A Binance abnormal login alert is an email sent from [email protected] (and sometimes a text message in some countries) stating something like, "Your account logged in from Country X, City X, IP XXX.XXX.X.X, Device XXX." These alerts mean the system has detected a login environment significantly different from your historical profile, requiring your proactive confirmation. If you confirm it was you, simply click "It's Me" as prompted; if not, immediately enter the emergency freeze process. You can view your full login history in the Security Center on the Binance Official Website. Using the Binance Official APP is the most reliable way to receive instant pushes, and iOS users can refer to the iOS Installation Tutorial to install the client.
I. Mechanism of Abnormal Login Alerts
Step 1: How the System Judges Abnormalities
The Binance risk control model evaluates five dimensions and gives a comprehensive risk score (0-100):
- Significant deviation of IP geographic location from history.
- Addition of new device fingerprints (browser, operating system, screen resolution).
- Login time deviating from habits (e.g., logging in at 3 AM).
- Number of incorrect password attempts.
- Proxy/VPN/Tor characteristics.
A score exceeding 60 points triggers an email/SMS alert, while a score over 80 points directly blocks the login and requires verification.
Step 2: Key Elements of the Alert
A standard abnormal login email contains: Login Time (UTC), IP Address, Country/City, Device Name, Browser UA, "It's Me" and "It's Not Me" buttons, and a one-time emergency freeze link.
II. Common Triggers
- New Phone Login: Logging out of an old phone and logging into a new one for the first time results in a new device fingerprint.
- Turning on or Switching VPN: A jump in location, such as from China to Japan/US.
- Clearing Browser Cache: Cookies are cleared, leading the risk control system to think it's a new device.
- International Travel: First login from hotel WiFi or airport WiFi.
- Office/Home Network Switch: IP changes when logging in from home after being at the office.
- Unauthorized Access: Login from a stranger's device when your password has been compromised. This is the scenario requiring high vigilance.
III. Triggers and Action Comparison Table
| Trigger Scenario | Action Required | Time Spent | Risk Level |
|---|---|---|---|
| Own new phone | Click "It's Me" | 30 seconds | Low |
| Own VPN use | Click "It's Me" + 2FA | 1 minute | Low |
| Own business trip | Click "It's Me" + Device Authorization | 3-5 minutes | Medium |
| Not me, stranger login | Freeze + Change Password + Reset 2FA | 10-30 minutes | High |
| Frequent abnormalities | Submit ticket for manual review | 24-72 hours | Extremely High |
| Simultaneous 2FA request email | Freeze immediately | 1-5 minutes | Extremely High |
IV. Full Three-Step Processing Flow
Scenario 1: Confirmed as Own Operation
Open the email and click the "It's Me" button, or log into the Security Center to add the device to the trusted list. The system will clear the risk flag within 30 seconds, but it's recommended to avoid large withdrawals for the next 24 hours to give the risk model time to adapt.
Scenario 2: Uncertain (e.g., family member logged in)
Do not click "It's Me" yet. Open the Binance APP, go to [Security Center → Login History], and verify the IP, time, and device. If it matches a family member's actual location, then click confirm. Do not click blindly, as it's hard to revoke once clicked.
Scenario 3: Confirmed as Not Me
Perform three emergency actions:
- Immediate Freeze: Click the emergency freeze link in the email or trigger the "Account Stolen" button in the APP.
- Forced Password Change: Change your email password first, then reset your Binance login password via the Security Center.
- Reset 2FA: Unbind the old Google Authenticator, re-bind to a new phone, and record the new recovery code for offline storage.
Scenario 4: Email Entered Spam Folder
Checking spam regularly is a necessary habit. It's recommended to whitelist [email protected] and [email protected]. Also, enabling push notifications in the Binance APP can prevent missing email alerts.
V. FAQ
Q: Is it normal to receive multiple abnormal login emails in one day? A: No. If you receive more than 3 in one day, it means someone is continuously trying to log into your account. Freeze your account immediately, change your email password, and check for password breaches (e.g., via haveibeenpwned).
Q: Can I revoke a "It's Me" click? A: Within 30 minutes, you can re-mark the record as "It's Not Me" in [Security Center → Login History]. After 30 minutes, it cannot be revoked, but you can still provide feedback via a support ticket for manual processing.
Q: What if I don't receive SMS alerts? A: International SMS to mainland China phone numbers may be delayed or blocked. It's recommended to use email alerts as the primary channel or enable push notifications in the APP. SMS alerts are essential for fiat card verification, but can be disabled for daily logins.
Q: What if my frequently used device always alerts as abnormal? A: Go to [Security Center → Device Management] and add the device to the "Trusted Devices" list. Subsequent logins from the same device will not trigger an alert. Trust defaults to 30 days and will alert again upon the first login after expiry.
Q: Do I need to recover assets after an abnormal login? A: If you only received an alert and the attacker did not successfully log in, your assets are at no risk. However, if you find asset reduction or receive withdrawal SMS alerts, you should follow the "Account Stolen" process rather than just handling the abnormal login alert.