Safety & FAQ

Is Binance Safe and Legit? Reserves, Regulation, and Past Incidents, Explained Honestly

Cover image for the is Binance safe analysis

"Is Binance safe?" is the question most beginners ask first, and it is really two questions squeezed into one. The first is whether the platform itself might fail: collapse, run off, or get emptied by hackers. The second is whether your own account might be stolen. The answers come from completely different places, and mashing them together only produces a useless "safe" or "not safe."

So this article lays out the public facts you can actually check: Proof of Reserves, the SAFU fund, regulatory fines, and past hacks, the good alongside the bad. We do not vouch for Binance, and we do not play up the risk for effect. What we give you is the record and a framework, and the verdict is yours to reach. When it is your money on the line, ten extra minutes of reading is worth it.

One thing to settle up front: no honest article can hand you a yes-or-no guarantee, because "safe" is not a property a platform either has or lacks. It is a spectrum, and where any exchange sits on it shifts with its finances, its regulation, and the security habits of the person using it. The most useful thing we can do is show you the moving parts, so that when the facts change, you can re-read the situation yourself instead of leaning on a headline from a year ago.

Split the question first: platform risk and account risk are two things

Here is the split, plainly. "Could the platform go down" is a question about Binance's asset transparency, its financial condition, and its regulatory standing. "Could my account be stolen" is mostly a question about your own security settings. The first you can only assess and hedge against. The second you can act on directly and bring the odds down.

That distinction matters because the two kinds of risk call for completely different responses. The answer to platform risk is "do not put all your assets on any single platform." The answer to account risk is the concrete set of switches, two-factor authentication, an anti-phishing code, a unique password, that block the common account-theft methods; we lay out the full checklist in Account Security. Account risk is the kind you can cut down yourself by getting these settings right; whether a platform collapses is out of your hands, and it sets the ceiling on your worst case, which is why this article puts its weight there.

But there is a reason this article still spends most of its length on platform risk. Account risk, however common, is the kind you can push down yourself: do the setup and the odds drop sharply. Platform risk sets the ceiling on your worst case, the amount you could lose if everything you assumed went wrong at once. Low-probability, high-impact events deserve thought precisely because you cannot undo them after the fact. So we treat account security as the thing you must do, and platform assessment as the thing you must understand, and this piece is about the second.

Keep the two separate as you read on. When someone online says "Binance got hacked" or "my coins vanished," the very first question worth asking is which of these two buckets the story falls into, because the lesson you should draw is entirely different depending on the answer.

It is also why a blanket answer travels so badly. Someone whose account got phished will tell you Binance is dangerous; someone who has held there for years untouched will tell you it is rock solid, and both are describing account risk while thinking they are describing the platform. Separating the two is not pedantry, it is the only way to make the anecdotes you read online actually useful.

What kind of platform Binance is, by size

By trading volume, Binance has sat at the top of the global crypto exchange rankings for years, and is one of the largest platforms by user base and liquidity. Its published registered-user count runs into the hundreds of millions, it lists several hundred coins, and its business spans spot, futures, savings and earn products, and more. In plain terms, it is not a fringe operation you have to squint to evaluate; it is one of the most heavily documented and heavily watched companies in the industry.

What does that size tell you? Honestly, it is not a guarantee of safety. FTX was also one of the world's top exchanges right up until it collapsed, so "too big to fail" has already been disproven in this industry once, and it is not a phrase we will lean on. Size is not a shield against fraud.

But size does bring a few concrete things. First, deep liquidity: large orders move with little slippage, and when you want to get out, you generally can. Second, the spotlight: Binance operates under the constant gaze of regulators and media worldwide, so cooking the books or misappropriating assets carries a far higher exposure risk than it would at a small platform nobody is watching. Third, deeper pockets: more revenue lines and larger reserves to absorb a security incident when one happens. These are points in its favour, not a get-out-of-jail-free card, and the historical events later in this article show exactly where that line falls.

Read the size, then, as raising the floor rather than removing the risk. A large, watched, liquid exchange is a better place to hold trading funds than an anonymous newcomer promising better rates. It is still not the same as holding your own keys, and no amount of scale changes that underlying fact.

It also helps to separate reputation from safety. A brand you have heard of feels safer, but familiarity is not evidence; what you actually want to know is whether the assets are there and whether the company is under real oversight, and those are questions the later sections answer with facts rather than with logos. Treat the size as a reason to take Binance seriously as a candidate, then judge it on the mechanisms, not the name.

Proof of Reserves (PoR): what it proves, and what it does not

Proof of Reserves answers one specific question: are the coins users deposited actually being held in full by the platform? After the FTX collapse, Binance began publishing reserve ratios for major coins on a regular basis from late 2022, stating that user assets are held at no less than 1:1, with the snapshot data open to view on the Proof of Reserves page. The idea is straightforward: instead of asking you to trust a press release, it puts numbers on a page that anyone can look at.

