Download Binance App

How to Enable the Binance Withdrawal Address Whitelist

2026/4/5 21 min
#Account Security

The strongest line of defense for your account security isn't your password or 2FA—it's the withdrawal address whitelist. Once enabled, even if a hacker obtains all your passwords and 2FA codes, they can only withdraw funds to your pre-designated addresses (usually your own cold wallet), making it impossible to transfer assets to an unknown address. Furthermore, adding a new address comes with a 24-hour activation delay, providing ample time to detect anomalies and prevent losses. The setup process takes about 5 minutes, though adding an address requires a 24-hour wait. This guide explains the core settings. Before proceeding, ensure you are using the correct channels via the Binance Official Site or the Binance Official App. iPhone users who cannot find the app in their local App Store should refer to the iOS Installation Tutorial to switch to the US region for download.

What is the Withdrawal Whitelist Mechanism?

Officially called "Address Management Whitelist," its function is straightforward: once enabled, your account can only initiate withdrawals to addresses saved in your address book. Any withdrawal request to an address not on the whitelist will be automatically rejected by the system.

Comparing the three withdrawal modes:

Mode Withdraw to Any Address Review Required Security Level
No Whitelist Yes No Low
Whitelist Enabled Only Whitelisted Addresses No High
Whitelist + Cold Wallet Only Cold Wallet Addresses Extra Email Confirmation Maximum

The whitelist does not affect deposits; it only restricts withdrawals.

Steps to Enable the Whitelist

The whitelist can be enabled via both the web and the app, with slight differences in operation. The web interface is generally more intuitive.

Enabling on the Web

  1. Log in to the Binance Official Site -> click the profile icon in the top right -> "Account";
  2. Click "Security" in the left-hand menu;
  3. Find the "Whitelist" section and click "Enable";
  4. Enter the 6-digit code from your Google Authenticator;
  5. Enter the 6-digit code sent to your email;
  6. Enter the 6-digit SMS code (if a phone number is linked);
  7. Confirm enablement.

Enablement is instantaneous, but since the whitelist is initially empty, you cannot withdraw any assets until you add an address.

Enabling in the App

  1. Tap "Profile" in the bottom menu;
  2. Tap your profile icon to enter account settings;
  3. Go to "Security" -> "Whitelist";
  4. Complete the 2FA + Email + SMS triple verification;
  5. Toggle the switch to "On."

Correct Way to Add Whitelisted Addresses

Adding a new address to the whitelist triggers a mandatory 24-hour delay as a protection mechanism.

The Process

  1. Go to Wallet -> Fiat and Spot -> Withdraw;
  2. Select the coin (e.g., USDT);
  3. Select the network (e.g., TRC20);
  4. Click "Address Management" or "Manage Addresses" next to the address input box;
  5. Click "Add New Address";
  6. Enter an address label (e.g., "Ledger Cold Wallet");
  7. Paste the address;
  8. Select the network;
  9. Check the "Add to Whitelist" box;
  10. Complete the 2FA + Email + SMS verification;
  11. Submit.

The 24-Hour Cooling-Off Period

After submission, the address enters a "Pending" state and can only be used for withdrawals after 24 hours. If you receive an email notification during this time stating an unrecognized address was added, log in immediately to delete it and change your password.

Handling Old Addresses

Addresses you used before enabling the whitelist are not automatically added; you must add them manually. It is recommended to batch-add your frequently used cold wallets, exchange deposit addresses, and friends' addresses.

Why the 24-Hour Cooling-Off Period Matters

This rule is the soul of the whitelist mechanism. Understanding it will help you trust this security layer.

Assume a hacker has obtained all your credentials (password, 2FA, email, SMS). To withdraw funds, they would need to:

  1. Log in to the account;
  2. Discover the whitelist is enabled;
  3. Add their own address;
  4. Wait 24 hours to use it;
  5. During this time, you will receive an "Address Added Successfully" email notification.

A 24-hour window is enough for you to:

  • See the email notification;
  • Log in and delete the unauthorized address;
  • Freeze your account;
  • Change passwords and reset 2FA;
  • Contact customer support to file an appeal.

This is why accounts with a whitelist enabled have far lower theft rates than those without.

Can the Whitelist be Disabled?

Yes, but disabling it also comes with a 24-48 hour delay.

  1. Go to Security -> Whitelist -> click "Disable";
  2. Complete the 2FA + Email + SMS verification;
  3. Submit the disablement request;
  4. Wait 24-48 hours for it to take effect;
  5. During this period, the account remains in whitelist mode;
  6. Once expired, you can withdraw to any address.

