and forced to hand over your mnemonic phrase). For the average user, a hardware wallet provides immunity to remote theft.
Summary
The first 5 minutes are critical after a Binance account is stolen: Change your password + force log out + reset 2FA + remove suspicious whitelist addresses + contact support. Fund recovery probability is < 5%—on-chain withdrawals are irreversible. In cases of total loss of control (unable to log in), follow the "Account Theft Appeal" for a 7-15 day manual review. Prevention is better than recovery: Enabling Google Authenticator 2FA + Withdrawal Whitelist (critical) + Anti-Phishing Code + email 2FA + using a hardware wallet can intercept 99% of theft attempts.