Screenshot of the Binance Proof of Reserves page showing reserve ratios
The Binance Proof of Reserves page: view the audit snapshots and the Merkle-tree verification entry, with reserve ratios for major coins (captured from the Binance official site).

Its verifiability rests on a Merkle tree. The platform builds a Merkle tree of all users' balances and publishes the tree's root; after logging in, you can check whether your own account is included in that liability snapshot. In other words, you do not have to take Binance's spoken word for it, and can verify for yourself that your assets were genuinely counted into the total liabilities. In the post-FTX industry, that counts as a relatively high-transparency practice, and it is a meaningful improvement over the era when exchanges published nothing at all.

How to check your own inclusion

The self-check is more accessible than it sounds. On the Proof of Reserves page while logged in, there is an audit or verification entry that shows your account's record and balances as of the snapshot, along with a way to confirm those figures were folded into the published root. You do not need to run any cryptography by hand; the page walks you through it. Doing this once, even just to see how it works, is a good habit, because a mechanism nobody uses provides less real accountability than one people actually test.

Three limits of PoR, stated plainly

Treating PoR as an all-purpose guarantee is a misreading; it has at least three boundaries. First, it is a point-in-time snapshot: it proves assets were sufficient at the instant of the snapshot, and what happened between two snapshots is not visible from outside. A platform could, in principle, hold reserves on the day of the snapshot and not the day after, and the mechanism would not catch it. Second, it shows that assets match user liabilities, but that is not the same as a full financial audit. Whether the platform itself has outside borrowing, or off-balance-sheet liabilities, is a question this snapshot does not answer. Third, attributing ownership of the reserve addresses requires some trust; on-chain signatures and similar techniques ease this, but they cannot drive the trust requirement down to zero.

To put it in one line: PoR is markedly better than publishing nothing, but what it proves is assets, not the whole balance sheet. Hold both halves of that sentence at once. Someone who dismisses PoR as theatre is ignoring a real, checkable improvement; someone who treats it as a solvency certificate is reading in more than it says. The honest position sits between the two, and it is the position we take for the rest of this article.

The SAFU fund: a cushion for after something goes wrong

SAFU (the Secure Asset Fund for Users) is an emergency reserve Binance set up in 2018, meant to compensate users for losses in a platform-level security incident. It is funded by a portion of the platform's fee income set aside over time, Binance has published the fund's on-chain address, and its size is whatever its official page discloses at any given moment. The point of holding it in a visible, on-chain wallet is that outsiders can watch the balance rather than take its existence on faith.

This fund is not for show. The 2019 hack, detailed below, was covered out of it, and users came out whole. But the same boundary needs drawing here as everywhere else in this article. SAFU covers platform-side incidents like the exchange being breached; it does not cover losses from your own leaked password or a verification code you were tricked into handing over. The first case has a cushion behind it. The second, in almost all situations, you have to bear yourself.

That asymmetry is the whole reason we keep pushing readers toward the security settings. The fund protects you against a failure of the platform, which is rare; nothing protects you against a failure of your own habits except your own habits. It is also worth being sober about scale: a dedicated reserve can absorb an incident sized like 2019, but no fund is bottomless, and a hypothetical loss one or two orders of magnitude larger could test any cushion. SAFU is a genuine and unusual feature for an exchange to maintain, and it is still not an insurance policy that removes the platform's risk.

The regulatory record: the 2023 US settlement and what followed

This part is unavoidable, so here it is by the public facts. In November 2023, Binance reached a settlement with the US Department of Justice, the Treasury, and other agencies, admitting violations in anti-money-laundering and sanctions compliance, and agreeing to pay roughly USD 4.3 billion in penalties and forfeiture, one of the largest settlements the US has levied against the crypto industry. Founder Changpeng Zhao, known as CZ, personally pleaded guilty and stepped down as CEO, and subsequently served a short prison term in the United States in 2024. These are matters of public court record, and the specifics are as reported in the public coverage.

The direction after the settlement is public too, and worth stating carefully "per public reports" rather than as our own claim. Binance appointed a new CEO, Richard Teng, and per the agreement it operates under a multi-year compliance monitorship, and it has said it substantially expanded its compliance team and related spending. Across a number of jurisdictions, Binance has progressively obtained registrations or operating licences, with the exact list and regional availability as its official announcements state. US users, meanwhile, are served by the separate Binance.US entity, a distinct system from the global platform. Whether you can use Binance where you live, and to what degree, is something you can check against our Supported Countries guide.

