Somewhere in the gap between "your private keys, your crypto" and "your front door, your problem" sits a threat that the industry spent years refusing to name. Physical coercion attacks against crypto holders — so-called wrench attacks, where criminals use violence or kidnapping to force asset transfers — grew 75% in 2025, reaching 72 confirmed cases globally, with assault-related incidents jumping 250%. On Monday, Binance responded with the most explicit acknowledgement yet that the exchange model itself needs to account for what happens when an attacker is in the same room as the user. Crypto Economy

The feature is called Withdraw Protection. It lets users freeze their own account against on-chain withdrawals for one to seven days. A stricter "lockdown" mode disables early unlocking entirely. Binance says the lock cannot be overridden by the exchange. That's the product. The subtext is something bigger: the world's highest-volume exchange has now formally accepted that its users face credible physical threats, and that software alone won't save them. CoinDesk

What Binance Launches as a Withdrawal Lock Actually Does — and Doesn't Do

The mechanics are worth understanding precisely, because the distinctions matter.

Users can enable the feature through the Security section of the Binance app or website and see the exact time their lockdown will end before they confirm. They can also choose whether to "allow early unlock"; if they switch that on, they must pass at least two strong verification methods — such as a security key and an authenticator app — to lift the lock early. The architecture is deliberate: the default is the most restrictive mode, because a feature like this is useless if it can be disabled under duress. BanklessTimes

A defining element of the system is its strict default configuration, which prevents early removal of the withdrawal restriction. Binance noted: "By default, a lockdown can't be ended early by anyone, including you. An optional 'Allow early unlock' setting is available for users who want more flexibility." Bitcoin News

Here's the critical caveat, and Binance is at least honest about it: the lock does not block law enforcement orders. "This does not prevent law enforcement from taking action on accounts," Binance's Chief Security Officer Jimmy Su said. Which means this is a policy lock, not a cryptographic one. An attacker with enough time, leverage, or legal pressure could theoretically navigate around it. That's not a bug in Binance's implementation — it's an unavoidable constraint of operating a regulated centralized exchange in multiple jurisdictions. But founders building on top of Binance infrastructure, or holding treasury in centralized accounts, should understand what they're actually getting. CoinDesk

Withdrawal-delay features aren't new. Coinbase has offered Vaults, with a 48-hour delay and email confirmation, for years. Kraken offers a similar Global Settings Lock. What has changed is the severity and frequency of the threat they're designed to address. Binance's announcement carries more urgency than a routine security update — because the underlying crime wave demands it. FinanceFeeds

Europe's Physical Security Crisis Is Where This Gets Real

The wrench attack problem isn't evenly distributed. It has a geography, and that geography is increasingly France.

French law enforcement has recorded 135 crypto-related incidents since 2023, including 18 in 2024, 67 in 2025, and 47 already in 2026, which officials described as the result of "structured criminal networks." France now accounts for approximately 40% of all crypto-related ransom attacks in Europe. These aren't opportunistic street crimes. Attacks follow a consistent pattern where perpetrators abduct family members of cryptocurrency holders and hold victims for hours or days, demanding ransoms in digital assets. In two separate 2025 incidents, captors severed victims' fingers before ransoms were paid. Decrypt + 2

The Ledger kidnapping is the case most cited by security researchers, but it's far from isolated. Cases include the abduction of a magistrate and her mother for a crypto ransom, and a home invasion attempt targeting Binance France's own CEO. Criminal networks are recruiting on Telegram, cross-referencing leaked exchange data with public records, and identifying targets based on conference attendee lists and social media presence. In one widely known case, a French tax official sold wrench attackers sensitive data — a detail that ought to terrify any crypto founder who's ever been KYC-verified anywhere. DecryptCoinDesk

Jean-Didier Berger, France's Minister Delegate to the Interior Ministry, acknowledged the crisis at Paris Blockchain Week, promising a "more serious plan" in coming weeks. At the current pace, France could see over 100 crypto kidnappings this year — more than double the global total from 2025. That's not a statistic. That's a structural failure of physical security in a country that has a significant and visible crypto industry, an active conference circuit, and increasingly, attackers who treat those conferences as target-identification events. Blockchain News

For founders operating in European markets — whether they're based in Paris, Amsterdam, Zurich, or building products used there — this is no longer a background risk to acknowledge and ignore. It's a front-line operational concern.

