Can I lock my account to only withdraw to specific addresses?
Yes — Profile → Security → Withdrawal allowlist. Adds a 24h cool-off when modifying the list, blocking takeover drainage.
What an allowlist does
A withdrawal allowlist restricts your account so withdrawals can only go to a pre-approved list of addresses. Even if your account is compromised, an attacker cannot withdraw to their own address — the system rejects it before broadcast.
This is the single highest-impact security control a high-balance account can enable.
Setup
- Profile → Security → Withdrawal allowlist → Enable
- Confirm with password + 2FA
- Add up to 10 addresses per coin/network. Label each (e.g. "Ledger BTC main", "Binance USDT TRC20")
- Save. The list is now locked.
The 24-hour cool-off
Adding a new address to the allowlist (or removing one) triggers a 24-hour cool-off before withdrawals are permitted to the new address. During the cool-off, you can still withdraw to existing addresses on the list.
This cool-off is the security feature: an attacker who gains temporary session access cannot add their own address and immediately drain funds — they have to wait 24 hours, during which you'll receive multiple email + push alerts about the change.
When to enable
- High balance accounts ($50K+) — should always be on
- Long-term accounts that withdraw to the same destinations regularly
- VIP Gold+ — your VIP host can help set it up
When NOT to enable
- If you withdraw to many one-time addresses (e.g. you're a heavy testing user)
- If your wallet rotates addresses on every receive (some privacy-focused setups)
In those cases, leverage 2FA + trusted devices + session management instead.
Disabling
Disabling the allowlist also triggers a 48-hour cool-off before any withdrawal goes through. Same logic: prevents instant takeover drainage.
What if I enabled it and lost access to ALL my allowlisted destinations?
Email support with KYC documents. We can manually disable the allowlist after a 7-day waiting period (the longer wait reflects the higher security expectation that comes with allowlist users). For VIP Gold+, your host can fast-track to 24 hours.
Combining with hardware key
Allowlist + hardware key 2FA + trusted devices off = the most paranoid configuration we offer. Used by most of our $1M+ balance accounts.
お役に立ちましたか?
152人の読者の95%が役に立ったと評価しました。
さらにサポートが必要ですか?
24/7 チームが 1 分以内に返信します。
関連記事
How do I enable two-factor authentication (2FA)?
Profile → Security → Enable 2FA. Use an authenticator app (Aegis, Google Authenticator, 1Password) — never SMS.
I withdrew to the wrong address — can you recover it?
If it's your own address (different wallet/exchange), retrieve it there. If it's someone else's address, the funds are unrecoverable.
How does Cinoslots store player funds?
98% of player funds are in offline cold storage with multi-sig. Hot wallet holds only what's needed for the next 24h of withdrawals.