How to read this piece of history

Our reading first: this is a real blemish, and also a blemish that has been dealt with. On the negative side, a USD 4.3 billion penalty is proof that during its years of rapid expansion Binance genuinely treated compliance as a debt it could defer, and that is not something the phrase "industry norm" can wave away. Compliance failures in anti-money-laundering controls are serious in their own right, and pretending otherwise would be dishonest.

On the other side, the nature of the settlement was "pay the fine, accept reform, keep operating," not a finding that Binance misappropriated customer assets or defrauded its users. The penalty points at defects in anti-money-laundering procedures, not at the safety of user funds themselves, and after the settlement the platform runs under monitorship, which in a sense means it is watched more closely now than before. Both readings are valid at the same time. Which one you weight more heavily depends on your own risk appetite, and that is a judgement we deliberately leave with you rather than make on your behalf.

One practical takeaway sits underneath both readings: regulatory status is the part of this picture most likely to keep changing. Licences get granted, monitorships end, rules in your own country shift. Treat any specific claim here, including this one, as accurate to when it was written, and let the official terms and announcements be the source of truth the day you actually decide.

The 2019 hack of about 7,000 BTC: a bad event, and how it was handled

The facts, in sequence. In May 2019, Binance suffered a security breach in which attackers, using phishing, viruses, and similar means, obtained the API keys and two-factor information of a number of users, and pulled roughly 7,000 bitcoin out of a hot wallet in a single withdrawal, worth about USD 40 million at the price of the day. It was a real, large theft from one of the biggest exchanges in the world, and it is a fact worth sitting with rather than glossing over.

The resolution: Binance covered the loss in full out of the SAFU fund, user assets were not harmed, and afterward it upgraded its withdrawal risk controls and wallet architecture. The information this event carries points both ways. It proves that "the platform gets hacked" is not an imaginary enemy; the hot wallet of a top exchange can be breached just like anyone else's. And it proves that, at least on that occasion, the cushion actually caught the fall.

The place to stay level-headed is the scale. That loss was a small fraction of Binance's bitcoin reserves at the time, so it could be absorbed. If an incident were two orders of magnitude larger, any fund might come up short, and there is no public commitment that guarantees full reimbursement for a loss of arbitrary size. Extrapolating "they reimbursed once" into "they can reimburse anything" does not hold. The honest lesson from 2019 is narrower and more useful: the platform can be attacked, a well-funded reserve made users whole that time, and neither of those facts tells you what would happen in a far worse scenario.

The fix also changed behaviour, not just the balance sheet. After 2019, the tightening of withdrawal controls and the reworked wallet setup are the kind of response you want to see, since an incident that produces concrete engineering changes is more reassuring than one a platform simply pays off and forgets. None of that makes the next breach impossible, but it does show the difference between a platform that treats a hack as a lesson and one that treats it as a cost of doing business.

Could it be the next FTX? Where it is alike and where it is not

Start with the framework. The core reason FTX collapsed was that it misappropriated customer assets to fund trading at an affiliated company, and the books were empty, and "are the customer assets there or not" is exactly the part Proof of Reserves tries to make visible from outside. So the key to this comparison is not size or fame, which FTX had in abundance, but the presence or absence of a transparency mechanism. Two exchanges can look equally large and reputable while differing entirely on whether an outsider can check the one thing that matters.

DimensionFTX (before collapse)Binance (current)
Proof of ReservesNone; asset position invisible to outsidersPublished regularly; users can self-verify with a Merkle tree
Emergency fundNoneSAFU, with a public address
Customer-asset misuseConfirmed at large scale after bankruptcyNo public evidence of it; PoR provides partial transparency
Regulatory statusOnly held to account after collapseSettled with US regulators; under compliance monitorship

By this table, Binance and pre-collapse FTX really do differ on the mechanisms that count: one lays a snapshot of its assets out for you to verify, the other showed nothing at all. That difference is not cosmetic, and it is the strongest single reason to think the two are not the same case.

But we have to finish the other half of the sentence. The limits of PoR, covered above, still apply: the periods between snapshots continue to rest on trust, and a determined bad actor has more room in the gaps than the reassuring headline suggests. More fundamentally, as long as your coins sit on any centralized platform, the private key is not in your hands, and that custody risk does not disappear because of which platform it is. "Not like FTX" is a judgement with evidence behind it. "Therefore absolutely safe" is a leap. We are willing to write the first; we are not willing to write the second, and you should be wary of anyone who is.

There is also a subtler trap in the comparison itself. FTX taught a lot of people to look for an exact repeat, a charismatic founder and a sister trading firm, when the next failure, if there is one, may not rhyme with the last. The durable lesson is not "avoid the things that looked like FTX" but "keep your exposure to any single custodian sized so that its failure, however it arrives, is survivable for you." That reframing is what the final section is built on.

