Before Christmas, CZ sent customers an outstanding email with the Title “A message from our CEO”. It neatly outlines how their Hot and Cold Wallet systems are built at Binance.
We couldn’t find this excellent brief in the Binance Blog, so we wanted to do a ‘Retweet’ of sorts so that we and others can easily access this content in future. If Binance publishes this as a blog, we’ll link to it instead!
-- Jan 16 Update --
We got in touch with the Binance team who kindly clarified that this content was previously posted on their blog a month before. Here's the link:
from: Binance <do_not_reply [!AT!] mailersp2.binance.com>
to: REDACTED [!AT!] gmail.com
date: Dec 22, 2022, 10:21 AM (CET)
subject: A message from our CEO
For those of you who don't know me, my name is CZ and I am the CEO of Binance. I wanted to take this opportunity to answer a few follow-up questions from the community about how funds and wallets are managed at Binance.
First, two foundational facts:
- Binance holds all of its clients’ crypto-assets in segregated accounts which are identified separately from any accounts used to hold crypto-assets belonging to Binance.
- Binance uses Binance’s own wallet infrastructure to safeguard user assets and Binance’s own assets.
Let’s get into the details.
Deposit, Hot & Cold Wallets
First, it’s important to understand how wallets work in Binance. There are deposit wallets, one (or more) address per user per blockchain. You deposit to your deposit address. Our system monitors the blockchain and adds that balance to your account on Binance.com.
Once verified on chain, you can trade or spend those coins on Binance as you deem fit. Those coins may or may not move from that address right away. Binance periodically “sweeps” those coins into a hot (or cold) wallet. The logic behind why exchanges sweep tokens is to minimize the number of transactions and keep gas fees minimal - thus dramatically reducing user fees overall.
Generally speaking, large amounts will be swept more quickly, and we may wait for a few deposits to sweep the small amounts or wait for the network gas fees to be low to sweep. A key reason we remain so competitive is that methods like this keep gas costs low, savings we then pass on to our users with some of the lowest trading fees in the industry.
When users want to withdraw, our system sends them funds from the hot wallet and deducts the amount from their account balance. If the hot wallet gets below a certain amount, we replenish it from the cold wallet.
If the hot wallet gets too large from the sweeping, we will move some funds to a cold wallet, and process future sweeping directly to the cold wallet, again to reduce the number of transactions as well as gas fees.
There are certain exceptions when a large deposit comes in. In this scenario, we may sweep directly to the cold wallet. And when a large withdrawal is requested, we may process it directly from a cold wallet.
With that context, I hope you can see that other than instances of deposits and withdrawals, the sweeping and moving of funds between the deposit, hot and cold wallets are totally independent of user account balance updates.
When users trade on Binance, a tiny commission is deducted from each trade and moved to a Binance.com account owned by the Binance platform. This is Binance’s revenue. We use this to pay for operational costs, servers, vendors and our employees.
For amounts we don’t spend (profits), we just hold them in this account. Binance has been profitable in our operations since four months after our founding, and throughout the two bear markets we have experienced.
Binance invests significant resources in ensuring full compliance with all laws and regulations to which it is subject.
Accordingly, Binance holds all of its clients’ crypto-assets in segregated accounts. More specifically, Binance maintains “customer balances”, internal accounting (or ledger) entries within the Binance system which record customer entitlements to crypto-assets.
Each customer of Binance has an account/UID, which is a ledger-based (off-chain) account (or sub-account) within the Binance system that has a unique identifier (UID) and associated login credentials, against which the client’s balances are recorded.
This ensures that Binance at all times records crypto-assets belonging to its customers and distinguishes them from those crypto-assets which belong to Binance. Binance conducts a daily reconciliation of all crypto-assets that are held by Binance on behalf of its customers.
We only spend our own funds. We do not use client funds to deal on our own account.
In line with our commitment to ensuring full legal and regulatory compliance, Binance has also proactively commenced work to build segregated on-chain customer crypto-asset wallets in order to comply with this requirement under the forthcoming MiCA Regulation in Europe.
Why do we use Binance wallet infrastructure to safeguard user assets and Binance’s assets?
As one of the largest custodians of assets in the crypto space, security is at the top of our priority list. In order to enable this, we spend hundreds of millions of dollars on security, hiring the best people and employing the best technology. It is one of the single largest investments that we make each year.
We believe that our wallet infrastructure is one of the most secure in the industry and that Binance is the best place to safeguard crypto.
We have considered the use of third party wallet software. However, we have reviewed other wallet vendors and are much more confident in the security of our own ecosystem than what we have seen from other vendors.
Furthermore, creating a self-sufficient ecosystem has shielded Binance customers from being exposed to the types of contagion risk we have seen with the implosions of other industry players like Celsius, Voyager, and now FTX.
Last but not least, no other wallets or custodial solution handles the sheer variety of coins we support or hold.
For the reasons above, we safeguard our assets, as well as our customers’ assets, on Binance.
Hopefully, by this point, you see why the $1 billion Industry Recovery Initiative was sent via the Binance cold wallet. It was a large withdrawal from the Binance account, which resulted in processing from a cold wallet. And when we rebalance the $1 billion SAFU insurance fund, it may be processed from the hot or cold wallet.
How do you verify user assets are safe?
Merkle Tree proof-of-reserves is the best way. It allows you and every one of our users to verify your account balance is included in the final reconciliation with the total wallet balance. It is designed to ensure your funds are there. There is no way to fake it.
With blockchain technologies, we can make our industry far more transparent than traditional financial industries. Binance will continue to lead by example and move the industry forward.