Note: This delay prevents hackers from immediately disabling the whitelist to withdraw funds. Do not assume you can bypass the restriction immediately by turning it off.

Three Essential Checks Before Adding an Address

A mistake when adding an address can lead to sending funds to the wrong place later. Always verify before finalizing.

Step 1: Verify the First and Last 4 Digits

Read the first and last 4 digits of the address you are adding aloud and ensure they exactly match the source address (your cold wallet or another platform's deposit address).

Step 2: Choose the Correct Network

USDT exists on multiple networks like TRC20, ERC20, and BSC, each with different address formats. TRC20 addresses start with "T," while ERC20 and BSC addresses start with "0x." If you pick the wrong network, your funds may be lost on another chain and very difficult to recover.

Step 3: Perform a Small Test Withdrawal

After an address is successfully added and the 24-hour period has passed, perform a small test withdrawal of 10-50 USDT first. Confirm the destination wallet received it before sending larger amounts.

What Functions are Unaffected by the Whitelist?

Many worry that enabling a whitelist will disrupt daily operations. It won't.

  • Deposits are unaffected; funds sent from any address will arrive normally;
  • Spot and Futures trading are unaffected;
  • Internal transfers (to other Binance users) require the "Allow Internal Transfers" option to be enabled separately;
  • C2C selling (cashing out to a bank card) is unaffected (that is not considered an address withdrawal);
  • Binance Pay functions are unaffected;
  • Binance Card spending is unaffected.

The whitelist only governs the action of on-chain blockchain withdrawals; all other business continues as usual.

Whitelist Strategies for Different Users

Recommended whitelist configurations based on holding size and trading habits:

Small-Scale Active Traders

  • Add 2-3 frequently used addresses (primarily MetaMask/Trust Wallet hot wallets);
  • Keep "Allow Internal Transfers" enabled;
  • Convenient for frequent withdrawals over short periods.

Medium-Scale Holders

  • Add 1-2 cold wallet addresses;
  • Add 1 hot wallet for small-scale circulation;
  • Disable internal transfers (minor risk, but reduces attack surface).

Large-Scale Long-Term Holders

  • Add only 1 cold wallet address (e.g., Ledger/Trezor);
  • Disable internal transfers;
  • Manually confirm the email for every withdrawal.

Quantitative/Arbitrage Users

  • Add multiple exchange deposit addresses;
  • Use API with IP whitelisting;
  • Do not grant withdrawal permissions to the API; keep it for spot trading only.

FAQ

Does a whitelist slow down withdrawals?

No. Withdrawal speed for whitelisted addresses is exactly the same as for non-whitelisted ones. Only adding a new address has a 24-hour delay.

How many addresses can I add to the whitelist?

You can add multiple addresses per coin per network. There is no official hard cap, and users have successfully added 100+ addresses. It is recommended to keep it streamlined to 5-10 frequently used ones to avoid management confusion.

What if I forgot to set a whitelist and my account was hacked?

Immediately follow the hacked account protocol: freeze the account, change passwords, reset 2FA, contact support, and file an appeal. Refer to the specific guide on hacked accounts for detailed steps.

Are the whitelist and withdrawal verification email the same thing?

No. The whitelist restricts the range of addresses, while the verification email requires you to click a confirmation link for every withdrawal. Both can be enabled simultaneously for maximum security.

Why is my added address not active after 24 hours?

Check: ① Did you complete the 2FA and email/SMS verification? ② Was there a "Confirmation" link in an email that you needed to click? ③ You might have misunderstood the timezone; it’s a full 24 hours, not just "the next day." If it remains unusable after 24 hours, contact support.

Should I add family and friends' addresses to the whitelist?

Yes, but always verify the first and last 4 digits in person before adding them to ensure they sent the correct address.

Summary

The withdrawal address whitelist is the ultimate line of defense for your Binance account, protecting your assets even in extreme cases where your password and 2FA are compromised. Remember the three core rules: prepare your common addresses before enabling, expect a 24-hour cooling-off period for new addresses, and a 24-48 hour delay for disabling the whitelist. For long-term holders, this is the most cost-effective security measure. Spend 10 minutes to set it up, and it will block the vast majority of theft scenarios. Open the Binance Official App now, go to security settings, enable the whitelist, and add your cold wallet address—you'll sleep much better.