Who This Feature Actually Protects

The user-case breakdown is more specific than the announcement implies.

Withdraw Protection is most useful in a narrow but important set of scenarios. A solo founder who holds significant crypto treasury and is traveling to a high-risk region. A trader with a large Binance position who attends high-profile public events. Anyone who has reason to believe their holdings are known to parties who might exploit that knowledge in person. For those users, activating a 7-day lockdown before traveling gives them something genuinely valuable: the ability to truthfully tell an attacker that the funds are inaccessible for the duration, and that even Binance can't override it.

"Crypto users need to protect their online presence. Trying to protect the confidential information in terms of how much they have in crypto. Make yourself a harder target." — Jimmy Su, Chief Security Officer, Binance

Su framed Withdraw Protection as one layer in a defense-in-depth approach, not a replacement for hygiene. The "make yourself a harder target" advice is pointed: the launch lands in an environment where infrastructure compromises — private key theft, signing infrastructure attacks, and social engineering against individual users — have replaced smart contract exploits as the dominant loss vector. CertiK's April 2026 Skynet Intelligence Report found that 76% of 2025 on-chain losses by value came from infrastructure compromises rather than code-level exploits. FinanceFeeds

Withdraw Protection does nothing for infrastructure-level attacks where the attacker never needs to physically approach you. It's specifically designed for the wrench attack model, where coercion defeats conventional account security because all the credential checks are being completed by the legitimate user — just under duress. A time-locked withdrawal changes that calculus.

The Skeptic's Corner

There's a version of this announcement that's mostly PR. Binance has had a difficult few years under regulatory scrutiny across the EU, the UK, the U.S., and multiple Asian markets. Changpeng Zhao's 2023 guilty plea and departure left the exchange under sustained reputational pressure. A security feature that positions Binance as a protector of vulnerable users — complete with a CSO doing media rounds to discuss kidnapping data — serves marketing objectives alongside genuine security ones.

More substantively: the feature is opt-in and disabled by default. Most Binance users will never activate it. The users most at risk — those who've publicly identified themselves as large holders — are also the most likely to need emergency access to their funds, which is exactly when a 7-day lockdown becomes a liability rather than a protection. A sophisticated attacker who knows a target has activated Withdraw Protection simply waits. The time delay creates friction; it doesn't eliminate the threat.

What to Watch

1. Whether Coinbase and Kraken harden their existing delay features in response. Binance has essentially set a new floor for what "basic exchange security" means. Competitors offering shorter default delays or exchange-overrideable locks will face questions about why they haven't matched it. The institutional pressure to ship comparable features will be real.

2. The French government's promised "more serious plan" on wrench attacks. Interior Minister Laurent Nuñez and Jean-Didier Berger have committed to new enforcement measures targeting structured criminal networks operating on Telegram. If those measures include mandatory disclosure rules for exchanges about account holder data — a route several EU regulators are reportedly considering — the compliance burden on exchanges like Binance operating in European markets increases significantly.

3. Whether self-custody advocates use this moment to sharpen their argument. The Withdraw Protection feature implicitly concedes something the crypto self-custody community has argued for years: centralized exchanges are single points of failure with carve-outs for law enforcement. Multi-signature wallet setups with geographically distributed key holders are harder to coerce than a single Binance account — but also harder to use day-to-day. The tradeoff debate is about to get louder.

The broader point that Binance launches withdrawal lock to address is this: the threat model for digital asset holders has fundamentally changed. For the first decade of crypto, "security" meant protecting private keys from remote attackers. The next decade requires protecting the person who holds those keys from people who are physically present. No software feature solves that completely — but formalising it as a product category, rather than a fringe edge case, is the right institutional acknowledgement to make.

The founders and operators who should pay attention aren't necessarily the ones in high-risk regions. They're the ones who haven't yet thought about what their treasury security posture looks like when the attacker doesn't need a computer.