How we do it: tier your money, do not outsource the judgement

The conclusion in one line: use Binance as a trading tool, not as a vault. In practice that breaks into three tiers, and the point of tiering is that no single failure can reach all of your money at once.

  1. Trading funds on the platform: the portion you need to buy, sell, and keep liquid stays on the exchange, where you get depth and convenience, which is what an exchange is genuinely for. Sizing this tier is a question of how actively you trade, not of how much you happen to own.
  2. Large, long-term holdings in self-custody: move these to a cold wallet (a hardware wallet) whose private key you control, and platform risk drops straight to zero. The cost has to be stated plainly: with self-custody, the entire responsibility is yours too, and if the seed phrase is lost or leaked, no support desk can save you. It is a different risk, not the absence of risk, and for some people the trade is worth it while for others it is not.
  3. Account protection first, always: no matter how much you keep on the platform, finish the security settings, two-factor authentication, an anti-phishing code, the withdrawal whitelist, before anything else, because these steps sharply lower the risk of a stolen account and block several of the most common attack routes. No single setting is foolproof (if your email is taken over, the withdrawal whitelist loses some of its bite), but together they are the highest-value defense you can put up.

Under those tiers sits a habit that costs almost nothing and is worth building. Every month or two, go back to the Proof of Reserves page and glance at whether the latest audit snapshot updated on schedule, and skim the official announcements for any service change affecting your region. A platform's risk profile is not fixed by a single assessment for all time; it moves with regulation and with how the business is run. Real security comes from re-checking on a schedule, not from the memory that "it was fine last time I looked." The whole framing of this article, splitting the question, reading the mechanisms, weighting the history, is built so that you can run that re-check yourself.

The reasoning and trade-offs of custody versus self-custody have free, structured courses at Binance Academy if you want to go deeper. And if, having weighed these facts, you decide to open an account to hold trading funds, you can register through this sign-up link, where the referral code BN03688 brings a fee discount (the rate is as shown on the sign-up page), and the full walkthrough is in our sign-up guide. That is our affiliate link, and whether or not you use it changes nothing about a single judgement above.

Frequently asked questions

Will Binance run off with the money?

No one can promise that for any platform. What can be said is that Binance's Proof of Reserves, the SAFU fund, and its post-settlement standing are all out in the open, watched by regulators and media worldwide, which makes running off far costlier and harder than for an obscure platform; but no centralized platform should be treated as an absolute vault, so leave room for that in how you size your positions.

Can Binance move the coins I keep there?

Proof of Reserves shows the major coins held at no less than 1:1 against user assets, and Binance states that user funds are kept separate from its own. But PoR is a point-in-time snapshot, and what happens between snapshots cannot be fully verified from outside, which is the shared trust boundary of all centralized custody. If that bothers you, move the part you will not touch for a long time into a self-custody wallet.

Can I still use Binance after the US fine?

Yes. After the 2023 settlement with the US Department of Justice and other agencies, the global platform kept operating, under a compliance monitorship per the agreement. Whether you can use it where you live depends on local regulation rather than that fine, which you can check against the supported countries list.

Can I verify Proof of Reserves myself?

You can verify part of it. After logging in, the Proof of Reserves page lets you check whether your account is included in the Merkle-tree liability snapshot, and shows the reserve ratios for major coins. But the periods a snapshot does not cover, and the platform's full liability picture, cannot be verified by an individual, which is the boundary of the PoR mechanism itself.

Large holdings: keep them on Binance or in a cold wallet?

For large holdings you will not touch for a long time, we suggest a self-custody cold wallet, where the private key is in your own hands and platform risk drops to zero; the cost is that the responsibility is all yours too, and no one can recover a lost seed phrase for you. Keep only what you need for trading and short-term turnover on the platform.

The hardest part of writing this kind of article is resisting two impulses: praising the platform as a treasury, or slamming it as a scam. Both are easy to write, and both are dishonest. Binance is a top exchange with real historical blemishes and real transparency mechanisms, suited to the role of a trading tool and not to the role of your entire net worth. The rest of the judgement is yours. If you see it differently, or find a factual error, write to [email protected]; we verify, correct, and log it in Corrections.

Sources

Public records cited in this article, verifiable yourself:

Done reading? Sign up for Binance and get 20% off fees

Register with our referral code BN03688 and get 20% off trading fees*. Tap the button below and the code comes along automatically.

BN03688
Sign Up with This Code

*Actual rate as shown on the Binance sign-up page and subject to change. See the affiliate disclosure.

Yizhou Xu

Lead writer at Mewbyt. In crypto since 2021, with enough tuition paid to the market to know where the potholes are. Every walkthrough here was done hands-on by us. If we got something wrong, call us out: [email protected].