Cybersecurity is of prime importance to Jimmy Zhigang Su — understandably so, since he is Binance’s Chief Security Officer.
Su was full of enthusiasm to talk about security and future strategies when he sat down with AltCoinDesk.com after an educational panel discussion at Future Blockchain Summit x Fintech Surge in Dubai. “I’m excited to be here,” he said. “Despite the 15-and-a-half-hour flight, I feel refreshed.”
Binance, the world’s largest cryptocurrency exchange, is a platform that not only processes billions in daily trading volume but also carries the responsibility of protecting its global user base. Behind its security operations is Su, a man who has spent the last five years anticipating, adapting, and defending against some of the most sophisticated threats in the digital finance ecosystem.
He spoke not just about defending against current attacks, but also about building resilience for the future of blockchain security.
What security means
Since joining Binance in 2020, Su has led the company’s efforts to protect one of the world’s largest exchanges. For him, security goes beyond technology — it’s about protecting users first.
“For me, ever since I joined Binance in 2020, the word security means protecting our users’ funds on our platform. It’s always one of the top metrics for our team to ensure there are no P0 security incidents on our platform. That’s always been a goal of ours.”
Threats as a learning curve
Over the years, Binance has faced and contained several security challenges, including the incident involving its official X account. Su says every event is treated as an opportunity to improve. The team trains to enhance security while also monitoring the access of each social media manager. They also rework methods to safeguard passwords and 2FA (Two-Factor Authentication).
“In the social media case, we need to further enhance how we can share this X account among all the social managers, but also in a secure way, safeguarding passwords and 2FA. That’s going to be a challenge for us, and we’re going to move forward and practice what we learned.”
Following the most recent breach attempt, Su emphasized that their protocols are strong, but practice and procedural refinement are a consistent process of improvisation.
“The protocols are already in place. It’s just that we need to further practice when there are several social managers managing the same account. We need to do it in both an effective, efficient way, but also in a secure manner.”
Collaboration across borders to increase efficiency
Binance has earned a reputation for being able to freeze or recover stolen digital assets — a capability few exchanges can accomplish at an average scale. Su attributes this success to the company’s ability to establish deep collaboration across borders and with law enforcement.
“We’re important partners with all the law enforcement in the different regions of the world, because almost 100% of fund recovery requires collaboration with law enforcement in order for us to do the fund recovery for the user,” he explains.
Su notes that the company focuses on strengthening its security protocols and offering forensic insights through on-chain data to assist law enforcement in their investigations. However, he emphasizes that the real success lies in collaborating with authorities to recover funds for the users.
“And over the years, we have seen that law enforcement has become more of an expert in this crypto and blockchain domain.”
Securing the CeFi–DeFi convergence
As blockchain ecosystems evolve, the boundaries between centralized finance (CeFi) and decentralized finance (DeFi) are fading fast, creating new risks alongside new opportunities. Su explained how Binance has built a dual-layered security structure to address both traditional and non-traditional (blockchain-specific) threats.
“I separate the security team at Binance into two parts. One is a Web2 part, covering areas a traditional internet company would have, such as network and endpoint security. But there’s a part especially for Web3, for example, the smart contract security that you mentioned.” Su further explained that Binance’s Web3 wallet is a key step in bridging the two worlds.
“We constantly scan all the new smart contracts that are coming up on the different L1 blockchains, and we apply our self-developed scanner on the smart contracts to find vulnerabilities and produce a risk metric to help our users navigate that landscape,” he added.
Empowering users with AI-driven security
The next frontier in crypto security begins with users themselves, Su noted.
“Based on the hacks, big and small, that we have seen, one of the things that needs to be improved in the crypto community is the security hygiene that our users are practicing, particularly their ability to handle DeFi wallets in a secure way,” he added.
Su notes that many DeFi wallets are evolving to offer better features that make users more effective and proficient in managing their own keys. Binance’s focus is on developing tools and features that not only help users secure their wallets but also allow them to use those wallets efficiently within the DeFi ecosystem.
Artificial intelligence is already playing a vital role in that mission, Su adds. AI played a pivotal role in detecting fake KYCs coming to the platform, alongside monitoring visible on-chain transactions.
“A lot of times AI can be used for us to detect risks in real time,” he added.
As Su concluded, his vision of security extends far beyond Binance’s walls, toward a safer, more unified blockchain ecosystem: “We need to provide the safety of Binance.com across all of our different products,” he said.
