Phishing defense is not a one-time setup; it requires long-term monitoring. This article provides a monthly audit checklist. Download links: Binance website, mobile Binance official app, if you don't have the iOS app installed see the iOS install guide.
I. 4 Monthly Audit Items
| Item | Time Required | Tool |
|---|---|---|
| 1. Email Audit | 10 minutes | Email search |
| 2. Login History | 5 minutes | Binance Account Security |
| 3. API List | 5 minutes | Binance API Management |
| 4. Whitelist Verification | 10 minutes | Binance Withdrawal Addresses |
II. Email Audit
Steps
- Search your inbox for "binance"
- Review all Binance emails from the past month
- Check each one:
- Sender is @binance.com
- Subject contains the anti-phishing code
- You haven't clicked any suspicious links
Abnormal Signals
- A "Binance" email without your anti-phishing code
- A "Password changed" notification you don't remember
- A "New device login" notification you don't remember
Enter emergency response immediately upon seeing any anomaly.
III. Login History
Steps
- Binance → Account → Security → Login Activity
- Review every record from the last 30 days:
- Time
- IP (Region)
- Device
- Cross-reference them with your actual behavior
Abnormal Signals
- Logins from regions where you are not located
- Logins during hours you were asleep
- Unfamiliar device names
Any anomaly → Immediately change your password + reset 2FA.
IV. API List
Steps
- Binance → API Management
- Review each API key:
- Creation time
- Permissions (Read-only / Trade / Withdraw)
- Last used
Abnormal Signals
- Keys you never created
- Permissions changed to "Withdraw" (withdrawals are not enabled automatically by default)
- Keys unused for a long time
Cleanup: Delete any keys you are not using. Keys with withdrawal permissions are dangerous by default, unless required by your trading strategy.
V. Whitelist Verification
Steps
- Binance → Security → Withdrawal Addresses
- Review each whitelisted address:
- You recognize the address
- The remark was written by you
- You were the one who added it at that time
Abnormal Signals
- Unfamiliar addresses
- Remarks not in your usual style
- Added at a time you were offline
Delete immediately and change your password.
VI. Other Periodic Tasks
Quarterly (3 Months)
- Change your login password
- Check linked phone numbers / emails
Biannually (6 Months)
- Regenerate your Authenticator seed
- Update your hardware key firmware
- Review if your KYC info has expired
Annually
- Complete security settings audit
- Run a drill for the "account recovery" process
- Check cold wallet mnemonic backups
VII. Automated Monitoring
Email Forwarding Rules
Set up email rules: tag all Binance emails and archive them automatically. You can review the entire tag directly during your monthly audit.
Notifications
Binance push notifications + email + SMS provide a three-channel alert system, so you know instantly if anything goes wrong. Set these up and do not turn them off.
Third-Party Monitoring
Some tools (like DeFiLlama derivatives / on-chain analysis) allow you to subscribe to alerts for "large withdrawals from your wallet address". Add your cold wallet, and you can sense an attack the moment it happens.
VIII. Family Scope
If you manage Binance accounts for your family:
- Co-create a security checklist
- Check it together regularly
- Establish an emergency contact chain (if one finds an anomaly, notify everyone instantly)
Financial account chains in a family are compromised from the weakest link; overall monitoring is more effective than individual efforts.
FAQ
Q1: Is 30 minutes a month enough? Yes. If the setup is done correctly, the 30 minutes are just to confirm there are no anomalies. You only dig deeper if there's a problem.
Q2: Can I do all this on the APP? Yes. All these items are located under the account security menu.
Q3: What's the worst-case scenario of poor auditing? An attacker quietly implants an API key or whitelist address and cashes out at the end of the month. Catching it early prevents this.
Q4: Can this be fully automated? Binance has not opened automation APIs for security auditing. Spending 30 minutes manually is the safest bet.